News & Commentary
Latest Content
|
GDPR Drives Changes, but Privacy by Design Proves Elusive
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
Attackers Are Messing with Encryption Traffic to Evade Detection
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.
Microsoft Builds on Decentralized Identity Vision
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
Introducing the Digital Transformation Architect
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
Two Ransomware Recovery Firms Typically Pay Hackers
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
Windows 10 Migration: Getting It Right
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
Website Attack Attempts Rose by 69% in 2018
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
Resolution Requires Cybersecurity Training for Members of Congress
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
A single flaw allowed attackers — thought to be linked to a government — to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
Uniqlo Parent Company Says Hack Compromised 461,091
Fast Retailing Co. reports cyberattackers accessed accounts registered to its Japanese Uniqlo and GU brand websites.
Baltimore Ransomware Attack Takes Strange Twist
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
Missing in Action: Cybersecurity Professionals
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
Effective Pen Tests Follow These 7 Steps
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Why AI Will Create Far More Jobs Than It Replaces
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
Korean APT Adds Rare Bluetooth Device-Harvester Tool
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.
Thrangrycat Claws Cisco Customer Security
A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
Attacks on JavaScript Services Leak Info From Websites
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.
Poorly Configured Server Exposes Most Panama Citizens' Data
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
78% of Consumers Say Online Companies Must Protect Their Info
Yet 68% agree they also must do more to protect their own information.
How Open Testing Standards Can Improve Security
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
Demystifying the Dark Web: What You Need to Know
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
Microsoft SharePoint Bug Exploited in the Wild
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.
How We Collectively Can Improve Cyber Resilience
Three steps you can take, based on Department of Homeland Security priorities.
Symantec CEO Greg Clark Steps Down
Exec shake-up comes amid earnings drop in financial report.
Hackers Still Outpace Breach Detection, Containment Efforts
Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage.
Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group
Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.
US DoJ Indicts Chinese Man for Anthem Breach
Fujie Wang allegedly worked as part of a hacking team out of China that stole information on nearly 80 million Americans in the massive healthcare breach.
Nation-State Breaches Surged in 2018: Verizon DBIR
The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.
How the Skills Gap Strains – and Constrains – Security Pros
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
New Initiative Aims to Fast-Track Women into Cybersecurity Careers
'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.
How to Close the Critical Cybersecurity Talent Gap
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
Sectigo Buys Icon Labs to Expand IoT Security Platform
End-to-end IoT security product aims to give manufacturers, systems integrators, and businesses a means to harden device security.
Fighting Back Against Tech-Savvy Fraudsters
Staying a step ahead requires moving beyond the security techniques of the past.
2018 Arrests Have Done Little to Stop Marauding Threat Group
In fact, FIN7's activities only appear to have broadened, according to a new report.
DeepDotWeb Operators Indicted, Website Seized by the FBI
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
Social Engineering Slams the C-Suite: Verizon DBIR
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
FBI: Cybercrime Losses Doubled in 2018
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
The Fine Line of Feedback: 6 Tips for Talking to Security Pros
Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.
US States with the Worst Consumer Cyber-Hygiene
Ranking based on consumers' cybersecurity practices - or lack thereof.
Baltimore City Network Struck with Ransomware Attack
Government employees are working to determine the source and severity of a cyberattack that forced most city servers offline.
Orgs Are Quicker to Disclose Breaches Reported to Them Via External Sources
Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.
How a Chinese Nation-State Group Reverse-Engineered NSA Attack Tools
New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.
The Dark Web Is Smaller Than You Think
The number of live, accessible .onion sites amounts to less than 0.005% of surface web domains, researchers report.
The Big E-Crime Pivot
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
Better Behavior, Better Biometrics?
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
Attackers Add a New Spin to Old Scams
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-7068
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
From DHS/US-CERT's National Vulnerability Database CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This