Cybersecurity News


Smart-Lock Hacks Point to Larger IoT Problems

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
20 August 2020

Former Uber CSO charged for 2016 hack cover-up

DOJ officials say former Uber CSO Joe Sullivan lied to management about the security breach and paid hush money to the hackers.
20 August 2020

Former Uber CSO Charged in Hack Cover-up

The charges stem from a 2016 attack in which 57 million records were breached.
20 August 2020

IBM Settles Lawsuit Over Weather Channel App Data Privacy

IBM Settles Lawsuit Over Weather Channel App Data Privacy The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data.
20 August 2020

ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks

ATMs from the two companies had bugs that could have allowed card fraudsters to modify the amount of money they deposited on their card, and then abuse the new account balance for illegal cash withdrawals.
20 August 2020

Twitter Hack: The Spotlight that Insider Threats Need

The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
20 August 2020

IBM Db2 Flaw Gives Attackers Read/Write Access to Shared Memory

Researchers discover a lack of explicit memory protections around the shared memory used by the Db2 trace facility.
20 August 2020

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government The group has added a management console and a USB worming function to its main malware, Crimson RAT.
20 August 2020

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws The unscheduled security update addresses two "important"-severity flaws in Windows 8.1 and Windows Server 2012.
20 August 2020

MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication

MFA Mistakes: 6 Ways to Screw Up Multifactor Authentication Fearful of messing up its implementation, many enterprises are still holding out on MFA. Here's what they need to know.
20 August 2020

Google fixes major Gmail bug seven hours after exploit details go public

Attackers could have sent spoofed emails mimicking any Gmail or G Suite customer.
20 August 2020

Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay

Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.
20 August 2020

Senate Bill Would Expand Facial-Recognition Restrictions Nationwide

Senate Bill Would Expand Facial-Recognition Restrictions Nationwide The proposed law comes as police departments around the country for their use of facial recognition to identify allegedly violent Black Lives Matter protesters.
20 August 2020

Black Hat USA 2020 Recap: Experts Discuss Election Security Questions, but Offer Few Answers

The U.S. election in November is once again expected to be a target of digital adversaries. Experts at Black Hat USA 2020 highlighted the many election security questions authorities must address.
20 August 2020

Banks and the New Abnormal

Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.
20 August 2020

Cisco Critical Flaw Patched in WAN Software Solution

Cisco Critical Flaw Patched in WAN Software Solution Cisco has issued a fix for a critical flaw in its Virtual Wide Area Application Services (vWAAS), software for optimizing WAN on virtual private cloud infrastructure.
20 August 2020

Transparent Tribe APT targets government, military by infecting USB devices

The hacking group is focused on campaigns in India and Afghanistan.
20 August 2020

IBM AI-Powered Data Management Software Subject to Simple Exploit

IBM AI-Powered Data Management Software Subject to Simple Exploit A low-privileged process on a vulnerable machine could allow data harvesting and DoS.
20 August 2020

Bug bounty platform ZDI awarded $25m to researchers over the past 15 years

Bug bounty platform pioneer Zero-Day Initiative (ZDI) is celebrating its 15-year-old birthday this year.
20 August 2020

Working from home causes surge in security breaches, staff 'oblivious' to best practices

The coronavirus pandemic is thought to be at the heart of a rise in security incidents this year.
20 August 2020