News

Cyber Security Reviews NEWS brings you the latest daily updates on trends and happenings around the globe.

0 Comments
Check Point Research uncovered an extensive malvertising campaign that has ties to legitimate online advertising companies. Check Point’s report, titled “A Malvertising Campaign of Secrets and Lies,” detailed how a threat actor group used more than 10,000 compromised WordPress sites and multiple exploit kits to spread a variety of malware, including ransomware and banking Trojans.
0 Comments
Ransomware has become a multimillion-dollar black market business for cybercriminals, and SamSam being a great example. New research revealed that the SamSam ransomware had extorted nearly $6 million from its victims since December 2015, when the cyber gang behind the ransomware started distributing the malware in the wild. Researchers at Sophos have tracked Bitcoin addresses
0 Comments
Symantec’s identity theft protection service, LifeLock, exposed millions of customers’ email addresses. According to security journalist Brian Krebs, the LifeLock vulnerability was in the company’s website, and it enabled unauthorized third parties to collect email addresses associated with LifeLock user accounts or unsubscribe users from communications from the company. Account numbers, called subscriber keys, appear
0 Comments
Researchers from Israel’s Ben-Gurion University of the Negev showed how a power cable could enable hackers to steal… data from air-gapped computers. What is this vulnerability, and how can it be exploited? PowerHammer is a proof-of-concept malware program the researchers created to take advantage of a vulnerability in power lines that enables attackers to exfiltrate
0 Comments
In this Q&A, David Finn, executive vice president of strategic innovation at CynergisTek, a cybersecurity consulting firm, shares his views on how the dwindling number of insured is affecting cybersecurity efforts in healthcare and how a solution lies in a commonsense approach to cybersecurity for healthcare programs. This interview has been edited lightly for length
0 Comments
Yet another bluetooth hacking technique has been uncovered. A highly critical cryptographic vulnerability has been found affecting some Bluetooth implementations that could allow an unauthenticated, remote attacker in physical proximity of targeted devices to intercept, monitor or manipulate the traffic they exchange. The Bluetooth hacking vulnerability, tracked as CVE-2018-5383, affects firmware or operating system software
0 Comments
The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information. Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language,
0 Comments
At Google Cloud Next ’18 convention in San Francisco, the company has introducedTitan Security Keys—a tiny USB device, similar to Yubico’s YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks. These hardware-based security keys are thought to be more efficient at preventing phishing, man-in-the-middle (MITM)
0 Comments
Following Apple’s lead in banning cryptocurrency mining apps, Google has also updated its Play Store policy this week to ban apps that mine cryptocurrencies on users’ devices in the background. However, there are countless cryptocurrency mining apps, including MinerGate, AA Miner, NeoNeonMiner, and Crypto Miner, still available on the Play Store. Cryptocurrency mining is not
0 Comments
Sen. Ron Wyden (D-Ore.) is once again advocating in favor of better cybersecurity for the U.S. government in a new letter asking that all government domains stop Adobe Flash use. Adobe Flash has long been under fire from the infosec community for security risks, and major web browsers have been moving away from the platform
0 Comments
The Ponemon Institute’s latest study on data breach costs highlights the rise of what it calls “mega breaches,” which are the worst types of security incidents in terms of costs and data exposed. The “2018 Cost of a Data Breach Study: Global Overview,” which was sponsored by IBM Security, details the cost enterprises incur after
0 Comments
Organizations have many concerns when it comes to employee travel, from reimbursements and company credit cards to hotel and flight arrangements. But IT should add mobile device security threats to the list. It’s easy for organizations with users that travel domestically or internationally to overlook mobile device security threats. These threat actors are not stereotypical
0 Comments
There is more to ransomware response than restoring data from known good backups. Having a comprehensive ransomware… incident response plan is crucial for information security programs — it can serve as the foundation of those programs — and every incident response plan should include a feedback loop to update the information security program when new
0 Comments
If IT professionals can master enterprise patch management — a vital cog in any security strategy — they can address many of their security challenges. Enterprise patch management is certainly nothing new, and almost every business struggles with it in some way. Just look at any of the annual security surveys — patching, or lack
0 Comments
The inability of many online services to keep their users’ passwords secure from cybercriminals, combined with… the inherent weaknesses of passwords as a means of authentication, are forcing governments and the IT industry to establish a viable, long-term replacement. The U.S. Commission on Enhancing National Cybersecurity hopes to see “no major breaches by 2021 in
0 Comments
It sounds great to be able to assess information from threats targeting organizations all around the globe and not just the ones coming directly at you. But threat intelligence tools, and the loads of data they deliver, can turn out to be about as useful as junk mail. Expensive junk mail. This handbook on global
0 Comments
Thank you for joining! Next-generation firewalls are integrated, hardware- or software-based, network security tools designed to detect and block sophisticated attacks. The NGFWs available on the market today can vary significantly from one another in many ways, including both price and the specific features provided. Choosing the best next-generation firewall requires careful study of the