SecurityWeek
Black Hat 2021: New CISA Boss Unveils Anti-Ransomware Collab With Big Tech
Head of the U.S. government’s cybersecurity agency Jen Easterly introduced herself to the hacking community Thursday with a pledge to pursue transparent data sharing with the private sector and a call for “an ambitious national effort” to solve the cybersecurity skills shortage.
Tech Titans Join US Cyber Team to Fight Ransomware
US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers.
Microsoft Launches JIT-Free 'Super Duper Secure Mode' Edge Browser Experiment
Security engineers at Microsoft plan to rip out a key performance feature from the Edge browser in an experiment aimed at better measuring the tradeoffs between security, optimization and performance.
Iran-Linked Hackers Expand Arsenal With New Android Backdoor
The Iran-linked hacking group named Charming Kitten has added a new Android backdoor to its arsenal and successfully compromised individuals associated with the Iranian reformist movement, according to security researchers with IBM’s X-Force threat intelligence team.
Cisco Patches Critical Vulnerability in Small Business VPN Routers
Cisco on Wednesday announced the release of patches for a critical vulnerability in small business VPN routers that could allow unauthenticated attackers to execute arbitrary code on affected devices.
China-Linked Cyberespionage Operation Suggests Interest in SCADA Systems
A cyberespionage group that appears to be based in China has been seen targeting critical infrastructure organizations in Southeast Asia, and the attackers may be interested in industrial control systems (ICS).
Security is a Big Data Problem, and It's Getting Bigger
Solving security's big data problem is about prioritized data flow, continuously processing data for analysis and translating and exporting it to create a single security infrastructure
Researchers Analyze Chinese Malware Used Against Russian Government
At least two Chinese cyberespionage groups targeted Russian federal executive authorities in 2020, security researchers with threat hunting and intelligence firm Group-IB reveal.
Oregon Examines Spyware Investment Amid Controversy
The future ownership of an Israeli spyware company whose product has been used to hack into the cellphones of journalists, human rights workers and possibly even heads of state is up in the air.
Black Hat Keynote: Mobile Platforms 'Actively Obstructing' Zero-Day Malware Hunters
Prominent security practitioner Matt Tait kicked off the annual Black Hat security conference Wednesday with a call for platform vendors to make major technology changes to help cope with the surge in major software supply chain attacks.
Senate Report: Federal Agencies Still Have Poor Cybersecurity Practices
A bipartisan report released this week by the United States Senate’s Homeland Security and Governmental Affairs Committee shows that key government agencies have made little progress in terms of cybersecurity over the past two years.
Advanced Technology Ventures Discloses Ransomware Attack
Silicon Valley venture capital firm Advanced Technology Ventures (ATV) this week announced that personal information of some of its private investors was stolen in a ransomware attack.
New CISA and NSA Guidance Details Steps to Harden Kubernetes Systems
New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.
ICS Vendors Address Vulnerabilities Affecting Widely Used Licensing Product
Industrial control systems (ICS) vendors and other organizations have published advisories to address a couple of serious denial of service (DoS) vulnerabilities affecting a widely used licensing and DRM solution made by Germany-based Wibu-Systems.
Chinese Cyberspy Group APT31 Starts Targeting Russia
China-linked hacking group APT31 has been using new malware in recent attacks targeting Mongolia, Belarus, Canada, the United States, and — for the first time — Russia, according to enterprise cybersecurity firm Positive Technologies.
Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions
A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties.
Vulnerabilities in NicheStack TCP/IP Stack Affect Many OT Device Vendors
Researchers have identified more than a dozen vulnerabilities in the NicheStack TCP/IP stack, which appears to be used by many operational technology (OT) vendors. The vulnerabilities are collectively tracked as INFRA:HALT.
Google Patches High-Risk Android Security Flaws
Google this week pushed out a security-themed Android update with fixes for more than 30 security flaws that expose mobile users to a range of malicious hacker attacks.
The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises.
Mismanagement Driving Cybersecurity Skills Gap: Research
“To some extent, this data supports the theory that the cybersecurity skills shortage is related to mismanagement rather than a dearth of qualified candidates or advanced skills.”