News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
In 2014, the National Institute of Standards and Technology published version 1.0 of its “Framework for Improving Critical Infrastructure Cybersecurity.” Commonly known as the NIST Cybersecurity Framework, its development was in response to Presidential Executive Order 13636 in February 2013: Improving Critical Infrastructure Cybersecurity. Subsequent versions of the NIST CSF appeared in 2017 and 2018,
0 Comments
Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The initiative, called “Patch Rewards Program,” was launched nearly 6 years ago, under which Google rewards hackers for reporting
0 Comments
Advanced persistent threats (APTs) have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data and resources. According to Accenture, APTs have been organizing themselves
0 Comments
The cybersecurity of a company is heavily reliant upon the skills and knowledge of the people who install, manage, and operate its security products. This means that recruiting and nurturing the best security team possible should be a CISO’s top priority. Cynet’s Ultimate Cybersecurity Job Posting Templates (download here) provide a list of the main
0 Comments
Keeping your Windows Server and Windows desktop systems updated can be tricky, and finding missing patches in conventional ways might not be reliable. There are a few reasons why important security patches might not get installed. They could be mistakenly declined in Windows Server Update Services or get overlooked in environments that a lack an
0 Comments
Three members of an international organized cybercrime group that was behind a multi-million dollar theft primarily against U.S. businesses and financial institutions have been sentenced to prison, the U.S. Justice Department announced. The criminals used the GozNym banking Trojan to break into more than 4,000 victim computers globally, primarily in the United States and Europe,
0 Comments
Merging storage and security together effectively has been an elusive goal for many technology vendors over the years, but Clumio believes it has a winning formula — and one that can effectively mitigate ransomware threats. Clumio, a backup-as-a-service provider based in Santa Clara, Calif., recently celebrated $135 million in Series C funding. The startup was
0 Comments
If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system. Considering that Drupal-powered websites are among the
0 Comments
LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers. The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorizedly accessed its computer systems last month
0 Comments
Security researchers disclosed 54 vulnerabilities in Siemens industrial control systems and while many of the flaws are critical, only three patches are currently available. Of the 54 disclosed vulnerabilities, 19 affected Siemens ICS SPPA-T3000 application server and 35 affected the MS3000 migration server. Siemens said in its security advisory that three of the application server
0 Comments
Programming has five main steps: the identification and definition of the problem, the planning of the solution for the problem, coding of the program, testing, and documentation. It’s a meticulous process that cannot be completed without going through all the essential points. In all of these, security must be taken into account. As you come
0 Comments
Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world’s second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider. According to multiple reports from local media and social media, the police conducted searches and has also detained several
0 Comments
Attention WordPress users! Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions. Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers
0 Comments
A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow
0 Comments
Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare, the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups—APT34, also known as ITG13 and Oilrig,