Trending Now
LATEST
Pensacola confirms ransomware attack
Pensacola
officials confirmed that an ongoing
cyberattack that began early Saturday morning is a ransomware attack.
While the city did not release any additional details, the Pensacola News Journal said city spokeswoman Kaycee Lagarde confirmed the attack included a ransom, something that...
Trickbot Operators Now Selling Attack Tools to APT Actors
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
The Great $50M African IP Address Heist
A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...
Intel Issues Fix for ‘Plundervolt’ SGX Flaw
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
How to stop spam calls right now
Spam calls drive us all crazy. Here are four ways to stop robocalls and other unsolicited phone calls.
SAP Releases 5 Security Notes on December 2019 Patch Day
SAP issued five new Security Notes this week as part of its December 2019 Security Patch Day, to which it also added 2 updates for previously released Security Notes.
All of the new Security Notes released this month are rated...
Plundervolt Attack Uses Voltage Changes to Steal Secrets From Intel Chips
A newly disclosed attack method targeting Intel processors employs voltage modifications to expose data protected using Intel's Software Guard Extensions (SGX).
read more
What it takes to become a CISO
The chief information security officer (CISO) role has been steadily rising in importance and visibility. CISOs now carry the burden of responsibility for securing some of a company’s most valuable resources.
Plundervolt Attack Uses Voltage to Steal Data From Intel Chips
A newly disclosed attack targeting Intel processors utilizes CPU voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX).
read more
The Next Security Silicon Valley: Coming to a City Near You?
The high cost of doing business in California's San Francisco Bay Area is just one factor driving infosec companies - established and and startups, alike - to pursue their fortunes elsewhere. Here's where many are going.
Hacking in Iran? The Lazarus Group hires Trickbot. Election influence ops. Cryptowars updata. Ransomware in municipal and tribal governments. Patch Tuesday notes. Do it for State.
Iran says it’s stopped a cyber attack, and that an insider was responsible for a major paycard exposure. Trickbot is now working for the Lazarus Group. Influence operations both foreign and domestic concern British voters on the eve of...
Real-time phishing alerts and stolen password warnings added to Chrome
Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser.
The real-time anti-phishing capabilities represents an upgrade to Google’s Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites...
Microsoft details the most clever phishing techniques it saw in 2019
This year's most clever phishing tricks include hijacking Google search results and abusing 404 error pages.
Apple Patches Over 50 Vulnerabilities in macOS Catalina
Security updates released by Apple this week address numerous vulnerabilities in macOS Catalina, iOS and iPadOS, Safari, and other software products.
read more
Chrome 79 Patches Critical Vulnerabilities
Google this week released Chrome 79 to the stable channel with a total of 51 security fixes, including 37 reported by external researchers, two of which are considered critical severity.
read more
5 Tips for Keeping Your Security Team on Target
In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.
How Commercial Bug Hunting Changed the Boutique Security Consultancy Landscape
It’s been almost a decade since the first commercial “for-profit” bug bounty companies launched leveraging crowdsourced intelligence to uncover security vulnerabilities and simultaneously creating uncertainty for boutique security companies around the globe.
read more
Iran Says Repelled a ‘Highly Organized Cyber Attack’
An Iranian minster said Wednesday the Islamic republic had recently thwarted a "highly organiz ed cyber attack" targeting its e-government infrastructure.
read more
Google Chrome Now Automatically Alerts Users on Compromised Passwords
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
Younger Generations Drive Bulk of 2FA Adoption
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
Analysts find connection between North Korean military and crimeware organization TrickBot
Researchers with SentinelLabs say they have found one of "the first known links between cybercrime groups and nation-state actors."
Healthcare Provider Agrees to Cough Up $6M to Settle Data Breach Lawsuit
Healthcare Provider Agrees to Cough Up $6M to Settle Data Breach Lawsuit American healthcare provider Banner Health has agreed to pay the alleged victims of a 2016 data breach $6 million.
Banner Health operates 28 hospitals and specialized facilities across six states,...
Best antivirus software: 12 top tools
The AV-TEST Institute recently tested the most popular Windows 10 client antivirus products on three primary criteria: protection, performance, and usability. Five of the 16 products tested earned a perfect rating of 6 for each of those criteria:Bitdefender Endpoint...
FBI shares security advice for online shopping
FBI: Use credit cards rather than debit cards, don't use public WiFi, keep your devices updated, and more.
US Software Testing Giant Buys AI Firm
US Software Testing Giant Buys AI Firm Software testing and quality assurance company Qualitest has announced the acquisition of an Israeli firm specializing in the creation of automated machine learning tools.
AlgoTrace, which is based in Tel Aviv, uses artificial intelligence (AI)...
LEADERS
The Great $50M African IP Address Heist
A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions...
Web-hosting firm 1&1 hit by almost €10 million GDPR fine over poor security at call centre
Web-hosting company 1&1 has been hit with one of the largest fines dished out so far under European GDPR legislation, Germany’s federal privacy watchdog has announced.
Read more in my article on the Hot for Security blog.
Extracting Data from Smartphones
Privacy International has published a detailed, technical examination of how data is extracted from smartphones.
49% of workers, when forced to update their password, reuse the same one with just a minor change
A new survey has revealed some alarming news about the way users are choosing their passwords in their homes and workplace.
Patch Tuesday, December 2019 Edition
Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control...
