Security

Cyber Security Reviews – Security will bring to our readers whats happening on the Security scene around the world.

0 Comments
Without any notable opposition to the Senate’s version of the bill, the House agreed to a reorganization of the Cybersecurity and Infrastructure Security Agency (CISA) Act earlier this week, according to FCW.  Replacing the National Protection and Programs Directorate, the new agency will oversee the cybersecurity of federal computer systems and will be a government liaison
0 Comments
Despite the session’s name, “Two Points of View: Collaboration and Disclosure: Balancing Openness About Cyber Security with Managing Risk and Reputation,” panelists at today’s Infosecurity North America conference were actually in agreement about sharing threat intelligence.  Moderated by Joseph Gittens, director, standards, Security Industry Association, the panelists explored the different channels by which information can and
0 Comments
Whether it’s a question of to whom the CISO reports or quantifying what the CISO is actually responsible for, the role has changed over time, leaving many wondering how to balance the competing demands of IT, security, innovation and compliance.  In the final panel that closed out the second annual Infosecurity North America conference in
0 Comments
by John E Dunn Cybercriminals have returned to old-school manual hacking tactics to boost the efficiency of targeted extortion, according to research conducted for the SophosLabs 2019 Threat Report. Ransomware attacks are nothing new, but well known examples like CryptoLocker or WannaCry have tended to be opportunistic and indiscriminate. To penetrate their targets they rely on
0 Comments
Black Friday Sales! Hurry! https://securgadget.com/discount/SECURGADGET30 About www.SecurGadget.com Security today is an integral part of the well-being of our family, friends and colleague. To protect ourselves, our homes, cars and offices are usually equipped with some form of physical detection or intrusion systems. This has given rise to the demand of security gadgets. In turn, more
0 Comments
Nordstrom is the latest victim in a long line of data breaches suffered across the retail sector, according to The Seattle Times. The Seattle-based retailer suffered a data breach in which a wide range of personal information was exposed. In addition to disclosing employee names, their Social Security numbers and dates of birth, checking account and
0 Comments
by Paul Ducklin Here at Naked Security, we’ve written about steganography before. Steganography is a fascinating trick for sending secret messages – and it’s intriguingly different from cryptography, even though the two techniques are often lumped together as if they were the same. Simply put, cryptography scrambles messages so that only the intended recipient can
0 Comments
To more accurately assess the threats of cyber vulnerabilities, the National Institute of Standards and Technology (NIST) has partnered with IBM to use Watson’s artificial intelligence (AI) with scoring bugs. The Common Vulnerabilities and Exposures (CVE) system assigns publicly known security vulnerabilities a score based on the severity of the flaw. The Common Vulnerability Scoring System
0 Comments
The National Cybersecurity and Communications Integration Center (NCCIC), part of the Department of Homeland Security (DHS), has issued a US-CERT alert for the JBoss Verify and EXploitation (JexBoss) tool, an open-source tool often used by red teams. According to the alert, malicious actors are using JexBoss to test and exploit vulnerabilities not only in the
0 Comments
Cryptocurrency mining has become a fairly easy way to manufacture currency, and according to Trend Micro, a new cryptocurrency-mining malware uses evasion techniques, including Windows Installer, as part of its routine. In the cryptocurrency miner identified as Coinminer.Win32.MALXMR.TIAOODAM, researchers noted the use of multiple obfuscation and packing routines. The malware leverages the Windows platform, and though it
0 Comments
by Paul Ducklin This week: hyperthreading considered harmful, how to avoid lock screen hacks, and what happens when cryptocurrency exchanges implode. With Anna Brading, Paul Ducklin, Mark Stockley and Matthew Boddy. LISTEN NOW (Audio player above not working? Download MP3, listen on Soundcloud or access via iTunes.) If you enjoy the podcast, please share it
0 Comments
In addition to its 2014 attack on Sony Pictures, the Lazarus Group, also known as Hidden Cobra, has been attacking the ATMs of Asian and African banks since 2016, and today Symantec revealed that the group has been successful in its “FASTCash” operations by first targeting the banks’ networks. “The operation known as ‘FASTCash’ has enabled Lazarus,
0 Comments
A WordPress design flaw could grant an attacker remote code execution, leading to a privilege escalation in WooCommerce and other WordPress plugins, according to RIPS Technologies. In a 6 November blog post, researchers said that if the vulnerability is exploited, it would give shop managers – employees of the store that can manage orders, products and
0 Comments
On November 5, Symantec announced that it acquired Appthority and Javelin Networks in an effort to enhance its endpoint security solutions, adding key technology integrations to Symantec’s Integrated Cyber Defense Platform. Through its acquisition of Appthority, Symantec will enable its customers to analyze mobile apps and identify malicious behaviors and vulnerabilities. Building Appthority’s technology into Symantec
0 Comments
Studying Android’s November security bulletin, you’ll notice that there’s a fair amount to patch. In total, there are 36 vulnerabilities assigned a CVE, and another 17 relating to Qualcomm components rather than Android itself. Within Android, four rated are critical and 13 rated as high. If there’s a standout it might be CVE-2018-9527, simply because it’s
0 Comments
Malicious browser extensions have been blamed for the theft of private messages and data from 81,000 Facebook users recently discovered for sale on a cybercrime forum. According to the BBC Russian Service investigation, samples of the data were discovered in September being hawked for 10 cents per account on an English-language forum with Russian connections.
0 Comments
Researchers found two vulnerabilities that could impact popular wireless access points and compromise enterprise networks if exploited, according to TechCrunch. The pair of bugs were reportedly found in chips built by Texas Instruments. Networking device makers such as Aruba, Cisco and Meraki commonly build the Bluetooth Low Energy chips into their line-up of enterprise wireless access points. While the
0 Comments
by Lisa Vaas Anonymous Coward, in commenting on a report from The Register about vulnerabilities that expose people’s browsing histories, pithily sums up potential repercussions like so: Sweetheart, whats this ‘saucyferrets.com’ site I found in your browsing history? If you value your privacy and your ferret predilections, be advised that in August, security researchers from
0 Comments
Iran’s critical infrastructure and strategic networks were attacked with what is reportedly a more sophisticated variant of the decade-old Stuxnet attack, according to Reuters. Iran’s head of civil defense agency, Gholamreza Jalali, told reporters that the newly discovered next-generation of Stuxnet that was trying to enter the systems consisted of several parts. At a live