News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that’s widely used to manage the database for websites created with WordPress, Joomla, and many
0 Comments
Encrypting web content is nothing new: It’s been nearly 20 years since the publication of the specification for encrypting web content by running HTTP over the Transport Layer Security protocol. However, running a secure encrypted web server has gone from an option to a virtual necessity in recent years. Attackers continue to seek — and
0 Comments
Whether organizations truly need a cybersecurity framework is one of the biggest questions that’s never really asked in information security. This is because some vendors focus on selling spot security products, an approach that doesn’t lend itself to encouraging enterprises to step back and look at security in the overall context of what they are
0 Comments
Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started rolling out to users worldwide this Wednesday, the Chrome 77.0.3865.90 version contains security patches for 1 critical and 3 high-risk security vulnerabilities, the most
0 Comments
It’s relatively easy to manage device encryption when there are only iOS devices in a mobile fleet. Apple provides a single encryption standard across all of the iOS devices it manufactures.  Android device encryption, however, depends on the version of Android the devices run, the OEM and device model, the hardware architecture and other factors.
0 Comments
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where botnets do not just launch DDoS or spam—they mine cryptocurrencies as well. Smominru, an infamous cryptocurrency-mining and credential-stealing botnet, has become one of the rapidly spreading computer
0 Comments
After nine years running, DerbyCon held its ninth and final show, and attendees and a co-founder looked back on the conference and discussed plans to continue the community with smaller groups around the world. DerbyCon was one of the more popular small-scale hacker conferences held in the U.S., but organizers surprised the infosec community in
0 Comments
The massive data breach at Capital One – America’s seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers’ accounts, has only reinforced the belief that the cloud remains the safest way to store sensitive data.
0 Comments
Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company’s DNA as even ARX in their name refers to the
0 Comments
The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical infrastructure. Besides this, the hacking groups have also been accused of stealing possibly hundreds of millions of dollars from financial institutions around the world to ultimately fund the North Korean government’s
0 Comments
Network bridges and switches are distinctly different, serving separate functions. A bridge is a point-to-point… connection joining two LANs using the same protocol, such as Ethernet. A switch is a multiport bridge that connects multiple clients and chooses the packet path on the network. Every switch is a bridge, but bridges are not truly switches.
0 Comments
It’s time for two important disciplines — business continuity and its related initiatives and cybersecurity — to collaborate better. Typically, cybersecurity and business continuity operate in different silos, but I’m keen to move them closer together, as they are both important elements of an organization’s resilience. For example, a cybersecurity event, which is initially addressed
0 Comments
CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail. Finding the right balance that enables them to clearly grasp the big picture required in making sound decisions is a task many security executives find challenging. Threat actors
0 Comments
Keeping a unified communications environment secure is no small task as the different communications tools that comprise a UC system have their own security needs. And organizations can’t push all the security responsibilities onto their UC vendor. Organizations must take steps to lock down their networks to support unified communications security. Learn how to build
0 Comments
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware
0 Comments
Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language
0 Comments
Trustwave has launched Trustwave Fusion — a cloud-based cybersecurity platform that aims to connect enterprises and government agencies to a security cloud comprising the Trustwave data lake, Trustwave SpiderLabs, advanced analytics, actionable threat intelligence and a range of security services and products. According to Trustwave, the platform gives security teams visibility into threats, and technologies
0 Comments
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches
0 Comments
Many experts believe biometric authentication is the most convenient and secure authentication option, but IT professionals must be wary of certain flaws. The advantages of biometric authentication are intuitive and somewhat obvious: Users don’t have to remember passwords. Devices validate the user’s identity with a simple gesture, such as placing a finger on a scanner.
0 Comments
It’s been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here’s a recap of the most burning strains and trends seen in the wild during the months of July and August 2019. Malware Evolution
0 Comments
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider
0 Comments
Security researchers discovered a set of vulnerabilities in Supermicro servers that could allow threat actors to remotely attack systems as if they had physical access to the USB ports. Researchers at Eclypsium, based in Beaverton, Ore., discovered flaws in the baseboard management controllers (BMCs) of Supermicro servers and dubbed the set of issues “USBAnywhere.” The