News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Application security strategy starts and ends in the software development lifecycle … at least, that’s what a lot of people say. It’s true that security is a large part of software development: From developing standards to modeling threats to testing for security flaws, it’s good to get — and keep — developers on board throughout
0 Comments
Google’s one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential threats. Network infrastructures at most enterprises regularly generate enormous amounts of network data and logs on a daily basis that
0 Comments
Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of
0 Comments
Artificial intelligence continues to evolve, but most IT systems still need human intervention to stay operational. Threat actors face the same issue when controlling their malware. Consider the malware cyber kill chain. Its components have remained the same, but when you dig into the details, many aspects have changed, requiring enterprises to update their protections.
0 Comments
Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device. With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help
0 Comments
When you think about disaster recovery strategy, much of the context for planning revolves around the types of disasters you want to protect against. Natural disasters, IT failures and power outages usually top the list of threats. However, moving forward, the idea that a cyberattack may occur is likely going to take a more dominant
0 Comments
Threat actors can use firmware attacks on bare-metal cloud servers to easily gain persistent access to the hardware, according to new research from hardware security startup Eclypsium. The research showed how vulnerabilities in baseboard management controllers (BMCs) and weaknesses in the reclamation process of bare-metal cloud servers can allow attackers to add other malicious implants
0 Comments
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that
0 Comments
Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving
0 Comments
Odds are good that the winner of this year’s RSA Conference Innovation Sandbox will be a security automation player — because almost all of the finalists for this year’s competition for “most innovative startup” highlight security automation in some form or another. As has happened almost every year since 2005, Innovation Sandbox finalists will face
0 Comments
A team of cybersecurity researchers from the University of New Haven yesterday released a video demonstrating how vulnerabilities that most programmers often underestimate could have allowed hackers to evade privacy and security of your virtual reality experience as well as the real world. According to the researchers—Ibrahim Baggili, Peter Casey and Martin Vondráček—the underlying vulnerabilities,
0 Comments
VirusTotal introduced an enterprise version that provides a faster malware search feature and uses N-gram content searches to identify threats. What is an N-gram content search and why is it so important? The practice of identifying threats and sharing information about those threats with defenders was an extension of signature techniques that have long been
0 Comments
A vulnerable ConnectWise plugin led to several managed service providers being infected with GandCrab ransomware, but a new decryptor tool has provided relief for at least one of the victims. The vulnerable ConnectWise plugin was designed to sync data between the ConnectWise professional service automation software and the Kaseya VSA remote monitoring and management software.
0 Comments
Beware Windows users… a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software
0 Comments
A researcher recently discovered an info-stealer — dubbed Vidar — that is a part of a multi-payload and ongoing malvertising attack that also distributes GandCrab ransomware. How does this double attack work? Who is a target for the attack and how can it be mitigated? Malware infections haven’t changed much over time, even taking into
0 Comments
Microsoft recently announced that GitHub will now offer unlimited private code repositories for free. Will more private repositories help improve security for enterprises and limit things like accidental credential exposures on GitHub? Nothing on the internet, or really anywhere in life, is free. There’s always a cost somewhere or some sort of limitation. Some supposedly
0 Comments
Despite the increasing concern regarding online privacy and the growing number of security breaches, poor password practices continue to prevail in the enterprise. According to a new survey from the Ponemon Institute, 69% of respondents admitted to sharing passwords with their colleagues to access accounts and 51% said they reuse an average of five passwords