News

skull and crossbones in binary code

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

ransomware

Ransomware attacks hit Florida ISP, Australian cardiology group

Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently.

5 password best practices unique passwords authentication

Password managers remain an important security tool despite new vulnerability report

Experts downplay discovery of a vulnerability that can expose passwords in a computer's memory. Hackers likely to take easier paths to stealing passwords.

cloud connect comput woman carry lights

Bare-metal cloud servers vulnerable to Cloudborne flaw

Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks.

private public hybrid cloud technology sign

Bruce Schneier takes his pitch for public-interest security to RSA Conference

Bruce Schneier's new all-day track at the RSA Conference explores idea that security pros, like lawyers, should be expected to engage in a certain amount of pro bono work.

alone at night along a dimly lit path / security / suspicious / threat / hacker

Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users

Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through...

a hooded figure targets a coding vulnerability

Are zero-day exploits the new norm?

Research from Microsoft's Matt Miller shows that every actively exploited Windows vulnerability in 2017 was first done using a zero-day attack. Other research shows this trend extends across the IT landscape.

capitol dome congress

The cybersecurity legislation agenda: 5 areas to watch

The 116th Congress is only a few months old, but far-reaching cybersecurity bills to protect infrastructure and the supply chain, ensure election integrity, and build a security workforce are now being considered. Here’s the list.

botnet

IoT botnets target enterprise video conferencing systems

WootCloud researchers have discovered a trio of IoT botnets based on Mirai that exploit Polycom video conferencing systems. Polycom has issued an advisory and best practices for mitigating the risk.

A hooded man in a halloween mask raises a finger to his lips to encourage silence.

North Korean hackers target Russian-based companies

The North Korean Lazarus APT group is going after the Russians. Russian hackers, however, needed less than 20 minutes in 2018 to completely pwn an organization.

Electronic Health Records [EHR] / digital medical data, monitor health status, doctor, laptop

2.7M recorded medical calls, audio files left unprotected on web

Every call made to 1177 Swedish Healthcare Guide service since 2013, and answered by the subcontractor Medicall, was stored on an unprotected server.

vulnerable cryptojacking hacking breach security

Attackers place cryptojacking apps in the Microsoft App Store

Microsoft has removed eight applications from its app store for Windows that were mining Monero cryptocurrency without users' knowledge.

intro data breach circuit board technology security

Data breaches exposed 5 billion records in 2018

New report from Risk Based Security shows a downward trend in number breaches and exposed records, Unclear if privacy regulations like GDPR are having an effect.

man sitting on chair on dirt road tornado overwhelmed overworked stressed disruption disaster recov

Disastrous cyber attack on email provider wipes US servers and backups

A cyber attack on email provider VFEmail caused “catastrophic destruction,” with hackers wiping the servers and backups.

xiaomi m365 scooter

Popular electric scooters can be remotely hacked

Researchers warned that Xiaomi M365 scooters can be remotely hacked from 100 meters away to slam on the brakes or to accelerate.

Android robot and gears emerging from isometric mobile phone screen

Android phones can be hacked remotely by viewing malicious PNG image

Android users are being told to patch their Android OS Nougat (7.0), Oreo (8.0) and Pie (9.0) as soon as updates are available after a bug related to PNG images was found.

Cloud Security

CrowdStrike Store opens its endpoint security agent to other vendors

CrowdStrike will share data its cloud-based endpoint security platform collects to give customers more options while minimizing compatibility and performance concerns.

fight shadow

Vendor allegedly assaults security researcher who disclosed massive vulnerability

A security researcher alleges the COO of Atrient assaulted and threatened him after disclosing a massive vulnerability in an Atrient product.

5 gdpr compliant notification documentation

Report: Over 59,000 GDPR data breach notifications, but only 91 fines

The low number of fines relative to the volume of reported breaches might be due to over-extended regulators, says a DLA Piper report.

10 threat landscape apocalypse ruins

Add cybersecurity to Doomsday Clock concerns, says Bulletin of Atomic Scientists

The Doomsday Clock, once a ritual feature of the Cold War, warns that cybersecurity issues like IoT and cyber-enabled information warfare endanger humanity.

Load More