Friday, November 15, 2019
SecurityWeek

LINE Launches Public Bug Bounty Program on HackerOne

Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne. Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
SecurityWeek

Corellium: Apple Sued Us After Failed Acquisition Attempt

Florida-based virtualization company Corellium claims that the copyright infringement lawsuit filed by Apple comes in response to a failed acquisition attempt. read more
SecurityWeek

Securing Autonomous Vehicles Paves the Way for Smart Cities

As homes, workplaces, and cities digitally transform during our Fourth Industrial Revolution, many of those charged with securing this digital future can find it difficult to “level up” from the endpoints and focus on defining and solving the larger...
SecurityWeek

DLL Hijacking Flaw Impacts Symantec Endpoint Protection

Symantec Endpoint Protection is the latest antivirus product found to unsafely load DLLs into a process that runs with SYSTEM privileges. read more
SecurityWeek

Online Retailers Ill-Prepared for Holiday Season

"The retail industry is experiencing more breaches than any other industry in 2019," starts a new report on threats to the retail industry. This is somewhat surprising to those accustomed to see healthcare, education, manufacturing and finance at the...
SecurityWeek

Visa Warns of New JavaScript Skimmer ‘Pipka’

A new JavaScript skimmer targets data entered into the payment forms of ecommerce merchant websites, Visa Payment Fraud Disruption (PFD) warns. Dubbed Pipka, the skimmer was discovered on an ecommerce website previously infected with the JavaScript skimmer known as Inter,...
SecurityWeek

Iranian APT33 Hackers Use Special Botnets for High-Value Targets in U.S.

An Iran-linked cyberespionage group tracked as APT33 has used obfuscated botnets as part of attacks aimed at high-value targets located in the United States, the Middle East and Asia, Trend Micro reported on Thursday. read more
SecurityWeek

New MITRE Foundation Aims to Boost Critical Infrastructure

American not-for-profit organization MITRE Corporation has announced the launch of a tech foundation focused on strengthening critical infrastructure through partnerships with the private sector. read more
SecurityWeek

Australian Universities Adopt Foreign Interference Guidelines

Australia announced measures to combat foreign interference at its universities Thursday, setting new guidelines around the key areas of research collaboration, cybersecurity, and international partnerships. read more
SecurityWeek

Facebook Nixes Billions of Fake Accounts

Facebook on Wednesday said it has taken down some 5.4 billion fake accounts this year in a sign of the persistent battle on social media against manipulation and misinformation. read more
SecurityWeek

Vulnerability in McAfee Antivirus Products Allows DLL Hijacking

A vulnerability in McAfee antivirus software could allow an attacker to evade self-defense mechanisms and achieve persistence, SafeBreach security researchers have discovered. read more
SecurityWeek

Automated Penetration Testing Startup Pcysys Raises $10 Million

Israeli cybersecurity firm Pcysys announced on Wednesday that it has completed a $10 million Series A funding round, which brings the total raised by the company to $15 million.  read more
SecurityWeek

Canada Spy Agencies Split Over Proposed Huawei 5G Ban: Media

Canada's spy agencies are divided over whether or not to ban Chinese technology giant Huawei from fifth generation (5G) networks over security concerns, the Globe and Mail reported Wednesday. read more
SecurityWeek

Navigating a Way Out of the Lion’s Den Before, During, and After Incident Response

In my previous column, I offered tips on leveraging security metrics in order to stay out of the lion’s den. It goes without saying that it’s always best to avoid the lion’s den whenever possible. In fact, much of...
SecurityWeek

Value and Limitations of Vendor Telemetry and Reported Incidents

Threat statistics come from a variety of sources: reported incidents, vendor telemetry, internet traffic and dark web analysis. All have value, and all have limitations.  read more
SecurityWeek

Intel Driver Vulnerability Can Give Attackers Deep Access to a Device

A vulnerability affecting a powerful and widely used driver from Intel can give malicious actors deep access to a device, firmware security company Eclypsium warns. read more
SecurityWeek

Trend Micro Launches New ICS Security Solutions

Cybersecurity solutions provider Trend Micro this week announced the launch of new products designed to protect industrial control system (ICS) environments. read more
SecurityWeek

‘State of the Firewall’ Report: Automation Key to Preventing Costly Misconfigurations

Firewall Maintenance Needs Automation to Prevent Misconfiguration read more
SecurityWeek

SAP Updates Four Hot News Notes on November 2019 Patch Day

German multinational software corporation SAP this week released 11 Notes as part of the November 2019 Security Patch Day, along with four updates to previously released patches. All of the four updates are for Patch Day Security Notes that have...
SecurityWeek

Newer Intel CPUs Vulnerable to Variant 2 of ZombieLoad Attack

Researchers have disclosed a new variant of the attack method dubbed ZombieLoad, which appears to also impact Intel CPUs that are not affected by the first variant of ZombieLoad. read more
SecurityWeek

LINE Launches Public Bug Bounty Program on HackerOne

Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne. Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
The Register

Try as they might, ransomware crooks can’t hide their tells when playing hands

Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
ZDNet

Google Chrome experiment crashes browser tabs, impacts companies worldwide

In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
SC Magazine

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and...
ZDNet

GitHub launches ‘Security Lab’ to help secure open source ecosystem

Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.