Many of you might have this question in your mind: “Is it illegal to test a website for vulnerability without permission from the owner?” Or… “Is it illegal to disclose a vulnerability publicly?” Well, the answer is YES, it’s illegal most of the times and doing so could backfire even when you have good intentions.

European airplane maker Airbus admitted yesterday a data breach of its “Commercial Aircraft business” information systems that allowed intruders to gain access to some of its employees’ personal information. Though the company did not elaborate on the nature of the hack, it claimed that the security breach did not affect its commercial operations. So, there’s

Many organizations are scrambling to understand the California Consumer Privacy Act of 2018, which the California legislature passed in June 2018. It will go into effect beginning Jan. 1, 2020. The California attorney general is responsible for enforcing the law. The California Consumer Privacy Act (CCPA) gives California residents many new rights regarding how their

The United States Department of Justice (DoJ) announced Wednesday its effort to “map and further disrupt” a botnet tied to North Korea that has infected numerous Microsoft Windows computers across the globe over the last decade. Dubbed Joanap, the botnet is believed to be part of “Hidden Cobra“—an Advanced Persistent Threat (APT) actors’ group often

Have you ever lost your important files, like memories or official documents, accidentally or maliciously? Adding more… when you even do not have any backup for the same. Unfortunate, right? We’ve all been there. Just last week I formatted my computer and later found that I didn’t have any backup for some recently saved important

If you own an Apple device, you should immediately turn OFF FaceTime app for a few days. A jaw-dropping unpatched privacy bug has been uncovered in Apple’s popular video and audio call app FaceTime that could let someone hear or see you before you even pick up their call. The bug is going viral on

When shopping for a mobile threat defense tool, IT professionals must identify the issues the tool needs to address, including how and where their mobile users work and the types of attack surfaces they’re exposed to. IT pros must determine the risks that specifically apply to their users and what it will take to protect

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing that millions of users are making themselves vulnerable to cyber attacks by keeping

SIM swapping is reportedly on the rise. How do SIM swaps work, and what are the best ways to prevent it? Mobile phones are often an important part of two-factor authentication (2FA) processes, but they have certain security risks like ordinary single-factor password processes. For devices connected to cellular networks, SIM swaps can open a

It’s no secret that learning how to code is one of the most important things you can do when it comes to the beginning or furthering practically any career in programming and technology. The only problem a beginner often faces is that there are seemingly countless programming languages to choose from, which makes it exceedingly

Security researchers have discovered two separate malware campaigns, one of which is distributing the Ursnif data-stealing trojan and the GandCrab ransomware in the wild, whereas the second one is only infecting victims with Ursnif malware. Though both malware campaigns appear to be a work of two separate cybercriminal groups, we find many similarities in them.

When it comes to cybersecurity, how do you know if your organization is doing a good job? That question is harder to answer than you’d think. I’ve spent years asking CISOs what they consider success in cybersecurity, and the most common answer is: “My organization isn’t on the front page of The Wall Street Journal

China has blocked Microsoft-owned search engine Bing, the company confirmed after receiving complaints from users throughout the country who took to social media beginning late Wednesday to express concerns. So, Bing becomes the latest service to be shut down by Chinese government behind its so-called Great Firewall of China, which blocks thousands of websites originating

Beware! If you have downloaded PHP PEAR package manager from its official website in past 6 months, we are sorry to say that your server might have been compromised. Last week, the maintainers at PEAR took down the official website of the PEAR (pear-php.net) after they found that someone has replaced original PHP PEAR package

Researchers at cybersecurity vendor Endgame Inc. demonstrated a proof of concept for a new fileless attack technique at Black Hat 2018. The technique bypasses a Windows kernel protection feature called Driver Signature Enforcement. How does this attack work? The use of a fileless attack is often not fileless, and it may even have the ability

The French data protection watchdog CNIL has issued its first fine of €50 million (around $57 million) under the European Union’s new General Data Protection Regulation (GDPR) law that came into force in May last year. The fine has been levied on Google for “lack of transparency, inadequate information and lack of valid consent regarding

A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of

Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week, all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380

An enormous trove of email addresses and passwords from thousands of sources was sorted by security researcher Troy Hunt and added to his services Have I Been Pwned and Pwned Password, and warned that the data had been circulating on the dark web. According to Hunt, he was notified of a database hosted on file

Even after so many efforts by Google for preventing its Play Store from malware, shady apps somehow managed to fool its anti-malware protections and get into its service to infect Android users with malware. Two such Android apps have recently been spotted on the Google Play Store by security researchers with the Trend Micro malware

Twitter just admitted that the social network accidentally revealed some Android users’ protected tweets to the public for more than 4 years — a kind of privacy blunder that you’d typically expect from Facebook. When you sign up for Twitter, all your Tweets are public by default, allowing anyone to view and interact with your

Magecart strikes again, one of the most notorious hacking groups specializes in stealing credit card details from poorly-secured e-commerce websites. According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as “Magecart Group 12,” recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Magecart is the

Threat actors in China reportedly use a technique the NSA calls network shaping, which involves rerouting internet backbone traffic by hijacking Border Gateway Protocol routes to divert — and copy — U.S. internet traffic. What is network shaping and how can it be prevented? Network shaping, also known as traffic shaping, is a technique that

The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission’s EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online filing system wherein companies submit their financial filings. The system processes around 1.7 million

Security researchers have discovered three vulnerabilities in Systemd, a popular init system and service manager for most Linux operating systems, that could allow unprivileged local attackers or malicious programs to gain root access on the targeted systems. The vulnerabilities, assigned as CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866, actually resides in the “systemd-journald” service that collects information from

If your computer has been infected with PyLocky Ransomware and you are searching for a free ransomware decryption tool to unlock or decrypt your files—your search might end here. Security researcher Mike Bautista at Cisco’s Talos cyber intelligence unit have released a free decryption tool that makes it possible for victims infected with the PyLocky ransomware

Security researchers have identified a global DNS hijacking campaign, which they say is likely the work of Iranian hackers. According to researchers from FireEye’s Mandiant Incident Response and Intelligence team, the DNS hijacking campaign targeted entities for the past two years across the Middle East and North Africa, Europe and North America “on an almost

A simple DDoS attack could land you in jail for 10 years or even more. A Massachusetts man has been sentenced to over 10 years in prison for launching DDoS attacks against the computer network of two healthcare organizations in 2014 to protest the treatment of a teenager at the centers. Beyond serving 121 months

The widespread popularity of SaaS applications, BYOD and millions of unsecure IoT devices has effectively eliminated the notion of a hardened perimeter where IT and security organizations can control access to their sensitive data. Software-defined perimeter (SDP) technology makes users and devices invisible and inaccessible to outside attacks. An alternative to VPN technology, SDP can