SecurityWeek
Watchdog: FEMA Wrongly Released Personal Data of Victims
The Federal Emergency Management Agency wrongly released to a contractor the personal information of 2.3 million survivors of devastating 2017 hurricanes and wildfires, potentially exposing the victims to identity fraud and theft, a government watchdog reported Friday.
Cisco Patches High Severity Vulnerabilities in IP Phones
Cisco this week released security patches to address high severity vulnerabilities in its IP Phone 8800 Series and IP Phone 7800 Series.
A total of five vulnerabilities were addressed, all impacting the web-based management interface of Session Initiation Protocol (SIP) Software of IP Phone 8800 Series.
UK Police Federation Hit by Ransomware
The UK Police Federation of England & Wales (PFEW) website was subject to a malware attack that it discovered on March 9, 2019. It appears that this was a ransomware attack; but the strain has not been announced.
Russian Hackers Target European Governments Ahead of Elections: FireEye
Hackers believed to be sponsored by the Russian government are targeting European governments for cyber-espionage purposes ahead of the upcoming European elections, FireEye reports.
Industry Reactions to Norsk Hydro Breach: Feedback Friday
Norwegian aluminum giant Norsk Hydro has been hit by a serious ransomware attack that caused disruptions at some of its plants and forced the company to turn to manual processes to fulfill customer orders.
D.C. Attorney General Introduces New Data Security Bill
Karl A. Racine, the attorney general for the District of Columbia, on Thursday announced the introduction of a new bill that aims to expand data breach notification requirements and improve the way personal information is protected by organizations.
Observations From RSA Conference 2019
The RSA Conference is one of the premier events in the cybersecurity world. At times, it can be an overwhelming experience for vendors and attendees alike because of its massive scale and fast pace; however, it’s also a great opportunity for people like me to get insight into trends in the industry.
Researchers Earn $270,000 for Firefox, Edge Hacks at Pwn2Own 2019
White hat hackers earned a total of $270,000 on the second day of the Pwn2Own hacking competition for demonstrating exploits against the Mozilla Firefox and Microsoft Edge web browsers.
Threat Hunting Tips to Improve Security Operations
From Ferdinand Magellan to Lewis and Clark to Neil Armstrong – humans have an innate desire to understand the unknown. In security operations, we see this phenomenon every day in several forms, one of which is threat hunting. Threat hunting is not triggered by an event, but by the unknown. It is the practice of proactively and iteratively searching for abnormal indications within networks and systems.
Global Security Spend Set to Grow to $133.8 Billion by 2022: IDC
Global spending on security-related hardware software and services will grow at a compound annual growth rate (CAGR) of 9.2% between 2018 and 2022, to a total of $133.8 billion in 2022. The figures come from the latest Worldwide Semiannual Security Spending Guide compiled by IDC.
Facebook Stored Passwords of Hundreds of Millions Users in Plain Text
Facebook today admitted to have stored the passwords of hundreds of millions of its users in plain text, including the passwords of Facebook Lite, Facebook, and Instagram users.
How Three of 2018's Critical Threats Used Email to Execute Attacks
Multiple Vulnerabilities Patched in PuTTY and LibSSH2
PuTTY, an SSH and Telnet client program, and LibSSH2, a client-side C library for the SSH2 protocol, have both received updates fixing multiple vulnerabilities. Eight vulnerabilities have been fixed in version 0.71 of PuTTY, and nine vulnerabilities fixed in version 1.8.1 of LibSSH2.
Facebook Pays Big Bounty for DoS Flaw in Fizz TLS Library
While Facebook’s bug bounty program does not typically cover denial-of-service (DoS) vulnerabilities, the social media giant has decided to award a significant bounty for a serious flaw affecting Fizz, its open source TLS library.
FIN7 Hackers Use New Malware in Recent Attacks
The financially-motivated hacking group FIN7 has used new malware samples in a recent attack campaign, Flashpoint security researchers warn.
Finland to Investigate Suspected Nokia Chinese Data Breach
Finnish authorities will launch an investigation into claims that Nokia phones have been transmitting users' personal data to China, the country's data protection ombudsman announced on Thursday.
Securing Industrial IoT in the Modern World
Manufacturing arguably offers the largest attack surface of almost any industry with regards to cybersecurity threats, and has long been a prime target for ‘everyday’ attacks like phishing, ransomware, data-theft – you name it, they’ve seen it. But these ‘everyday’ attacks and the associated losses are only the tip of the iceberg when it comes to what could potentially happen in the future.
Many Vulnerabilities Found in Oracle's Java Card Technology
Poland-based cybersecurity research firm Security Explorations claims to have identified nearly 20 vulnerabilities in Oracle’s Java Card, including flaws that could be exploited to compromise the security of chips using this technology.