No Smoking Gun Tying Russia to Spear-Phishing Attack, Microsoft Says

Not Enough Evidence That Russians Are Behind Recent Spear-Phishing Attack, Microsoft Says There is not enough evidence to attribute a recent wave of spear-phishing emails impersonating personnel at the United...
Continue reading
0 Comments

M2M Protocols Expose Industrial Systems to Attacks

MQTT and CoAP protocols
Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by...
Continue reading
0 Comments

Fake iOS Fitness Apps Steal Money

A series of iOS applications posing as fitness-tracking tools have been stealing users’ money by abusing the Touch ID feature, ESET has discovered.  The trick used by the fake fitness...
Continue reading
0 Comments

Firmware Security Firm Eclypsium Raises $8.75 Million

Eclypsium platform dashboard
Eclypsium, a Portland, OR-based company that specializes in firmware security, on Tuesday announced that it raised $8.75 million in an oversubscribed Series A funding round. The latest funding round, which...
Continue reading
0 Comments

Australia Set to Pass Sweeping Cyber Laws Despite Tech Giant Fears

Australia's two main parties struck a deal Tuesday to pass sweeping cyber laws requiring tech giants to help government agencies get around encrypted communications used by suspected criminals and terrorists....
Continue reading
0 Comments

Cybersecurity Storms: Visibility is Key to Cyber Protections

Security Teams Need to Maintain Packet-level Visibility Into All Traffic Flowing Across Their Networks The most destructive disaster is the one you do not see coming. Before modern meteorology, settlers...
Continue reading
0 Comments

Critical Privilege Escalation Flaw Patched in Kubernetes

A critical privilege escalation vulnerability has been found in Kubernetes, the popular open-source container orchestration system that allows users to automate deployment, scaling and management of containerized applications. The vulnerability,...
Continue reading
0 Comments

Quora Data Breach Hits 100 Million Users

Quora hacked
The popular question-and-answer website Quora informed users on Monday that their information may have been stolen after someone gained unauthorized access to its systems. Quora said it discovered the breach...
Continue reading
0 Comments

Israeli Firm Rejects Alleged Connection to Khashoggi Killing

An Israeli company known for its sophisticated phone surveillance technology on Monday rejected accusations that its snooping software helped lead to the killing of Saudi journalist Jamal Khashoggi. The NSO...
Continue reading
0 Comments

Phishing Campaign Delivers FlawedAmmyy, RMS RATs

A new campaign delivering various remote access Trojans (RATs) is likely the work of a known Dridex/Locky operator, Morphisec security researchers warn. Dubbed Pied Piper, the campaign targets users in...
Continue reading
0 Comments

Flaws in Siglent Oscilloscope Allow Hackers to Tamper With Measurements

Vulnerabilities found in Siglent SDS1000X-E Series Super Phosphor Oscilloscope
Researchers discovered that an oscilloscope from Siglent Technologies is affected by several potentially serious vulnerabilities that could allow hackers to tamper with measurements. The flaws were identified by SEC Consult...
Continue reading
0 Comments

XS-Search Flaw Found in Google's Issue Tracker

A security flaw recently discovered in Google’s Monorail open-source issue tracker could be exploited to perform a Cross-Site Search (XS-Search) attack, a security researcher says.   Monorail, the issue tracking...
Continue reading
0 Comments

Collaboration and Information Sharing Should Also Happen Internally

We often discuss the importance of external collaboration and information sharing in security. Frequently overlooked, however, is the importance of also collaborating and sharing information internally among the various teams...
Continue reading
0 Comments

Knowing Value of Data Assets is Crucial to Cybersecurity Risk Management

Knowing the True Value of Data Assets Will Improve Cyber Security and Promote Meaningful Cyber Insurance Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when...
Continue reading
0 Comments

Schumer Says Marriott Should Pay to Replace Hacked Passports

Sen. Charles Schumer says Marriott hotel officials should pay for new passports for customers whose passport numbers were hacked as part of a massive data breach . The New York...
Continue reading
0 Comments

Lenovo Pays $7.3 Million to Settle Superfish Adware Lawsuit

Lenovo has agreed to pay $7.3 million to settle a consumer class action lawsuit related to the Superfish adware scandal from 2015. Back in February 2015, experts revealed that a...
Continue reading
0 Comments

Espionage, ID Theft? Myriad Risks From Stolen Marriott Data

The data stolen from the Marriott hotel empire in a massive breach is so rich and specific it could be used for espionage, identity theft, reputational attacks and even home...
Continue reading
0 Comments

Lawsuits Filed Against Marriott Over Massive Data Breach

Several lawsuits have been filed against Marriott International shortly after the hotel giant disclosed a data breach impacting as many as 500 million customers. Marriott reported on Friday that one...
Continue reading
0 Comments

Russian Hackers Use BREXIT Lures in Recent Attacks

Infamous Russia-linked cyber-espionage group Sofacy used BREXIT-themed lure documents in attacks on the same day the United Kingdom Prime Minister Theresa May announced the initial BREXIT draft agreement with the...
Continue reading
0 Comments

Kaspersky's U.S. Government Ban Upheld by Appeals Court

Kaspersky’s appeal against the US government ban rejected
The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday. The court said Kaspersky...
Continue reading
0 Comments