News

rambleed ram memory card hardware hack breach binary by 13threephotography getty

Rowhammer variant RAMBleed allows attackers to steal secrets from RAM

Unlike Rowhammer, which only allows for data corruption, the newly discovered RAMBleed vulnerability provides a way to grab data such as encryption keys from memory.

CSO slideshow - Insider Security Breaches - Flag of China, binary code

Why the Huawei ban is bad for security

Many believe the ban on exporting U.S. technology to Chinese company Huawei could hurt American tech vendors and do little to mitigate supply chain threats.

8 getting breached is bad for business

From phish to network compromise in two hours: How Carbanak operates

Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here's a detailed analysis by Bitdefender of an attack on one bank.

CSO > Phishing attacks that bypass two-factor authentication

Phishing attacks that bypass 2-factor authentication are now easier to execute

Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.

CSO > Security mechanisms vs. fiery threats

Public SAP exploits could enable attacks against thousands of companies

A recently released exploit takes advantage of a known configuration vulnerability that persists among many on-premise and cloud SAP instances. Here's what companies using SAP should do.

russian hacking us election  putin voting fraud hacked

2016 election hacking in Florida: Russian emails, hidden tracks

The Mueller Report says the Russians planted malware on at least one Florida county system, and Florida's governor announces that two counties were hacked in 2016. Experts believe the problem could be bigger.

CSO > IoT / Internet of Things, unencrypted/unsecured/vulnerable

Over 90% of data transactions on IoT devices are unencrypted

A report from Zscaler reveals some troubling facts about the risks posed by network-connected IoT devices.

passwords exposed authentication hacked vulnerable security breach

IT services giant HCL left employee passwords, other sensitive data exposed online

HCL left employee passwords, customer project details, and other sensitive information exposed online with no authentication.

drafting military for cyber security cybersecurity govenment

Will the U.S. government draft cybersecurity professionals?

A Congressional commission might soon recommend conscription of cybersecurity professionals to serve in both the military and civil service. Will the government force security pros to work for Uncle Sam?

Broken window with band-aid patch

Microsoft urges Windows customers to patch wormable RDP flaw

A newly found vulnerability allows remote exploits using the Remote Desktop Protocol to gain full access to systems with no authentication.

Intel CPU  >  security

The second Meltdown: New Intel CPU attacks leak secrets

Intel has done some mitigations for these vulnerabilities that can leak secrets from virtual machines, secure enclaves and kernel memory. Here's how the attacks work.

Networking cables viewed through a magnifying lens reveal a data breach.

200 million-record breach: Why collecting too much data raises risk

Avoid the siren song of big data and collect only what you need. This is the big takeaway from a 200-million record direct marketing list, including home address, telephone, religious affiliation and financial information now...

adding processor to circuit board computer hardware

New Intel firmware boot verification bypass enables low-level backdoors

By replacing a PC's SPI flash chip with one that contains rogue code, an attacker can can gain full, persistent access.

cloud computing - smart city - data - network connections - binary rain

Why local governments are a hot target for cyberattacks

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here's why they are vulnerable and what they can do to reduce the threat.

intro security vulnerability

Researchers warn of unpatched vulnerability in Oracle WebLogic Server

Detected scans suggest attacker are seeking vulnerable servers to target for attacks.

skull and crossbones in binary code

GandCrab attackers exploit recently patched Confluence vulnerability

If your company uses Confluence, make sure you have the latest available patches for this vulnerability.

6 handling email phishing

Wipro breach highlights third-party risk from large IT services providers

After outsourcing giant Wipro suffered a phishing incident, attackers used its email system to target the company’s customers. The breach demonstrates the dangers of supply chain and third party risk.

big brother privacy eye data breach security binary valerybrozhinsky getty

FEMA contractor at center of privacy violation provides services to many other agencies

Corporate Lodging Consultants provides lodging services to many other government agencies. Is more sensitive personal information at risk?

6 industrial iot oil rig oil drilling cranes

Group behind TRITON industrial sabotage malware made more victims

The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.

google cloud services

Google expands cloud security capabilities, including simpler configuration

New tools and services will help make it easier for enterprises to manage security with Google products as well as with Amazon and in their own private clouds and applications.

Load More