News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. While anomaly detection and reporting are the primary functions, some intrusion detection systems are capable of taking actions when malicious activity or anomalous traffic is detected, including blocking traffic sent from suspicious Internet Protocol (IP) addresses.
0 Comments
A new report published by cybersecurity researchers has unveiled evidence of Iranian state-sponsored hackers targeting dozens of companies and organizations in Israel and around the world over the past three years. Dubbed “Fox Kitten,” the cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and
0 Comments
By Securing, managing and monitoring an enterprise IT infrastructure requires meticulous planning. Rather than create a framework from scratch, there are several publicly available methodologies security leaders can adopt to benefit their own infosec programs. One of the more high-profile examples of available frameworks is known as the zero-trust model. This model differs from other
0 Comments
A popular WordPress theme plugin with over 200,000 active installations contains a severe but easy-to-exploit software vulnerability that, if left unpatched, could let unauthenticated remote attackers compromise a wide range of websites and blogs. The vulnerable plugin in question is ‘ThemeGrill Demo Importer‘ that comes with free as well as premium themes sold by the
0 Comments
Emotet, the notorious trojan behind a number of botnet-driven spam campaigns and ransomware attacks, has found a new attack vector: using already infected devices to identify new victims that are connected to nearby Wi-Fi networks. According to researchers at Binary Defense, the newly discovered Emotet sample leverages a “Wi-Fi spreader” module to scan Wi-Fi networks,
0 Comments
SCVX is on a mission to consolidate the vast cybersecurity vendor ecosystem overwhelming today’s CISOs. Last month, Strategic Cyber Ventures, a Washington, D.C.-based investment firm, launched the initial public offering (IPO) of SCVX, raising $230 million. SCVX is a special purpose acquisition company (SPAC) that was formed with the goal of acquiring cybersecurity vendors to
0 Comments
There are over a hundred potential ways hackers can ruin your life by having access to your WiFi network that’s also connected to your computers, smartphones, and other smart devices. Whether it’s about exploiting operating system and software vulnerabilities or manipulating network traffic, every attack relies on the reachability between an attacker and the targeted
0 Comments
Several Cisco-manufactured network equipments have been found vulnerable to five new security vulnerabilities that could allow hackers to take complete control over them, and subsequently, over the enterprise networks they power. Four of the five high-severity bugs are remote code execution issues affecting Cisco routers, switches, and IP cameras, whereas the fifth vulnerability is a
0 Comments
Can you imagine launching a global bug bounty platform with almost 500,000 submissions and 13,000 researchers without consuming a cent from venture capitalists? If not, this success story is for you. The once skyrocketing bug bounty industry seems to be not in the best shape today. While prominent security researchers are talking about a growing
0 Comments
The Mirai botnet has been a constant IoT security threat since it emerged in fall 2016. The subsequent release of its source code only extended Mirai’s reach and is one of the many reasons NetScout labeled it the “king of IoT malware.” While Mirai’s distributed denial-of-service capabilities aren’t anything researchers haven’t seen before, “when wielded
0 Comments
It may sound creepy and unreal, but hackers can also exfiltrate sensitive data from your computer by simply changing the brightness of the screen, new cybersecurity research shared with The Hacker News revealed. In recent years, several cybersecurity researchers demonstrated innovative ways to covertly exfiltrate data from a physically isolated air-gapped computer that can’t connect
0 Comments
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative (‘root’) privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a
0 Comments
Strong identity and access management procedures are critical as regulatory compliance rules and data fraud incidents persist. Yet, implementing and maintaining world-class IAM practices can be challenging as an organization’s data management needs increase in complexity. Security leaders said it becomes more challenging to maintain a strong IAM program as the complexity of the organization
0 Comments
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider (MSSP) market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t participated in the growing and profitable MSSP market as it entailed massive investments in building
0 Comments
Cybersecurity researchers have discovered a new critical vulnerability (CVE-2020-7247) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on
0 Comments
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile