FireEye Launches OAuth Attack Testing Platform

Tue, 22 May 2018 11:04:47 +0000

FireEye on Monday announced the availability of a platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. read more

VMware Patches Fusion, Workstation Vulnerabilities

Tue, 22 May 2018 11:04:24 +0000

VMware informed customers on Monday that updates for its Fusion and Workstation products patch important denial-of-service (DoS) and privilege escalation vulnerabilities. read more

Tech Firms Coordinate Disclosure of New Meltdown, Spectre Flaws

Tue, 22 May 2018 05:34:08 +0000

Intel, AMD, ARM, IBM, Microsoft and other major tech companies on Monday released updates, mitigations and advisories for two new variants of the speculative execution attack methods known as Meltdown and Spectre. read more

Dell Patches Vulnerability in Pre-installed SupportAssist Utility

Mon, 21 May 2018 17:43:16 +0000

Dell Patches Local Privilege Escalation in SupportAssist Dell recently addressed a local privilege escalation (LPE) vulnerability in SupportAssist, a tool pre-installed on most of all new Dell devices running Windows. read more

Attackers Change DNS Settings of DrayTek Routers

Mon, 21 May 2018 17:03:34 +0000

Attackers have been targeting a zero-day vulnerability in routers made by DrayTek to change their DNS settings and likely abuse them in future attacks. read more

Android Malware Targets North Korean Deflectors

Mon, 21 May 2018 16:13:59 +0000

Recent attacks orchestrated by a hacking group referred to as “Sun Team” have targeted North Korean deflectors via malicious applications in the Google Play store, McAfee reports. read more

Critical Flaws Patched in Phoenix Contact Industrial Switches

Mon, 21 May 2018 13:57:14 +0000

Several vulnerabilities, including ones rated critical and high severity, have been patched in industrial ethernet switches made by Phoenix Contact, a Germany-based company that specializes in industrial automation, connectivity and interface solutions. read more

Compliance is Not Synonymous With Security

Mon, 21 May 2018 13:49:25 +0000

While the upcoming GDPR compliance deadline will mark an unprecedented milestone in security, it should also serve as a crucial reminder that compliance does not equal security. Along with the clear benefits to be gained from upholding the standards enforced by GDPR, PCI DSS, HIPAA, and other regulatory bodies often comes a shift toward a more compliance-centric security approach. read more

Researcher Earns $36,000 for Google App Engine Flaws

Mon, 21 May 2018 12:55:26 +0000

An 18-year-old researcher has earned more than $36,000 from Google after finding a critical remote code execution vulnerability related to the Google App Engine. Part of the Google Cloud offering, the App Engine is a framework that allows users to develop and host web applications on a fully managed serverless platform. read more

Utimaco to Acquire Atalla Hardware Security Module Business From Micro Focus

Mon, 21 May 2018 10:47:13 +0000

Aachen, Germany-based firm Utimaco will acquire the Atalla hardware security module (HSM) and enterprise secure key manager (ESKM) lines from UK-based Micro Focus.  read more

Hacked Drupal Sites Deliver Miners, RATs, Scams

Mon, 21 May 2018 05:55:30 +0000

The Drupal websites hacked by cybercriminals using the vulnerabilities known as Drupalgeddon2 and Drupalgeddon3 deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. read more

Two Vulnerabilities Patched in BIND DNS Software

Mon, 21 May 2018 04:40:33 +0000

Updates announced on Friday by the Internet Systems Consortium (ISC) for BIND, the most widely used Domain Name System (DNS) software, patch a couple of vulnerabilities. While attackers may be able to exploit both of the flaws remotely for denial-of-service (DoS) attacks, the security holes have been assigned only a “medium” severity rating. read more

200 Million Sets of Japanese PII Emerge on Underground Forums

Fri, 18 May 2018 16:40:23 +0000

A dataset allegedly containing 200 million unique sets of personally identifiable information (PII) exfiltrated from several popular Japanese website databases emerged on underground forums, FireEye reports. read more

F-Secure Unveils New Endpoint Detection & Response Solution

Fri, 18 May 2018 16:03:08 +0000

Finland-based cybersecurity firm F-Secure on Thursday announced the launch of a new endpoint detection and response (EDR) solution that combines human expertise and artificial intelligence. read more

Misconfigured CalAmp Server Enabled Vehicle Takeover

Fri, 18 May 2018 13:07:08 +0000

A misconfigured server operated by CalAmp, a company offering the backend for a broad range of well-known car alarm systems, provided anyone with access to data and even allowed for account and vehicle takeover. read more

Chrome to Issue Red "Not Secure" Warning for HTTP

Fri, 18 May 2018 11:20:31 +0000

Google is putting yet another nail in the HTTP coffin: starting with Chrome 70, pages that are not served over a secure connection will be marked with a red warning. read more

Man Sentenced to 15 Years in Prison for DDoS Attacks, Firearm Charges

Fri, 18 May 2018 08:39:32 +0000

A New Mexico man has been sentenced to 15 years in prison for launching distributed denial-of-service (DDoS) attacks on dozens of organizations and for firearms-related charges. read more

More Charges Against 'Syrian Electronic Army' Hackers

Fri, 18 May 2018 07:26:53 +0000

The U.S. Justice Department on Thursday announced more charges against two Syrian nationals believed to be members of the “Syrian Electronic Army” hacker group. read more

"Wicked" Variant of Mirai Botnet Emerges

Thu, 17 May 2018 18:21:54 +0000

A new variant of the Mirai Internet of Things (IoT) botnet has emerged, which features new exploits in its arsenal and distributing a new bot, Fortinet researchers warn. read more