News

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it’s likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel, co-resident virtual machines, and even from Intel’s secured SGX enclave. Dubbed

Corporate data needs to be secure, private and protected. That’s obvious advice, but the steps organizations should take to prevent data security threats and keep their data safe from hackers are much less apparent. This article looks at some of the tactics — both old and new — hackers are using in their attempts to

Testing security controls is the only way to know if they are truly defending your organization. With many different testing frameworks and tools to choose from, you have lots of options. But what do you specifically want to know? And how are the findings relevant to the threat landscape you face at this moment? “Decide

What are the key considerations security decision-makers should take into account when designing their 2020 breach protection? To answer this, we polled 1,536 cybersecurity professionals in The State of Breach Protection 2020 survey (Download the full survey here) to understand the common practices, prioritization, and preferences of the organization today in protecting themselves from breaches.

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative

A new round of Citrix patches arrived Thursday for the vendor’s Application Delivery Controller and Gateway products as reports of ransomware attacks targeting vulnerable systems emerged. The directory traversal flaw allows an unauthenticated party to perform arbitrary code execution. Originally, the Citrix patches were scheduled for release later this month, but last week the vendor

Image credit: Times of Israel.Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud. The first website Burkov operated was an online marketplace for buying and selling stolen credit card and debit card

If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million “Customer Service and Support” (CSS) records on the Internet due to a misconfigured server containing logs of conversations

The iPhone of Amazon founder Jeff Bezos, the world’s richest man, was reportedly hacked in May 2018 after receiving a WhatsApp message from the personal account of Saudi crown prince Mohammed bin Salman, the Guardian newspaper revealed today. Citing unnamed sources familiar with digital forensic analysis of the breach, the newspaper claimed that a massive

By Authentication is the process of proving a user’s or machine’s digital identity. Users are authenticated when they provide some form of credential associated with their user ID. Authentication methods are necessary to protect sensitive data and applications from being accessed by unauthorized users. While authentication is a cybersecurity must, it is also a process

Imagine receiving an email from US VP Mike Pence’s official email account asking for help because he has been stranded in the Philippines. Actually, you don’t have to. This actually happened. Pence’s email was hacked when he was still the governor of Indiana, and his account was used to attempt to defraud several people. How

Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, “better late than never,” but since hackers don’t waste

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What’s so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component

Chris Young is out as McAfee CEO, and Peter Leav is in. McAfee appointed Leav to the role of CEO on Friday, succeeding Young, who “has decided to step down” according to a statement from the cybersecurity vendor. McAfee said Young will remain in an advisory role during the transition period and will become a

Internet Explorer is dead, but not the mess it left behind. Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it. The vulnerability, tracked

Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since last year, but now Apple

Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization’s IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of doing even more. They identify and quantify security risk, and can be used

After years of criticism from the infosec community about hoarding critical vulnerabilities, the National Security Agency may be changing course. The highlight of Microsoft’s first Patch Tuesday of 2020 is a vulnerability in the Windows cryptography core first reported to vendor by the NSA. The flaw in CryptoAPI DLL (CVE-2020-0601) affects Windows 10 and Windows

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience,

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It’s the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users. Moreover, none of the security

The ability of Iranian cyberattackers to do some serious damage to U.S. systems is not in doubt. They have crippled U.S. cities and businesses with ransomware attacks, malware that encrypts data until a ransom is paid. One question is whether HR security efforts are being deployed to respond to potential threats like this one. The

It’s now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix’s NetScaler ADC and

January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7

The California Consumer Privacy Act went into effect Jan. 1 but will not be enforced until July 1. Those in the customer experience realms of sales, marketing, e-commerce and customer service who’ve already created GDPR compliance plans are a good chunk of the way to CCPA compliance, experts say. CX teams who work for companies

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla’s website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a

TikTok, the 3rd most downloaded app in 2019, is under intense scrutiny over users’ privacy, censoring politically controversial content and on national-security grounds—but it’s not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated

IT security teams today struggle to make sense of the enormous amounts of data modern IT infrastructures generate and consume, while simultaneously prioritizing and responding to alerts. This enormous responsibility is one of the reasons why detection and remediation times are so poor. In fact, a malicious attack has an average lifecycle of 314 days

Landry’s, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers’ payment card information. Landry’s owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets with over 60 different brands such as Landry’s Seafood, Chart

As organizations start using more cloud services and resources, they end up with a staggering variety of cloud administrative consoles and interfaces they’re responsible for. These are known collectively as the cloud control plane. If not properly locked down, the cloud control plane could be vulnerable to a wide variety of attacks. There have been