News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Security researchers gathered in Austin, Texas, this week for yet another Pwn2Own hacking competition, racking up more than $1 million in rewards for their exploit demonstrations. The latest edition of the iconic hacking contest has seen a specific focus on network-attached storage (NAS) boxes as well as routers, with mobile phones and printers also on
0 Comments
Ukraine’s premier law enforcement and counterintelligence agency on Thursday disclosed the real identities of five individuals allegedly involved in cyberattacks attributed to a cyber-espionage group named Gamaredon, linking the members to Russia’s Federal Security Service (FSB). Calling the hacker group “an FSB special project, which specifically targeted Ukraine,” the Security Service of Ukraine (SSU) said
0 Comments
Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability “can be exploited locally or remotely within a network to
0 Comments
A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks. Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The
0 Comments
Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from
0 Comments
Microsoft on Thursday disclosed details of a new vulnerability that could allow an attacker to bypass security restrictions in macOS and take complete control of the device to perform arbitrary operations on the device without getting flagged by traditional security solutions. Dubbed “Shrootless” and tracked as CVE-2021-30892, the “vulnerability lies in how Apple-signed packages with
0 Comments
By What is shoulder surfing? Shoulder surfing is using direct observation techniques, such as looking over someone’s shoulder, to get information. Shoulder surfing is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN at an
0 Comments
12 people have been detained as part of an international law enforcement operation for orchestrating ransomware attacks on critical infrastructure and large organizations that hit over 1,800 victims across 71 countries since 2019, marking the latest action against cybercrime groups. The arrests were made earlier this week on October 26 in Ukraine and Switzerland, resulting
0 Comments
What is risk appetite and how is it different from risk tolerance? Risk appetite is the amount of risk an organization is willing to take in pursuit of objectives it deems have value. Risk appetite can also be described as an organization’s risk capacity, or the maximum amount of residual risk it will accept after
0 Comments
Twitter detailed its process for onboarding 100% of employee accounts with physical Yubico security keys in a blog post Wednesday. The post comes a little over a year after last summer’s Twitter hack, in which attackers used a social engineering attack that granted access to administrative systems and tools within the company. Through this access,
0 Comments
More data than ever before is being put into cloud-based storage repositories. Leading cloud providers offer an array of storage options, yet databases remain the most common choice in today’s enterprises. Because databases are updated so frequently, it’s important to review their security controls regularly. When it comes to cloud databases, organizations have two options:
0 Comments
Cybersecurity is often viewed as a technical and complex field. Few realize, however, that cybersecurity also focuses on how people work and the way they think. “No matter what background you come from, you’ll have skills and knowledge that are hugely valuable to cybersecurity,” said Jessica Barker, co-CEO and co-founder of cybersecurity consulting group Cygenta.
0 Comments
A “potentially devastating and hard-to-detect threat” could be abused by attackers to collect users’ browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system “Gummy Browsers,” likening it to a nearly 20-year-old “Gummy Fingers” technique that can impersonate
0 Comments
As public engagement with digital content continues to rise, consumers and businesses are increasingly more reliant on technology platforms. The anonymity of our digital world makes it difficult to know who is behind the screen. This gray space gives would-be fraudsters an opening to threaten both businesses and consumers directly, especially in the realm of
0 Comments
The Russian-led REvil ransomware gang was felled by an active multi-country law enforcement operation that resulted in its infrastructure being hacked and taken offline for a second time earlier this week, in what’s the latest action taken by governments to disrupt the lucrative ecosystem. The takedown was first reported by Reuters, quoting multiple private-sector cyber
0 Comments
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the
0 Comments
Listen to this podcast Security researchers criticized the Apple Security Bounty program and claimed the company ignored bug reports, denied bounty payments and silently patched vulnerabilities. This week’s Risk & Repeat podcast discusses the infosec community’s growing discontent with Apple’s bug bounty program and what it could mean for the technology giant. Several security researchers
0 Comments
A new malware campaign targeting Afghanistan and India is exploiting a now-patched, 20-year-old flaw affecting Microsoft Office to deploy an array of commodity remote access trojans (RATs) that allow the adversary to gain complete control over the compromised endpoints. Cisco Talos attributed the cyber campaign to a “lone wolf” threat actor operating a Lahore-based fake
0 Comments
IT teams struggle to develop adequate security strategies with the multitude of devices on ever-expanding corporate networks. Protecting IoT investments is critical for business survival and growth, yet IoT security presents unique challenges. A machine learning (ML) approach to IoT security can address some of these challenges. It solves the issue of identifying unknown devices
0 Comments
An effective cybersecurity strategy can be challenging to implement correctly and often involves many layers of security. Part of a robust security strategy involves performing what is known as a penetration test (pen test). The penetration test helps to discover vulnerabilities and weaknesses in your security defenses before the bad guys discover these. They can
0 Comments
A newly disclosed vulnerability affecting Intel processors could be abused by an adversary to gain access to sensitive information stored within enclaves and even run arbitrary code on vulnerable systems. The vulnerability (CVE-2021-0186, CVSS score: 8.2) was discovered by a group of academics from ETH Zurich, the National University of Singapore, and the Chinese National
0 Comments
IoT is no longer a buzzword but is regarded as a vital step toward connected infrastructure. IoT integration can improve many daily tasks, and therefore, the technology has made its way into almost every industry across the world. A network of interconnected electronic devices falls under the umbrella of IoT. The devices not only add