News
Group behind TRITON industrial sabotage malware made more victims
The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.
Google expands cloud security capabilities, including simpler configuration
New tools and services will help make it easier for enterprises to manage security with Google products as well as with Amazon and in their own private clouds and applications.
New TajMahal APT discovered by Kaspersky has one known victim, likely others
Active since August 2014 with 80 modules able to capture a variety of information but with only one known victim, the TajMahal APT seems too advanced not to be used just once.
Security executives on the move and in the news
Find up-to-date news of CSO, CISO and other senior security executive appointments.
Inside the 2014 hack of a Saudi embassy
According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.
Critical Magento SQL injection flaw could be targeted by hackers soon
Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.
APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability
Iran-linked hacker group switches techniques from Shamoon wiper attacks to WinRAR exploits.
![Computerworld - Scary Tech [Slide-05] - Encryption systems with backdoors](https://images.idgesg.net/images/article/2017/10/cw_scary_tech_05-100740219-small.3x2.jpg)
ASUS users fall victim to supply chain attack through backdoored update
Attackers hijack ASUS's auto-update process to deliver malware. Preventing such attacks is difficult, but vendors and their customers can do more to mitigate the risk.
Magecart payment card skimmer gang returns stronger than ever
Web-based card skimmers are becoming harder to detect and remove thanks to evolving techniques.
SoftNAS Cloud 0day found: Upgrade ASAP
SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.
Congress steers clear of industrial control systems cybersecurity
Industry resistance to regulation, complexity of securing ICS systems are roadblocks to passage of critical infrastructure cybersecurity legislation.
![Slack logo/wordmark [2019]](https://images.idgesg.net/images/article/2019/01/slack_logo_wordmark_2019_3x2-100785482-small.3x2.jpg){kind=logo}
Hackers use Slack to hide malware communications
A watering hole attack used Slack for its command-and-control communications to avoid network and endpoint detection.
Preserving the privacy of large data sets: Lessons learned from the Australian census
Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.
New CISA director outlines top 5 priorities for protecting U.S. critical infrastructure
CISA’s Christopher Krebs has a two-year plan for his new cybersecurity agency, with China, supply chain and 5G as top priorities.
One in three organizations suffered data breaches due to mobile devices
New Verizon report shows a big gap between organizations' mobile security risk concerns and mobile security best practices they implement.
Better, badder, bigger SIEM coming your way, folks, courtesy of Google
Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.
Qbot malware resurfaces in new attack against businesses
This new persistent and difficult-to-detect Qbot version is designed to steal financial information.
Dow Jones watchlist of high-risk businesses, people found on unsecured database
A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server.
Sponsored Links