News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
A security researcher with Twitter alias SandboxEscaper today released proof-of-concept (PoC) exploit for a new zero-day vulnerability affecting Microsoft’s Windows operating system. SandboxEscaper is the same researcher who previously publicly dropped exploits for two Windows zero-day vulnerabilities, leaving all Windows users vulnerable to the hackers until Microsoft patched them. The newly disclosed unpatched Windows zero-day
0 Comments
Another day, another data breach. This time it’s the United States National Aeronautics and Space Administration (NASA) NASA today confirmed a data breach that may have compromised personal information of some of its current and former employees after at least one of the agency’s servers was hacked. In an internal memo sent to all employees
0 Comments
The Logitech Options app, which configures the company’s mice and keyboards in Windows, relies on an ineffective authentication mechanism that enables malicious webpages to execute code on a victim’s machine. Tavis Ormandy, vulnerability researcher with Google’s Project Zero, found the flaw in the Logitech Options app when he tried to rebind a button on his
0 Comments
“Profit is sweet, even if it comes from deception,” the playwright Sophocles wrote. Over two millennia later, the ancient Greek’s words still ring true. Or perhaps they need just a tweak — because now those “sweet” profits come because of deception. Deception technologies, that is. The market for deception security tech is expected to boom
0 Comments
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a use-after-free flaw resides in Flash Player that, if exploited successfully, allows an
0 Comments
Hold tight, this may blow your mind… A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability. The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles
0 Comments
The troubles for Facebook continued this week with a trove of internal emails as part of an investigation in the U.K. Parliament revealing questionable data practices, including Facebook’s Android app permissions being designed to gather data without users knowing. Despite a U.S. federal judge ruling that the emails should be sealed, Damian Collins, chairman of
0 Comments
Australia’s House of Representatives has finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The Australian government argues the new legislation is important for national
0 Comments
Stratecast/Frost & Sullivan Information security, network security, cybersecurity: The industry is flooded with terms to describe how enterprises secure their network data. While the experience of wading through a mishmash of terminology to describe a specific operation or function is not limited to the networking industry, the use of various terms complicates the process of
0 Comments
Looking for an automated malware analysis software? Something like a 1-click solution that doesn’t require any installation or configuration…a platform that can scale up your research time… technology that can provide data-driven explanations… well, your search is over! Israeli cybersecurity and malware researchers today at Black Hat conference launch a revolutionary machine learning and artificial
0 Comments
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations
0 Comments
Researchers found new vulnerabilities in Intel products that are similar to the Spectre vulnerabilities. How are the L1TF vulnerabilities similar to Spectre and how are they different? A third critical security vulnerability in Intel processors was discovered in 2018. This time the vulnerability was discovered by two research groups working independently: the imec-DistriNet Research Group
0 Comments
It seems as though not a day goes by without news spreading over another major cyber attack. Hackers are becoming increasingly efficient at targeting everything from small startups to Fortune 500 companies and even entire government agencies, and as the world moves further away from traditional types of warfare and more toward engaging in all-out
0 Comments
Mitre has entered the security product testing and evaluation fray, and the organization is using its Mitre ATT&CK framework to judge vendors. Seven vendors of endpoint detection and response (EDR) products submitted their endpoint security products to Mitre for evaluation testing. The objective of the evaluation was to demonstrate how the endpoint detection and response
0 Comments
The world’s biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests. Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts,
0 Comments
Multinational computer technology company Dell disclosed Wednesday that its online electronics marketplace experienced a “cybersecurity incident” earlier this month when an unknown group of hackers infiltrated its internal network. On November 9, Dell detected and disrupted unauthorized activity on its network attempting to steal customer information, including their names, email addresses and hashed passwords. According
0 Comments
The Department of Justice Tuesday announced the indictments of eight people accused of running massive ad fraud schemes that were disrupted by an FBI-led botnet takedown. The 13-count indictment, which was unsealed in a federal court in Brooklyn, charged six Russian nationals and two Kazakhstan citizens with crimes including wire fraud, computer intrusion, aggravated identity