Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Following reports that Chinese spies infiltrated the supply chain of servers assembled by Supermicro Computers Inc., the New York–based CYBERGYM has launched a new infrastructure-security combat training program. Driven by the belief that threats posed by these types of supply chain and infrastructure hacks are significant, CYBERGYM said it developed the training to help organizations
0 Comments
Having a lack of influence in the boardroom is one reason why 84% of CISOs in North America believe there is no way to avoid a cybersecurity breach, according to a new report from Kaspersky Lab. Results from the report What It Takes to Be a CISO: Success and Leadership in Corporate IT Security, an annual survey
0 Comments
You know what takes 17 minutes? Building a piece of Ikea’s 5-minute furniture. Walking one mile if you’re in decent shape. Making £500k (USD $569,000) if you’re Facebook. The Register crunched the numbers because that sliver of Facebook revenue – £500k (about $640k) – is how much the social media giant has been fined by
0 Comments
As the 2018 midterm elections near, many remain concerned about the security of election infrastructure at the national level, though Steve Grobman, CTO at McAfee, said the realistic security risk lies in an attacker tampering with information and targeting individual counties and states. “A realistic attack wouldn’t require mass voting manipulation or the hacking of
0 Comments
by John E Dunn Mozilla’s ambition to turn Firefox into the number one privacy browser was never going to be easy to pull off. Too few, or ineffective, controls and privacy becomes a benefit in name only. Too many blunt controls and there is a danger of making websites difficult to use in ways that
0 Comments
According to the 2019 Global ICS & IIoT Risk Report published by CyberX, cyber-criminals are increasingly targeting the vulnerabilities of industrial control systems (ICSs) and the industrial internet of things (IIoT).  The report reflects the findings from data captured over the past 12 months from more than 850 production ICS networks across all industrial sectors. While the
0 Comments
A study on the state of software security released today by CA Veracode evidenced improvements in DevOps security, suggesting that DevSecOps is facilitating better security and efficiency. While the report shows promise on the development side, it also analyzed flaw persistence and measured the longevity of flaws after the initial discovery. Though software security is improving,
0 Comments
Have you recently tried to ditch a mobile app, only to have it keep following you around? If so, you may be a victim of a new crop of uninstall trackers that go beyond letting app developers track bugs and poor user experience: they also let developers track app users “the instant” they give them the
0 Comments
While data breaches result in huge losses for the victims, criminals are cashing out on fraudulent purchases by working with deceitful communities that offer such services as shipping labels, according to Flashpoint. In today’s blog post, “Drop Networks, Label-Creation Services Sustain Shipments of Fraudulent Purchases,” analysts Luke Rodeheffer and Mike Mimoso detail the mechanics, methods
0 Comments
by John E Dunn Drupal’s maintainers have handed users of the popular content management system (CMS) some urgent patching homework in the form of five security vulnerabilities, including two rated ‘critical’. The headline here is simple: do not ignore Drupal updates or they’re likely to come back and bite you. Two critical flaws Both critical
0 Comments
Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM’s X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind mobile security operations center. With a focus on delivering response training and preparedness, onsite cybersecurity support and education and awareness,
0 Comments
Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile. An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin, jQuery File Upload, used
0 Comments
Security researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server and client share a state machine, so packets designed only to be processed by and update the client state can update the server
0 Comments
A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh. Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey
0 Comments
Despite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in a data breach, according to GazetteXtra. Between April 2008 and January 2009, electronic records containing social security numbers, dates of birth and
0 Comments
GreyEnergy, a subgroup of the advanced persistent threat (APT) group known as BlackEnergy, has been attacking the energy sector for the past three years, according to ESET. Back in December of 2015, when approximately 230,000 people suffered a blackout after the APT group BlackEnergy attacked a power grid in Ukraine, researchers at ESET reportedly detected
0 Comments
Supporters of President Trump who want to date like-minded individuals had Emily Moreno, a former aide to Sen. Marco Rubio, to thank for creating the Donald Dater app, but their gratitude might have fallen flat after their information was leaked on the day the app was launched. According to Time, Monero confirmed the leak was discovered on
0 Comments
by Lisa Vaas Were you one of the dozens of people who got a bizarre Twitter message yesterday? Does anyone know what this twitter notification could possibly mean? https://t.co/iY6hQNLOgy — Nigella Lawson (@Nigella_Lawson) October 16, 2018 The messages were a long string of what looked like random numbers and letters. They were so mystifying that
0 Comments
A new vulnerability discovered in Apple’s latest iOS, 12.0.1, released last week, allows an attacker with physical access to an iPhone entry into photos on a locked phone, according to Jose Rodriguez, a Spanish security researcher. While the bypass bug, reported by The Hacker News, does require that an attacker have physical access to an
0 Comments
by Louisa Hardwick Canberra’s US embassy accidentally exposed details of one of its more enticing get-togethers last week, after an employee distributed a meeting invite to an undisclosed number of email recipients, The Guardian reported. Gavin Sundwall, US Mission to Australia public affairs counsellor, was, however, unperturbed, by what he claimed was a “training error”:
0 Comments
An attack aimed at Central Asian diplomatic organizations, dubbed the Octopus Trojan, is able to disguise itself as a popular online messenger, according to researchers at Kaspersky Lab. The Trojan, a malicious program for Windows, has possible links to DustSquad, a Russian-language cyber-espionage actor that focuses on Central Asian users that Kaspersky researchers have been monitoring
0 Comments
by Paul Ducklin What is this Facebook breach? The breach was announced by Facebook itself on 28 September 2018. It worked something like this… Facebook has a View As feature that lets you preview your profile as other people would see it. This is supposed to be a security feature that helps you check whether
0 Comments
In analyzing global cybercrime patterns ThreatMetrix found that identity spoofing, fueled by stolen identity data, is the most prevalent attack vector for the gaming and gambling industry. Additionally, the Q2 2018 Gaming & Gambling Report discovered that location (IP) spoofing attacks increased 257% year-over-year, making it the fastest growing attack vector in the space. Because
0 Comments
On October 11, 2018, WikiLeaks published AmazonAtlas, a 20-page document from late 2015 containing the addresses and operational details for more than 100 of Amazon’s data centers, one of which indicates an affinity for the comedy of Jerry Seinfeld. In addition to revealing the information about the data centers, located in 15 cities across nine countries,