SecurityWeek

Watchdog: FEMA Wrongly Released Personal Data of Victims

Security Week - Sun, 03/24/2019 - 10:37am

The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.

read more

Categories: SecurityWeek

Cisco Patches High Severity Vulnerabilities in IP Phones

Security Week - Sat, 03/23/2019 - 1:39pm

Cisco this week released security patches to address high severity vulnerabilities in its IP Phone 8800 Series and IP Phone 7800 Series. 

A total of five vulnerabilities were addressed, all impacting the web-based management interface of Session Initiation Protocol (SIP) Software of IP Phone 8800 Series. 

read more

Categories: SecurityWeek

UK Police Federation Hit by Ransomware

Security Week - Fri, 03/22/2019 - 1:12pm

The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.

read more

Categories: SecurityWeek

Russian Hackers Target European Governments Ahead of Elections: FireEye

Security Week - Fri, 03/22/2019 - 1:08pm

Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports. 

read more

Categories: SecurityWeek

Industry Reactions to Norsk Hydro Breach: Feedback Friday

Security Week - Fri, 03/22/2019 - 12:37pm

Norwegian aluminum giant Norsk Hydro has been hit by a serious ransomware attack that caused disruptions at some of its plants and forced the company to turn to manual processes to fulfill customer orders.

read more

Categories: SecurityWeek

Microsoft Launches Defender ATP Endpoint Security for macOS

Security Week - Fri, 03/22/2019 - 11:43am

Microsoft Brings Defender Advanced Threat Protection to macOS

read more

Categories: SecurityWeek

D.C. Attorney General Introduces New Data Security Bill

Security Week - Fri, 03/22/2019 - 10:58am

Karl A. Racine, the attorney general for the District of Columbia, on Thursday announced the introduction of a new bill that aims to expand data breach notification requirements and improve the way personal information is protected by organizations.

read more

Categories: SecurityWeek

Observations From RSA Conference 2019

Security Week - Fri, 03/22/2019 - 7:00am

The RSA Conference is one of the premier events in the cybersecurity world. At times, it can be an overwhelming experience for vendors and attendees alike because of its massive scale and fast pace; however, it’s also a great opportunity for people like me to get insight into trends in the industry.

read more

Categories: SecurityWeek

Researchers Earn $270,000 for Firefox, Edge Hacks at Pwn2Own 2019

Security Week - Fri, 03/22/2019 - 2:30am

White hat hackers earned a total of $270,000 on the second day of the Pwn2Own hacking competition for demonstrating exploits against the Mozilla Firefox and Microsoft Edge web browsers.

read more

Categories: SecurityWeek

Threat Hunting Tips to Improve Security Operations

Security Week - Thu, 03/21/2019 - 3:33pm

From Ferdinand Magellan to Lewis and Clark to Neil Armstrong – humans have an innate desire to understand the unknown. In security operations, we see this phenomenon every day in several forms, one of which is threat hunting. Threat hunting is not triggered by an event, but by the unknown. It is the practice of proactively and iteratively searching for abnormal indications within networks and systems.

read more

Categories: SecurityWeek

Global Security Spend Set to Grow to $133.8 Billion by 2022: IDC

Security Week - Thu, 03/21/2019 - 1:48pm

Global spending on security-related hardware software and services will grow at a compound annual growth rate (CAGR) of 9.2% between 2018 and 2022, to a total of $133.8 billion in 2022. The figures come from the latest Worldwide Semiannual Security Spending Guide compiled by IDC.

read more

Categories: SecurityWeek

Facebook Stored Passwords of Hundreds of Millions Users in Plain Text

Security Week - Thu, 03/21/2019 - 12:53pm

Facebook today admitted to have stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users. 

read more

Categories: SecurityWeek

How Three of 2018's Critical Threats Used Email to Execute Attacks

Security Week - Thu, 03/21/2019 - 12:38pm

History Tends to Repeat Itself - Attackers Repurpose Tried and Tested Methods to Launch Attacks

read more

Categories: SecurityWeek

Multiple Vulnerabilities Patched in PuTTY and LibSSH2

Security Week - Thu, 03/21/2019 - 12:27pm

PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version 0.71 of PuTTY, and nine vulnerabilities fixed in version 1.8.1 of LibSSH2.

read more

Categories: SecurityWeek

Facebook Pays Big Bounty for DoS Flaw in Fizz TLS Library

Security Week - Thu, 03/21/2019 - 12:18pm

While Facebook’s bug bounty program does not typically cover denial-of-service (DoS) vulnerabilities, the social media giant has decided to award a significant bounty for a serious flaw affecting Fizz, its open source TLS library.

read more

Categories: SecurityWeek

FIN7 Hackers Use New Malware in Recent Attacks

Security Week - Thu, 03/21/2019 - 12:16pm

The financially-motivated hacking group FIN7 has used new malware samples in a recent attack campaign, Flashpoint security researchers warn. 

read more

Categories: SecurityWeek

Finland to Investigate Suspected Nokia Chinese Data Breach

Security Week - Thu, 03/21/2019 - 11:26am

Finnish authorities will launch an investigation into claims that Nokia phones have been transmitting users' personal data to China, the country's data protection ombudsman announced on Thursday.

read more

Categories: SecurityWeek

Securing Industrial IoT in the Modern World

Security Week - Thu, 03/21/2019 - 11:15am

Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft – you name it, they’ve seen it. But these ‘everyday’ attacks and the associated losses are only the tip of the iceberg when it comes to what could potentially happen in the future.

read more

Categories: SecurityWeek

Many Vulnerabilities Found in Oracle's Java Card Technology

Security Week - Thu, 03/21/2019 - 10:35am

Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology.

read more

Categories: SecurityWeek

Pages