News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Microsoft Exchange Server is a widely used email server application. Many utilities, as well as supporting tools and aids, have been developed for it. Considering how important email is to any organization, maintaining a secure Exchange server is an essential activity. Zero-day vulnerabilities on Exchange Server — not Exchange Online — that were exploited by
0 Comments
For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices. For organizations that work along the
0 Comments
A vulnerability in Fortinet’s Fortigate VPN is being exploited by Cring ransomware threat actors, according to a report published days after a Cybersecurity and Infrastructure Security Agency advisory warned that several FortiOS flaws were being utilized in cyber attacks. Kaspersky Lab’s ICS CERT, a project dedicated to industrial cybersecurity threats, released a report Wednesday showing
0 Comments
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology. APT34
0 Comments
Cybercrime is increasing at an alarming clip. Year after year billions of dollars are lost and millions of personal records stolen by online criminals. To counter this onslaught of cyber attacks, businesses and governments have come to count on equally cunning and dedicated cybersecurity professionals to protect them from attack. The scale and impact of
0 Comments
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. “Observed exploitation could lead in many cases to full control of the unsecured SAP application, bypassing common security and compliance controls, and enabling attackers to steal sensitive information, perform financial
0 Comments
U.S. Department of Homeland Security Secretary Alejandro Mayorkas outlined broad Biden-Harris administration plans to strengthen and speed improvements in national cybersecurity defense at a pre-RSA Conference webinar. But, whether private enterprises will be able to rely on DHS for practical, tangible cybersecurity assistance remains an open question. The DHS cybersecurity strategy Mayorkas outlined consists of
0 Comments
The data is in. According to IBM Security’s 2020 Cost of a Data Breach Report, there is a 50% increase in cloud usage for enterprises across all industries. The number of threats targeting cloud services, predominantly collaboration services like Office 365,hasi ncreased 630%. Moreover, 75% of respondents report that discovery and recovery time from data
0 Comments
In what’s likely to be a goldmine for bad actors, personal information associated with approximately 533 million Facebook users worldwide has been leaked on a popular cybercrime forum for free. The leaked data includes full names, Facebook IDs, mobile numbers, locations, email addresses, gender, occupation, city, country, marital status broken, account creation date, and other
0 Comments
Many enterprises rely on more than one security tool to protect their technology assets, devices, and networks. This is particularly true for organizations that use hybrid systems or a combination of cloud and local applications. Likewise, companies whose networks include a multitude of smartphones and IoT devices are likely to deploy multiple security solutions suitable
0 Comments
Companies planning to use vaccine credentials to reopen offices will face a new challenge that will require an all-teams-on-deck approach — how to manage vaccination data. That’s according to Heidi Shey, principal analyst at Forrester Research and co-author of the report “The opportunity, the unknowns, and the risks of vaccine passports in the workplace,” which
0 Comments
As many as five vulnerabilities have been uncovered in Ovarro’s TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. “Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition,” the U.S. Cybersecurity
0 Comments
The COVID-19 pandemic sparked a dramatic rise in online activity, including online purchases, learning and financial transactions. With the spike in internet traffic came an increase in internet fraud, and, on the other side, more use of fraud prevention technology. Jumio, an identity verification technology vendor, is among the fraud prevention companies seeing a boost
0 Comments
Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app
0 Comments
When it comes to dealing with an unplanned and potentially disruptive event that affects the security and integrity of an organization’s IT infrastructure, incident response plans are the first line of defense. Without an incident response plan in place, an organization’s response to an incident — especially a cyber attack — could be haphazard and
0 Comments
The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL
0 Comments
More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns
0 Comments
As organizations around the world face a constant and dynamic barrage of cybersecurity threats, the development of tools to accelerate security operations, automation and response, or SOAR, has rapidly increased. According to the FBI’s Internet Crime Complaint Center 2020 Internet Crime Report, cybercrime resulted in more than $4.2 billion in annual losses, and most infosec
0 Comments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE’s Universal Relay (UR) family of power management devices. “Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition,” the agency said in an advisory published