News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Cybersecurity researchers have discovered a new computer virus associated with the Stealth Falcon state-sponsored cyber espionage group that abuses a built-in component of the Microsoft Windows operating system to stealthily exfiltrate stolen data to attacker-controlled server. Active since 2012, Stealth Falcon is a sophisticated hacking group known for targeting journalists, activists, and dissidents with spyware
0 Comments
Maintainers of the PHP programming language recently released the latest versions of PHP to patch multiple high-severity vulnerabilities in its core and bundled libraries, the most severe of which could allow remote attackers to execute arbitrary code and compromise targeted servers. Hypertext Preprocessor, commonly known as PHP, is the most popular server-side web programming language
0 Comments
Trustwave has launched Trustwave Fusion — a cloud-based cybersecurity platform that aims to connect enterprises and government agencies to a security cloud comprising the Trustwave data lake, Trustwave SpiderLabs, advanced analytics, actionable threat intelligence and a range of security services and products. According to Trustwave, the platform gives security teams visibility into threats, and technologies
0 Comments
A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches
0 Comments
Many experts believe biometric authentication is the most convenient and secure authentication option, but IT professionals must be wary of certain flaws. The advantages of biometric authentication are intuitive and somewhat obvious: Users don’t have to remember passwords. Devices validate the user’s identity with a simple gesture, such as placing a finger on a scanner.
0 Comments
It’s been a summer of ransomware hold-ups, supply chain attacks and fileless attacks flying under the radar of old-school security. With malware running amok while we were lying on the beach, here’s a recap of the most burning strains and trends seen in the wild during the months of July and August 2019. Malware Evolution
0 Comments
The Incident Response (IR) services market is in accelerated growth due to the rise in cyberattacks that result in breaches. More and more organizations, across all sizes and verticals, choose to outsource IR to 3rd party service providers over handling security incidents in-house. Cynet is now launching a first-of-its-kind offering, enabling any Managed Security Provider
0 Comments
Security researchers discovered a set of vulnerabilities in Supermicro servers that could allow threat actors to remotely attack systems as if they had physical access to the USB ports. Researchers at Eclypsium, based in Beaverton, Ore., discovered flaws in the baseboard management controllers (BMCs) of Supermicro servers and dubbed the set of issues “USBAnywhere.” The
0 Comments
Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google’s Project Zero discovered earlier this year in the wild, involving at least five unique iPhone exploit chains
0 Comments
Cybersecurity researchers are always finding new, scary network attack techniques. But most defenders would get… the greatest benefit from understanding the most common wireless network attacks, because that’s what most attackers use. Blocking ordinary — but effective — attacks is mandatory before trying to deal with more uncommon advanced persistent threats. Even though many of
0 Comments
As data breaches and ransomware attacks continue to dominate the headlines, so too do stories about the shortage of trained information security professionals. There is a link: The cybersecurity skills shortage means that the skilled human assets needed to fight hackers’ increasingly sophisticated and damaging attacks are just not available, leaving everyone less safe. Recent
0 Comments
Cybersecurity researchers have discovered over 80 Magecart compromised e-commerce websites that were actively sending credit card information of online shoppers to the attackers-controlled servers. Operating their businesses in the United States, Canada, Europe, Latin America, and Asia, many of these compromised websites are reputable brands in the motorsports industry and high fashion, researchers at Aite
0 Comments
Tanner Harding Reporter, Products Content Published: 26 Aug 2019 Puppet has launched Puppet Remediate — its first vulnerability remediation product. The product aims to reduce the time from vulnerability detection to remediation by unifying infrastructure and vulnerability data, quickly identifying which infrastructure resources are being impacted and taking immediate action to remediate vulnerabilities. Key features
0 Comments
The number of reported data breaches is said to be doubling every 18 months. Many of those breaches are the result of unpatched PCs, servers, applications or network infrastructure equipment that allowed bad actors access. Breaches are a serious issue for enterprise organizations. The last thing business leaders want is to have their companies’ names
0 Comments
Silence APT, a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group’s most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost
0 Comments
In a move to protect its users based in Kazakhstan from government surveillance, Google and Mozilla finally today came forward and blocked Kazakhstan’s government-issued root CA certificate within their respective web browsing software. Starting today, Firefox and Chrome users in Kazakhstan will see an error message stating that the certificate should not be trusted when