Tuesday, September 25, 2018
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more
SecurityWeek

U.S. General Service Administration Launches Bug Bounty Program

The United States General Service Administration’s (GSA) Technology Transformation Service (TTS) has launched a bug bounty program on HackerOne, the hacker-powered security platform announced on Friday. read more
SecurityWeek

New Adwind Campaign Targets Linux, Windows, and macOS

Adwind remote access Trojan (RAT) samples detected in a recently campaign were configured to gain persistence on Linux, Windows, and macOS systems, Cisco Talos warns. read more
SecurityWeek

Operator of Counter AV Service Sentenced to 14 Years in Prison

A 38-year-old Latvian resident was sentenced last week in the United States to 168 months in prison for his role in operating a counter antivirus service called Scan4You. read more
SecurityWeek

Cisco Removes Default Password From Video Surveillance Manager

A critical vulnerability recently patched in the Cisco Video Surveillance Manager (VSM) could allow an unauthenticated attacker to log in as root. read more
SecurityWeek

How to Make the Business Case for an Intelligence Program

It’s Crucial to Communicate the Benefits of an Intelligence Program in the Context of Risk read more
SecurityWeek

Credential Stuffing Attacks Are Reaching DDoS Proportions

Credential stuffing is a growing threat. It is not new, but for many companies it is treated as annoying background noise that can be absorbed by bandwidth, handled by access controls, and ignored. New figures suggest that this is...
SecurityWeek

Millions of Twitter Users Affected by Information Exposure Flaw

Twitter has patched a bug that may have caused direct messages to be sent to third-party developers other than the ones users interacted with. The problem existed for well over a year and it impacted millions of users. read more
SecurityWeek

Hackers Target Real Estate Deals, With Devastating Impact

James and Candace Butcher were ready to finalize the purchase of their dream retirement home, and at closing time wired $272,000 from their bank following instructions they received by email. Within hours, the money had vanished. read more
SecurityWeek

New Virobot Ransomware and Botnet Emerges

A newly discovered piece of malware combines ransomware and botnet capabilities in a single package, Trend Micro security researchers reveal. read more
SecurityWeek

ZDI Shares Details of Microsoft JET Database Zero-Day

Trend Micro's Zero Day Initiative (ZDI) on Thursday made public details on a vulnerability impacting the Microsoft JET Database Engine, although a patch isn’t yet available for it. read more
SecurityWeek

Cloudflare Launches Security Service for Tor Users

Cloudflare on Thursday announced a new service to provide Tor users with improved security and performance, while also aiming at reducing malicious network traffic. read more
SecurityWeek

Accounting Firm Moss Adams Acquires Cybersecurity Firm AsTech

Moss Adams (an accounting firm founded 105 years ago) has merged in AsTech Consulting (a cyber risk management firm founded 11 years ago). Moss Adams is the thirteenth largest tax company in the U.S., and the leading firm on...
SecurityWeek

Legitimate RATs Pose Serious Risk to Industrial Systems

Remote administration tools (RATs) installed for legitimate purposes in operational technology (OT) networks can pose a serious security risk, allowing malicious actors to abuse them in attacks aimed at industrial organizations, Kaspersky Lab warns. read more
SecurityWeek

Malware Businesses Blending the Legitimate and the Illegitimate

Whenever someone wants to invoke a hacker for any purpose, we usually get some (stock photography) image of a lone, hooded malware author bent over a dark keyboard. Movies, too, perpetuate the idea of some socially maladjusted loner wreaking...
SecurityWeek

Facebook Building a ‘War Room’ to Battle Election Meddling

Facebook on Wednesday said it will have a "war room" up and running on its Silicon Valley campus to quickly repel efforts to use the social network to meddle in upcoming elections. read more
SecurityWeek

DMARC Fully Implemented on Two Thirds of U.S. Government Domains

DMARC has been fully implemented on roughly two thirds of U.S. government domains, but agencies have less than a month to roll out the email security standard on the remaining websites. read more
SecurityWeek

Rockwell Automation Patches Severe Flaws in Communications Software

Rockwell Automation has patched several critical and high severity vulnerabilities in its RSLinx Classic communications software. read more
SecurityWeek

U.S. Takes Off the Gloves in Global Cyber Wars: Top Oficials

The United States is taking off the gloves in the growing, shadowy cyber war waged with China, Russia and other rivals, a top White House official said Thursday. read more

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...