SecurityWeek

Black Hat 2021: New CISA Boss Unveils Anti-Ransomware Collab With Big Tech

Security Week - 48 min 30 sec ago

Head of the U.S. government’s cybersecurity agency Jen Easterly introduced herself to the hacking community Thursday with a pledge to pursue transparent data sharing with the private sector and a call for “an ambitious national effort” to solve the cybersecurity skills shortage.

read more

Categories: SecurityWeek

Tech Titans Join US Cyber Team to Fight Ransomware

Security Week - 4 hours 11 min ago

US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers.

read more

Categories: SecurityWeek

Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment

Security Week - 6 hours 39 min ago

Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance.

read more

Categories: SecurityWeek

Iran-Linked Hackers Expand Arsenal With New Android Backdoor

Security Week - 7 hours 30 min ago

The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM’s X-Force threat intelligence team.

read more

Categories: SecurityWeek

Cisco Patches Critical Vulnerability in Small Business VPN Routers

Security Week - 9 hours 38 min ago

Cisco on Wednesday announced the release of patches for a critical vulnerability in small business VPN routers that could allow unauthenticated attackers to execute arbitrary code on affected devices.

read more

Categories: SecurityWeek

China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems

Security Week - 9 hours 54 min ago

A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems (ICS).

read more

Categories: SecurityWeek

Security is a Big Data Problem, and It's Getting Bigger

Security Week - 10 hours 49 min ago

Solving security's big data problem is about prioritized data flow, continuously processing data for analysis and translating and exporting it to create a single security infrastructure

read more

Categories: SecurityWeek

Researchers Analyze Chinese Malware Used Against Russian Government

Security Week - 12 hours 19 min ago

At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal.

read more

Categories: SecurityWeek

Oregon Examines Spyware Investment Amid Controversy

Security Week - Wed, 08/04/2021 - 10:10pm

The future ownership of an Israeli spyware company whose product has been used to hack into the cellphones of journalists, human rights workers and possibly even heads of state is up in the air.

read more

Categories: SecurityWeek

Black Hat Keynote: Mobile Platforms 'Actively Obstructing' Zero-Day Malware Hunters

Security Week - Wed, 08/04/2021 - 4:12pm

Prominent security practitioner Matt Tait kicked off the annual Black Hat security conference Wednesday with a call for platform vendors to make major technology changes to help cope with the surge in major software supply chain attacks.

read more

Categories: SecurityWeek

Senate Report: Federal Agencies Still Have Poor Cybersecurity Practices

Security Week - Wed, 08/04/2021 - 1:01pm

A bipartisan report released this week by the United States Senate’s Homeland Security and Governmental Affairs Committee shows that key government agencies have made little progress in terms of cybersecurity over the past two years.

read more

Categories: SecurityWeek

Advanced Technology Ventures Discloses Ransomware Attack

Security Week - Wed, 08/04/2021 - 11:32am

Silicon Valley venture capital firm Advanced Technology Ventures (ATV) this week announced that personal information of some of its private investors was stolen in a ransomware attack.

read more

Categories: SecurityWeek

New CISA and NSA Guidance Details Steps to Harden Kubernetes Systems

Security Week - Wed, 08/04/2021 - 9:56am

New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.

read more

Categories: SecurityWeek

ICS Vendors Address Vulnerabilities Affecting Widely Used Licensing Product

Security Week - Wed, 08/04/2021 - 9:31am

Industrial control systems (ICS) vendors and other organizations have published advisories to address a couple of serious denial of service (DoS) vulnerabilities affecting a widely used licensing and DRM solution made by Germany-based Wibu-Systems.

read more

Categories: SecurityWeek

Chinese Cyberspy Group APT31 Starts Targeting Russia

Security Week - Wed, 08/04/2021 - 8:03am

China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and — for the first time — Russia, according to enterprise cybersecurity firm Positive Technologies.

read more

Categories: SecurityWeek

Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions

Security Week - Wed, 08/04/2021 - 7:08am

A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties.

read more

Categories: SecurityWeek

Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors

Security Week - Wed, 08/04/2021 - 6:18am

Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology (OT) vendors. The vulnerabilities are collectively tracked as ​​INFRA:HALT.

read more

Categories: SecurityWeek

Google Patches High-Risk Android Security Flaws

Security Week - Tue, 08/03/2021 - 12:15pm

Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises.

read more

Categories: SecurityWeek

Mismanagement Driving Cybersecurity Skills Gap: Research

Security Week - Tue, 08/03/2021 - 12:09pm

“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”

read more

Categories: SecurityWeek

Pages