News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients’ chests) that gives a patient’s heart
0 Comments
Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcing Android phone manufacturers to “illegally” tie its proprietary apps and
0 Comments
It’s an acronym that cries out for wordplay (SOAR above the hackers… SOAR into greater security…). But security orchestration, automation and response is a serious answer to a perilous threat environment. SOAR products collect threat information and respond to evidence of low-level threats without human intervention. They identify, prioritize and automate a security team’s incident
0 Comments
Editor’s note: In 2013, Michael Cobb wrote how sad it was that the same handful of web application vulnerabilities… still vexed information security professionals. It’s even sadder that, six years later, these same flaws continue to stymie efforts to educate developers and mitigate vulnerabilities in web applications. OWASP revised its list of vulnerabilities in 2017.
0 Comments
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and
0 Comments
The National Security Agency has a history of releasing its tools to open source and the latest in that lineup, a powerful reverse-engineering tool called Ghidra, has been embraced by infosec professionals after some initial hesitation.  Ghidra, the 35th piece of open source software made public by the NSA, is a modular, cross-platform, Java-based tool
0 Comments
If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it’s highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress,
0 Comments
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that
0 Comments
It has certainly been an interesting several months for container users. Late last year, we saw the emergence of CVE-2018-1002105, a privilege escalation vulnerability in Kubernetes that allows attackers to subvert the Kubernetes API to gain access to the attached resources. More recently, researchers published details about CVE-2019-5736 that described an issue in runC —
0 Comments
Cybersecurity researcher at Google’s Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS
0 Comments
Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter,
0 Comments
The United States’ National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency’s home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications. GHIDRA is a Java-based reverse engineering framework that features a graphical user
0 Comments
You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google’s Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability,
0 Comments
Application security strategy starts and ends in the software development lifecycle … at least, that’s what a lot of people say. It’s true that security is a large part of software development: From developing standards to modeling threats to testing for security flaws, it’s good to get — and keep — developers on board throughout
0 Comments
Google’s one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that
0 Comments
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of
0 Comments
Artificial intelligence continues to evolve, but most IT systems still need human intervention to stay operational. Threat actors face the same issue when controlling their malware. Consider the malware cyber kill chain. Its components have remained the same, but when you dig into the details, many aspects have changed, requiring enterprises to update their protections.
0 Comments
Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help