News

CSO  >  Botnet
5G mobile wireless network technology / connections

COVID-19 coronavirus / network of vectors

New coronavirus-era surveillance and biometric systems pose logistical, privacy problems

Governments and companies are using biometrics and geolocation to identify and track potential coronavirus victims in the name of public safety.

Zoom video conferencing  >  One user connected via laptop showing a grid of remote participants.

Weakness in Zoom for macOS allows local attackers to hijack camera and microphone

Zoom's use of insecure system APIs allow attackers to elevate privileges as well.

CSO  >  danger / security threat / malware / biohazard symbol in data center / servers

Attack campaign hits thousands of MS-SQL servers for two years

Newly discovered Vollgar attack uses brute force to infect vulnerable Microsoft SQL servers at a high rate.

Malicious USB dongle / memory stick / thumb drive with skull icon

Cybercriminal group mails malicious USB dongles to targeted companies

Shown as a proof-of-concept in 2014, this is the first known use of the BadUSB exploit in the wild.

A binary map of china.

Chinese hacker group APT41 uses recent exploits to target companies worldwide

APT41 has compromised devices and applications from Cisco, Citrix and Zoho across many industries worldwide at a time when many companies are less able to respond.

Social engineering  >  Laptop user with horns manipulates many social media accounts

Virtual security conferences fill void left by canceled face-to-face events

Notable members of the infosec community are creating impromptu but highly popular virtual events using cheap, off-the-shelf tools.

Statue of Lliberty as a digital framework / New York / binary code

New York's SHIELD Act could change companies’ security practices nationwide

SHIELD Act provisions broaden the scope of consumer privacy and place requirement on protecting personal data for organizations that collect information on New York residents.

Coronavirus (COVID-19)

Coronavirus: What companies are ready for our new reality?

One class of companies is already equipped to work in a fully distributed employee model. Another going to have a difficult time adapting to most employees having to work from home. Some won’t survive if this lasts more than a few...

United States national government cybersecurity  >  Diverse hands surround/protect the U.S. Capitol.

Cyberspace Solarium report calls for layered cyber deterrence, defend forward strategy

The intergovernmental commission outlines the steps needed to defend the United States from modern cybersecurity threats.

CSO  >  ransomware / security threat

Deloitte: 8 things municipal governments can do about ransomware

Deloitte researchers explain why state and local governments are favored for ransomware attacks and how they can protect themselves with limited resources.

interoperable gears / integrated tools / interoperability

Open-source options offer increased SOC tool interoperability

Too many security tools in your SOC, and none of them talk to each other, but new vendor-supported open-source projects might lead to greater interoperability.

Intel CPU  >  security

New CPU attack technique can leak secrets from Intel SGX enclaves

The Load Value Injection attack can bypass security boundaries and mitigations put in place for other CPU vulnerabilities such as Spectre and Meltdown.

backdoor / abstract security circuits, locks and data blocks

Is the EARN-IT Act a backdoor attempt to get encryption backdoors?

New bipartisan US legislation to fight online child exploitation incentivizes companies to drop end-to-end encryption, critics say.

Intel CPU  >  security

Intel CSME flaw is unpatchable, researchers warn

Researchers reveal that a previously known Intel flaw is unpatchable and could allow attackers to compromise the cryptographic chain of trust in Intel systems.

binary eye circuits

Authentication, identity management start-ups lead 2019 VC investing

Cybersecurity venture investments reached nearly $7 billion in 2019. Authentication and identity management start-ups were the top lures.

5G mobile wireless network

5G security is a mess. Could digital certificates help?

5G inherited security vulnerabilities from earlier mobile technology, but digital certificates might solve the issue of unauthenticated messages.

Many keys, one lock  >  Brute-force credential stuffing.

APIs are becoming a major target for credential stuffing attacks

New research shows that attackers use APIs to automate credential stuffing attacks. The financial sector is particularly vulnerable.

A firmware message appears on a circuit board.

Lack of firmware validation for computer peripherals enables highly persistent attacks

Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.

Load More