News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
An Iran-linked cyber-espionage group that has been found targeting critical infrastructure, energy and military sectors in Saudi Arabia and the United States two years ago continues targeting organizations in the two nations, Symantec reported on Wednesday. Widely known as APT33, which Symantec calls Elfin, the cyber-espionage group has been active since as early as late
0 Comments
CrowdStrike researchers recently uncovered evidence of increased collaboration between two sophisticated cybercrime groups, which could spell trouble for enterprises and security vendors. Earlier this month, CrowdStrike researchers observed the distribution of a new proxy module of the TrickBot malware that contains identical functionality to BokBot’s proxy module. Lunar Spider is an Eastern European-based threat group
0 Comments
Brace yourself guys. Microsoft is going to release its Windows Defender ATP antivirus software for Mac computers. Sounds crazy, right? But it’s true. Microsoft Thursday announced that the company is bringing its anti-malware software to Apple’s macOS operating system as well—and to more platforms soon, like Linux. As a result, the technology giant renamed its
0 Comments
A recent study uncovered the availability of SSL/TLS certificates on the dark web that are often packaged with crimeware services designed to help cybercriminals create malicious sites that appear safe. The study, which was conducted by researchers at the Evidence-Based Cybersecurity Research Group at Georgia State University and the University of Surrey, focused on the
0 Comments
The U.S. Department of Homeland Security Thursday issued an advisory warning people of severe vulnerabilities in over a dozen heart defibrillators that could allow attackers to fully hijack them remotely, potentially putting lives of millions of patients at risk. Cardioverter Defibrillator is a small surgically implanted device (in patients’ chests) that gives a patient’s heart
0 Comments
Google announced some major changes for its Android mobile operating system in October after the European Commission hit the company with a record $5 billion antitrust fine for pre-installing its own apps and services on third-party Android phones. The European Commission accused Google of forcing Android phone manufacturers to “illegally” tie its proprietary apps and
0 Comments
It’s an acronym that cries out for wordplay (SOAR above the hackers… SOAR into greater security…). But security orchestration, automation and response is a serious answer to a perilous threat environment. SOAR products collect threat information and respond to evidence of low-level threats without human intervention. They identify, prioritize and automate a security team’s incident
0 Comments
Editor’s note: In 2013, Michael Cobb wrote how sad it was that the same handful of web application vulnerabilities… still vexed information security professionals. It’s even sadder that, six years later, these same flaws continue to stymie efforts to educate developers and mitigate vulnerabilities in web applications. OWASP revised its list of vulnerabilities in 2017.
0 Comments
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and
0 Comments
The National Security Agency has a history of releasing its tools to open source and the latest in that lineup, a powerful reverse-engineering tool called Ghidra, has been embraced by infosec professionals after some initial hesitation.  Ghidra, the 35th piece of open source software made public by the NSA, is a modular, cross-platform, Java-based tool
0 Comments
If for some reason your WordPress-based website has not yet been automatically updated to the latest version 5.1.1, it’s highly recommended to immediately upgrade it before hackers could take advantage of a newly disclosed vulnerability to hack your website. Simon Scannell, a researcher at RIPS Technologies GmbH, who previously reported multiple critical vulnerabilities in WordPress,
0 Comments
Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide. Why? Because the WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks. The critical vulnerability (CVE-2018-20250) that
0 Comments
It has certainly been an interesting several months for container users. Late last year, we saw the emergence of CVE-2018-1002105, a privilege escalation vulnerability in Kubernetes that allows attackers to subvert the Kubernetes API to gain access to the attached resources. More recently, researchers published details about CVE-2019-5736 that described an issue in runC —
0 Comments
Cybersecurity researcher at Google’s Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher Jann Horn and demonstrated by Ian Beer, the vulnerability resides in the way macOS
0 Comments
Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group. Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement. Dubbed Operation Sharpshooter,
0 Comments
The United States’ National Security Agency (NSA) today finally released GHIDRA version 9.0 for free, the agency’s home-grown classified software reverse engineering tool that agency experts have been using internally for over a decade to hunt down security bugs in software and applications. GHIDRA is a Java-based reverse engineering framework that features a graphical user
0 Comments
You must update your Google Chrome immediately to the latest version of the web browsing application. Security researcher Clement Lecigne of Google’s Threat Analysis Group discovered and reported a high severity vulnerability in Chrome late last month that could allow remote attackers to execute arbitrary code and take full control of the computers. The vulnerability,