Latest News

Are Biometrics as a Form of Authentication Over-hyped and Unreliable?

A significant number of industrial and corporate systems may be exposed to remote attacks due to the existence of more than a dozen vulnerabilities in a protection and licensing product from Gemalto.

A British teenager managed to access the communications accounts of top US intelligence and security officials including the then CIA chief John Brennan, a London court heard Friday.Kane Gamble, now 18, was aged 15 and 16 when, from his bedroom in Coalville, central England, he managed to impersonate his targets to gain highly sensitive information.

Kaspersky Lab last week filed a motion for a preliminary injunction as part of its appeal against the U.S. Department of Homeland Security’s decision to ban the company’s products in federal agencies.

A New Mexico man admitted in court this week to launching distributed denial of service (DDoS) attacks against the websites of former employers, business competitors, and public services.

A researcher has conducted an analysis of Jenkins servers and found that many of them leak sensitive information, including ones belonging to high-profile companies.London-based researcher Mikail Tunç used the Shodan search engine to find Jenkins servers accessible from the Internet and discovered roughly 25,000 instances.

Companies have become more open in the past year to receiving vulnerability reports from security researchers, according to ethical hackers surveyed by bug bounty platform HackerOne.

Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures. 

A recently observed email campaign is abusing compromised FTP servers as download locations for malicious documents and infecting users with the Dridex banking Trojan, Forcepoint has discovered. 

Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices.

An espionage campaign using malware-infected messaging apps has been stealing smartphone data from activists, soldiers, lawyers, journalists and others in more than 20 countries, researchers said in a report Thursday.

The recently discovered malware known as Triton and Trisis exploited a zero-day vulnerability in Schneider Electric’s Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization.

Mobile and cloud computing have challenged the concept of perimeter security. There is no longer an easily definable perimeter to defend. VPNs are a traditional, but not ideal solution. Neither approach addresses the attacker who gets through the perimeter or into the VPN. Google long ago recognized the problems and introduced BeyondCorp as an alternative to perimeters and VPNs for its own worldwide employees.

An espionage campaign using malware-infected messaging apps has been stealing smartphone data from activists, soldiers, lawyers, journalists and others in more than 20 countries, researchers said in a report Thursday.

The cyber-espionage group known as Fancy Bear was highly active in the second half of 2017, hitting political organizations worldwide, Trend Micro said this week.