News

big brother privacy eye data breach security binary valerybrozhinsky getty

FEMA contractor at center of privacy violation provides services to many other agencies

Corporate Lodging Consultants provides lodging services to many other government agencies. Is more sensitive personal information at risk?

6 industrial iot oil rig oil drilling cranes

Group behind TRITON industrial sabotage malware made more victims

The attackers stayed undetected on the victim's network for more than a year and sought out operational technology networks.

google cloud services

Google expands cloud security capabilities, including simpler configuration

New tools and services will help make it easier for enterprises to manage security with Google products as well as with Amazon and in their own private clouds and applications.

security threats and vulnerabilities

New TajMahal APT discovered by Kaspersky has one known victim, likely others

Active since August 2014 with 80 modules able to capture a variety of information but with only one known victim, the TajMahal APT seems too advanced not to be used just once.

binary code matrix

Inside the 2014 hack of a Saudi embassy

According to documents seen by CSO, an unknown attacker took control of the official email account of the Saudi embassy in The Netherlands and demanded a ransom of $50 million for ISIS.

Broken window with band-aid patch

Critical Magento SQL injection flaw could be targeted by hackers soon

Popular e-commerce platform Magento has released security patches to fix the flaw. Researchers say update now.

hack hacker cyber thief theft stolen

APT group Elfin switches from data destruction to data stealing via WinRAR vulnerability

Iran-linked hacker group switches techniques from Shamoon wiper attacks to WinRAR exploits.

Computerworld - Scary Tech [Slide-05] - Encryption systems with backdoors

ASUS users fall victim to supply chain attack through backdoored update

Attackers hijack ASUS's auto-update process to deliver malware. Preventing such attacks is difficult, but vendors and their customers can do more to mitigate the risk.

mobile purchase transaction

Magecart payment card skimmer gang returns stronger than ever

Web-based card skimmers are becoming harder to detect and remove thanks to evolving techniques.

cloud security data breach crime accessible

SoftNAS Cloud 0day found: Upgrade ASAP

SoftNAS Cloud users should upgrade immediately following a report by Digital Defense that the virtual cloud appliance is vulnerable to a session management security issue.

2 industrial iot utility nuclear plant power plant

Congress steers clear of industrial control systems cybersecurity

Industry resistance to regulation, complexity of securing ICS systems are roadblocks to passage of critical infrastructure cybersecurity legislation.

Slack logo/wordmark [2019]

Hackers use Slack to hide malware communications

A watering hole attack used Slack for its command-and-control communications to avoid network and endpoint detection.

face superimposed on keyboard privacy hacker

Preserving the privacy of large data sets: Lessons learned from the Australian census

Preserving the privacy of large data sets is hard, as the Australian Bureau of Statistics found out. These are the big takeaways for the upcoming U.S. census and others dealing with large amounts of personal data.

industrial iot connected city

New CISA director outlines top 5 priorities for protecting U.S. critical infrastructure

CISA’s Christopher Krebs has a two-year plan for his new cybersecurity agency, with China, supply chain and 5G as top priorities.

mobile security / unlocked data connections

One in three organizations suffered data breaches due to mobile devices

New Verizon report shows a big gap between organizations' mobile security risk concerns and mobile security best practices they implement.

big data / data center / server racks / storage / binary code / analytics

Better, badder, bigger SIEM coming your way, folks, courtesy of Google

Google/Alphabet's Chronicle cybersecurity moonshot has a doozy of a mega-gargantuan SIEM with huge pluses--and minuses. Take note.

malware cybersecurity skull crossbone

Qbot malware resurfaces in new attack against businesses

This new persistent and difficult-to-detect Qbot version is designed to steal financial information.

financ stock market skyline

Dow Jones watchlist of high-risk businesses, people found on unsecured database

A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server.

skull and crossbones in binary code

Elasticsearch clusters face attacks from multiple hacker groups

If you are running an older version of Elasticsearch, make sure you've patched its known vulnerabilities or consider upgrading.

ransomware

Ransomware attacks hit Florida ISP, Australian cardiology group

Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently.

Load More