SecurityWeek

A researcher has discovered a zero-day firmware vulnerability that can be exploited by malicious hackers to disable security features on Lenovo, HP and likely other PCs.

The FBI interviewed Hillary Clinton on Saturday about her use of personal email while serving as secretary of state, an issue that has dogged her campaign to become America's first female president.

A US man was charged on Friday in relation to one of the biggest celebrity hacks in which a phishing scheme led to nude photos of Hollywood stars being posted online.

The people of Britain voted for an exit from the European Union in a historic referendum last week. While it’s unclear at this time if the country will actually leave the EU, if it does, the decision could have some consequences for both privacy and cybersecurity.

The RIG exploit kit (EK), currently one of the most popular crimekits infecting systems around the world, was recently observed in a campaign that potentially impacted millions of users, exposing them to the SmokeLoader (aka Dofoil) malware.

Microsoft this week announced a series of changes to the security capabilities of Windows 10, including expanded capabilities for Windows Hello, the end-to-end multi-factor authentication solution that eliminates passwords when connecting to various services.

Researchers have discovered two vulnerabilities in Siemens’ SICAM Power Automation System (PAS). The vendor has patched one of the flaws and is currently working on addressing the other one.

LizardStresser Botnet Abuses IoT Devices in 400Gbps Attack

Updates released this week by Foxit Software for its Reader and PhantomPDF products patch over a dozen vulnerabilities discovered recently by several researchers.

An analysis of malicious documents created with a Microsoft Office exploit generator has allowed researchers to find connections between several malware families known to be used by different threat groups supposedly located in China.

One of the latest trends in ransomware is to leverage the Remote Desktop Protocol (RDP) to infect targeted machines, and a new malware family that uses this technique was recently discovered, Emsisoft researchers warn.

The developers of the open source office suite LibreOffice informed users this week that they have patched a vulnerability which could allow attackers to execute arbitrary code using specially crafted RTF files.

An online database containing the names of 2.2 million heightened risk individuals and organizations was left unprotected and downloaded by a security researcher who has considered making the information public.

Multiple banking Trojans were observed over the past couple of months focusing on users in Canada as part of campaigns of higher volume and broader diversity, Proofpoint researchers warn.

The first chunk of actual sky recently slammed into the ground with a resounding thud.

Software updates released by Cisco for some of the company’s security and network management products address critical and high severity vulnerabilities that can be exploited by remote attackers.

Cisco has announced its intention to acquire CloudLock Inc, a privately held cloud access security broker (CASB) based in Waltham, Massachusetts. Cisco will pay $293 million in cash and assumed equity awards, and will pay additional retention incentives to retain the existing CloudLock employees.