Latest News

The United States on Tuesday charged an Iranian computer whiz with hacking into HBO, stealing scripts and plot summaries for "Games of Thrones," and trying to extort $6 million in Bitcoin out of the network.

The final version of the 2017 OWASP Top 10 was released on Monday and some types of vulnerabilities that don’t longer represent a serious risk have been replaced with issues that are more likely to pose a significant threat.

Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.

At least two cybersecurity firms have noticed that the notorious Lazarus threat group, which many experts have linked to North Korea, has been using a new piece of Android malware to target smartphone users in South Korea.

Address Space Layout Randomization (ASLR) isn’t properly applied on versions of Microsoft Windows 8 and newer, an alert from Carnegie Mellon University-run CERT Coordination Center (CERT/CC) warns.

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

Information security is built on the pillars of confidentiality, integrity, and availability. Confidentiality is about making sure your secrets stay secret.

A crypto vulnerability affecting some F5 Networks products can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks, the company told customers on Friday.

Microsoft engineers appear to have manually patched a 17 year-old vulnerability in Office, instead of altering the source code of the vulnerable component, ACROS Security researchers say.

A new phishing campaign delivering the Jsocket variant of Adwind (also known as AlienSpy) was detected in October, and is ongoing. Adwind and its variants have been around since at least 2012. It is a cross-platform backdoor able to install additional malware, steal information, log keystrokes, capture screenshots, take video and audio recordings, and update its own configuration.

A vulnerability that allows malicious applications to capture screen contents and record audio without a user’s knowledge impacts over 78% of Android devices, researchers claim.

Working Together, IT and OT Must Mitigate Risk and Address the Inevitable Mandates that Follow Successful Attacks

The board of directors of China-based certificate authority StartCom announced on Friday that it has decided to shut down the company following the decision of major browser vendors to ban its certificates.

Researchers have found an unprotected database storing 1.8 billion posts collected from social media services, news websites and forums by a contractor for the U.S. Department of Defense.

A recently observed variant of the EMOTET banking Trojan features new routines that allow it to evade sandbox and malware analysis, Trend Micro security researchers say.