News
Elasticsearch clusters face attacks from multiple hacker groups
If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.
Ransomware attacks hit Florida ISP, Australian cardiology group
Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently.
Password managers remain an important security tool despite new vulnerability report
Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.
Bare-metal cloud servers vulnerable to Cloudborne flaw
Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks.
Bruce Schneier takes his pitch for public-interest security to RSA Conference
Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.
Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users
Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through...
Are zero-day exploits the new norm?
Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.
The cybersecurity legislation agenda: 5 areas to watch
The 116th Congress is only a few months old, but far-reaching cybersecurity bills to protect infrastructure and the supply chain, ensure election integrity, and build a security workforce are now being considered. Here’s the list.
IoT botnets target enterprise video conferencing systems
WootCloud researchers have discovered a trio of IoT botnets based on Mirai that exploit Polycom video conferencing systems. Polycom has issued an advisory and best practices for mitigating the risk.
North Korean hackers target Russian-based companies
The North Korean Lazarus APT group is going after the Russians. Russian hackers, however, needed less than 20 minutes in 2018 to completely pwn an organization.
![Electronic Health Records [EHR] / digital medical data, monitor health status, doctor, laptop](https://images.idgesg.net/images/article/2018/06/medical_data_status_tracking_electronic_health_records_ehr_by_metamorworks_gettyimages_1200x800-100760924-small.3x2.jpg){kind=tracking}
2.7M recorded medical calls, audio files left unprotected on web
Every call made to 1177 Swedish Healthcare Guide service since 2013, and answered by the subcontractor Medicall, was stored on an unprotected server.
Attackers place cryptojacking apps in the Microsoft App Store
Microsoft has removed eight applications from its app store for Windows that were mining Monero cryptocurrency without users' knowledge.
Data breaches exposed 5 billion records in 2018
New report from Risk Based Security shows a downward trend in number breaches and exposed records, Unclear if privacy regulations like GDPR are having an effect.
Disastrous cyber attack on email provider wipes US servers and backups
A cyber attack on email provider VFEmail caused “catastrophic destruction,” with hackers wiping the servers and backups.
Popular electric scooters can be remotely hacked
Researchers warned that Xiaomi M365 scooters can be remotely hacked from 100 meters away to slam on the brakes or to accelerate.
Android phones can be hacked remotely by viewing malicious PNG image
Android users are being told to patch their Android OS Nougat (7.0), Oreo (8.0) and Pie (9.0) as soon as updates are available after a bug related to PNG images was found.
CrowdStrike Store opens its endpoint security agent to other vendors
CrowdStrike will share data its cloud-based endpoint security platform collects to give customers more options while minimizing compatibility and performance concerns.
Vendor allegedly assaults security researcher who disclosed massive vulnerability
A security researcher alleges the COO of Atrient assaulted and threatened him after disclosing a massive vulnerability in an Atrient product.
Report: Over 59,000 GDPR data breach notifications, but only 91 fines
The low number of fines relative to the volume of reported breaches might be due to over-extended regulators, says a DLA Piper report.
Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists
The Doomsday Clock, once a ritual feature of the Cold War, warns that cybersecurity issues like IoT and cyber-enabled information warfare endanger humanity.
Sponsored Links