News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
An anonymous hacker with an online alias “SandboxEscaper” today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that’s his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year. Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could
0 Comments
CrowdStrike and NSS Labs have officially ended their two-year legal battle with a confidential settlement agreement. CrowdStrike, an endpoint protection vendor based in Sunnyvale, Calif., issued a statement to SearchSecurity Friday saying, “CrowdStrike and NSS Labs have resolved the lawsuits between them pursuant to a confidential settlement agreement.” The CrowdStrike-NSS Labs legal battle began in
0 Comments
Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process and store. 2018 saw a slew of data
0 Comments
Less than 24 hours after publicly disclosing an unpatched zero-day vulnerability in Windows 10, the anonymous hacker going by online alias “SandboxEscaper” has now dropped new exploits for two more unpatched Microsoft zero-day vulnerabilities. The two new zero-day vulnerabilities affect Microsoft’s Windows Error Reporting service and Internet Explorer 11. Just yesterday, while releasing a Windows
0 Comments
Serverless computing adopters have little knowledge of what underlying physical hardware and software providers use to support workloads. Enterprises adopting serverless, therefore, have little knowledge about the security of those systems. The abstraction of the serverless platform requires that software teams start thinking differently. There are four major points of serverless architecture security: the platform
0 Comments
A few days before the doors opened on SAP Sapphire Now 2019, SAP customers were likely alarmed by a Reuters headline that their systems are vulnerable to hackers. The SAP exploit was not new, but the potential damage to SAP systems and data was considerable. Onapsis Inc., a Boston-based security and compliance monitoring software company,
0 Comments
An executive order and cooperation from the Department of Commerce will effectively ban Huawei from dealing with U.S. businesses. Following months of lobbying by the White House, President Donald Trump signed an executive order late Wednesday aimed at “securing the information and communications technology and services supply chain.” In the executive order, Trump declared a
0 Comments
In a joint effort by several law enforcement agencies from 6 different countries, officials have dismantled a major global organized cybercrime behind GozNym banking malware. GozNym banking malware is responsible for stealing nearly $100 million from over 41,000 victims across the globe for years. GozNym was created by combining two known powerful Trojans—Gozi ISFB malware,
0 Comments
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre
0 Comments
In the world of enterprise IT, it’s not uncommon for people to incorrectly refer to the terms identity management with access management while in conversation. In reality, the two terms cover completely different areas. The main reason people get confused about an identity and access management framework is that the two processes work in tandem
0 Comments
At the company’s I/O 2019 developer conference, Google has announced its plan to introduce two new privacy and security-oriented features in the upcoming versions of its Chrome web browser. In an attempt to allow users to block online tracking, Google has announced two new features—Improved SameSite Cookies and Fingerprinting Protection—that will be previewed by Google
0 Comments
The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang (王 福 杰) and another hacker named John Doe with three different aliases—Deniel Jack, Kim
0 Comments
Most organizations are falling behind when it comes to addressing the cybersecurity skills shortage, a new study found. And the effects of the shortage are worsening. In its third year, the study conducted by the Information Systems Security Association (ISSA) and analyst firm Enterprise Strategy Group (ESG) surveyed 267 cybersecurity professionals worldwide. The cybersecurity skills
0 Comments
When evaluating an identity and access management platform, the benefits far outweigh any drawbacks. That said, only a few identity and access management risks need to be considered when designing an IAM implementation and ongoing maintenance processes. For example, it’s important to note that as you begin to centralize the management of usernames and authentication
0 Comments
Researchers from Chinese cybersecurity firm Qihoo 360’s NetLab have revealed details of an ongoing credit card hacking campaign that is currently stealing payment card information of customers visiting more than 105 e-commerce websites. While monitoring a malicious domain, www.magento-analytics[.]com, for over last seven months, researchers found that the attackers have been injecting malicious JS scripts
0 Comments
Cybercriminals are turning their attention away from consumers to focus on businesses, a recent report from Malwarebytes found. According to the “Cybercrime Tactics and Techniques Q1 2019” report, overall detections of enterprise security threats are rising steadily. While consumer detections declined by almost 40% from the final quarter of 2018, business detections increased by about