SecurityWeek

Cloud computing remains a problem for many businesses. While the move to IaaS is gathering pace, it is still true that most organizations operate a hybrid approach, combining cloud apps and on-premise data. According to Egnyte, 85% of apps are now in the cloud, while 85% of data is still on premises. This creates a huge governance issue as corporate data moves into and out of cloud applications.

Port Scanning Project Infers Security Posture by Country

Network security company Fortinet (FTNT) announced on Tuesday the acquisition of AccelOps, a Santa Clara, CA-based firm that specializes in network security monitoring and performance analytics solutions.

Let me ask you a very simple question.“What is your organization’s sensitive data, and where is it?” 

Brian Richard Farrell, a 27-year-old accused of being a key administrator of the dark web criminal marketplace Silk Road 2.0, has been sentenced to eight years in prison and four years of supervised release.

Researchers discovered that Facebook Messenger is plagued by a vulnerability that allows hackers to replace the content of the messages they send through the application. The social media giant addressed the issue, but rated it “low risk.”

Just three months after announcing that he would leave the firm he started, WhiteHat Security founder Jeremiah Grossman has joined endpoint security firm SentinelOne as chief of security strategy.

When all is too much

Hackers Can Disable Alarm on Mitsubishi Outlander PHEV Cars

A security researcher earned $10,000 through Uber’s bug bounty program for reporting a critical authentication bypass vulnerability affecting a third party WordPress plugin.

The blame game over who should be held responsible for the bank thefts via SWIFT continues. Ecuador's Banco del Austro (BDA) has already launched action against Wells Fargo for releasing $12 million to accounts largely in Hong Kong, claiming it failed to respond to red flags in the transactions.

Last month it was LinkedIn (117 million passwords) and MySpace (427 million passwords). This weekend the same hacker, [email protected], made available a further 100 million password credentials stolen from Russian social media site VK.

Angler, currently considered the most sophisticated and most successful exploit kit, has been observed delivering Flash and Silverlight exploits capable of evading Microsoft’s Enhanced Mitigation Experience Toolkit (EMET).

A new version of the Network Time Protocol daemon (ntpd) released last week by the NTP Project addresses several vulnerabilities, including a high severity issue introduced by a previous patch.

When Heimdal Security reported on a new TorrentLocker ransomware campaign in Sweden just over a week ago, it noted that the attackers would likely soon move on to one or more other geographical areas. Now McAfee has seen a new campaign in Spain.

Malware authors are using various techniques to evade detection, and those operating the Cerber ransomware are now employing a server-side “malware factory” , researchers at Invincea reveal.

Congress has launched an investigation into the security posture of computer systems at the U.S. Federal Reserve, following series of reports that the banking unit detected more than 50 cyber breaches between 2011 and 2015. 

Several months ago, security researchers at Edinburgh Napier University published a paper on a distributed denial of service (DDoS) reflection and amplification method leveraging the TFTP (Trivial File Transfer Protocol) protocol, and security researchers at Akamai now warn of real-life attacks leveraging this technique.

Several pieces of malware and adware have been observed using a clever technique to hide the changes they make to the DNS settings of infected devices, ESET reported on Thursday.