Flashpoint: Our site was not dishing malware
Flashpoint came out swinging today against an independent researcher who reported that the security company’s public-facing website was serving malware.
In what Flashpoint called an “after action report,” the company denied the website was itself infected with malware, but did...
Washington state legislature passes data breach law, but punts on privacy law
The Washington state legislature went one-for-two this month in its attempt to pass major data breach and privacy regulations.
Yesterday, lawmakers unanimously passed HB 1071, which firms up and expands requirements for public breach notifications, but the state apparently...
WordPress Social Warfare plugin vulnerabilities abused in the wild
About 42,000 websites have not updated to the latest version of the Social Warfare WordPress plugin, leaving themselves open to a pair of vulnerabilities that are being exploited in the wild.
Palo Alto’s Unit 42 research team is reporting that...
App leaves over 2 million WiFi network passwords exposed on open database
More than two million WiFi network passwords were reportedly left exposed on an open database by the developer of WiFi Finder, an app designed to help device owners find and log in to hotspots.
The developer, Proofusion, claims its product...
How to be an ethical hacker
At first glance, the term “ethical hacking” may
seem like an oxymoron. That’s because criminal “hacker” has become a pejorative
that’s closely tied to the bad guys — black hat threat actors looking to steal
or corrupt data or other assets within...
Fake U.S. State Dept. docs used in European embassy cyberattacks
Cyberattackers, possibly Russian, recently struck numerous embassies in Europe with a malicious email attachment that uses a weaponized version of the TeamViewer remote desktop tool to gain control of the target computer.
Check Point researchers reported that the attack is...
Machines running popular AV software go unresponsive after Microsoft Windows update
April’s Microsoft Windows update has apparently been causing headaches for users who had previously installed anti-virus software from vendors such as Avast, Avira, ArcaBit, McAfee and Sophos.
Users with these AV products who installed the April 9 Windows update may...
EmCare data breach exposes 60,000 employees, patients
EmCare Inc. suffered a data breach after several employee email accounts were accessed by an unauthorized entity, resulting in the compromise of up to 60,000 individuals’ information.
The Dallas-based company, which provides physician services, said in a statement that it...
Unauthorized party muscles its way into Bodybuilding.com’s systems
Fitness retailer Bodybuilding.com last Friday disclosed that an unauthorized party used a phishing scam to gain access to systems containing its customer data.
According to an FAQ page posted on its website, the Boise, Idaho-based retailer discovered the breach incident...
WannaCry hero Marcus Hutchins pleads guilty, faces five years
UK citizen Marcus Hutchins has gone from international hero
to felon after pleading guilty for his role in creating the Kronos banking trojan.
Hutchins, who found the kill switch that turned off the WannaCry ransomware in May 2017, was arrested in...
SC Media Reboot Leadership Awards announces its call for nominations
SC Media is issuing a call for nominations for its annual
Reboot Leadership Awards, designed to further advance the acknowledgement of
cybersecurity luminaries.
Three years ago SC Media launched the Reboot Leadership Awards
to give us a platform to recognize the professionals who...
Everything is hackable: The crowd is here to help
The cybersecurity industry at large is facing a
massive skills shortage. Coupled with a growing attack surface and economically
incentivized adversaries, this skills gap has made it more difficult than ever
for organizations to shore up their defenses.
Security experts are in high...
High-volume eGobbler malvertising campaign exploits zero-day Chrome bug
A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack.
Dubbed eGobbler by researchers...
Ransomware ravages municipalities nationwide this week
Municipalities took a beating this week with at least four
reporting being shut down from new ransomware attacks or struggling to recover
from an older incident.
Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of...
Drupal releases correct four moderately critical third-party vulnerabilities
Drupal this week issued a series of security releases to fix four “moderately critical” vulnerabilities, three related to the content management system’s Symfony PHP web application framework and a fourth involving the jQuery project JavaScript library.
The three Symfony issues...
Stuxnet Family Tree Grows
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Another dark web marketplace bites the dust –Wall Street Market
Two major dark web marketplaces for buying illegal products shut down in the span of a month.
Google File Cabinet Plays Host to Malware Payloads
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
Demonstration Showcase Brings DevOps to Interop19
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
What Home Buying Can Teach Us About Continuous Monitoring
Companies have been brainwashed to solely rely on hiring major auditing companies to help monitor and audit their vendors’ security. Assessments from these traditional auditors are typically an annual point-in-time affair. With technology advancing much more frequently, this outdated...
