Saturday, January 19, 2019

2018’s Most Common Vulnerabilities Include Issues New and Old

The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.

VC Investments in Cybersecurity Hit Record Highs in 2018

But rate of funding appears unsustainable, according to Strategic Cyber Ventures.

GDPR Suit Filed Against Amazon, Apple

An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.

PCI Council Releases New Software Framework for DevOps Era

The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.

The Rx for HIPAA Compliance in the Cloud

For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.

8 Tips for Monitoring Cloud Security

Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.

Black Hat Europe

Black Hat Asia

Black Hat USA

773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum

Data appears to be from multiple breaches over past few years, says researcher who discovered it.

Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation

Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.

Microsoft Launches New Azure DevOps Bug Bounty Program

A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.

New Attacks Target Recent PHP Framework Vulnerability

Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.

The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter

The network no longer provides an air gap against external threats, but access devices can take up the slack.

‘We Want IoT Security Regulation,’ Say 95% of IT Decision-Makers

New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.

Simulating Lateral Attacks Through Email

A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.

Go Hands-On with New Security Tricks at Black Hat Asia

Get up close and personal with the latest tools and techniques for testing (and breaking) everything from HTTPS to deep neural networks to Microsoft Office!

Malware Built to Hack Building Automation Systems

Researchers dig into vulnerabilities in popular building automation systems, devices.

Oklahoma Data Leak Compromises Years of FBI Data

The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.

How the US Chooses Which Zero-Day Vulnerabilities to Stockpile

When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more