SecurityWeek

A cyber incident in an industrial control system can have serious consequences, and all security technologies have limitations. This means we can always be more secure, or less. We could force-fit cyber risks into more conventional models by "making up" numbers for the probability of serious incidents, but "made up" numbers yield poor business decisions.

Security is now a topic on many board meeting agendas. Board members need to understand what threats they face, if they are prepared to stop them, and what additional security investments they need to make to better protect themselves from compromised brand integrity, instances of sensitive data loss, or potential threats.

Tumblr reported on Thursday that a third party had gained access to the email addresses and passwords of some users.According to the company, the data is from early 2013 and prior, before Tumblr was acquired by Yahoo. Furthermore, the exposed passwords were not stored in clear text — Tumblr said they were salted and hashed.

'Evidence' Russia Behind Cyber Attacks in Germany: Secret Service

At a financial conference in Frankfurt, Thursday, SWIFT's chief executive Gottfried Leibbrandt told the audience that the $81 million theft from the Bangladesh central bank's New York account "was from our perspective a customer fraud." He added, "I don’t think it was the first, I don’t think it will be the last."

An update released this week for the open source file archiver 7-Zip patches a couple of serious vulnerabilities discovered by researchers of Cisco’s Talos group.

Infosec veteran and former CEO of WhiteHat Security Jeremiah Grossman joins Ryan Naraine on the podcast to talk about the parallels between jiu-jitsu and computer security and the ongoing cat-and-mouse game between attackers and defenders.

The Russia-linked cyber espionage group Pawn Storm has been observed targeting the Christian Democratic Union of Germany, the political party of Chancellor Angela Merkel.

The ongoing battle over the Federal Bureau of Investigation’s (FBI) use of a zero-day in the Tor anonymity browser hit a new gear this week with Mozilla filing a brief to get access to the  vulnerability details.

Adobe has updated Flash Player for Windows, Mac and Linux to address a total of 25 vulnerabilities, including a zero-day that has been exploited in the wild.Flash Player 21.0.0.242 and 11.2.202.616 patch type confusion, use-aftre-free, buffer overflow, directory search path, and various memory corruption vulnerabilities that can lead to arbitrary code execution.

The rapid rise of ransomware has made it the latest marquee threat in cybersecurity. The growth in victims and damages has been widely reported, with successful attacks being waged against organizations of all sizes and stripes. However, this trend has had a disproportionate impact on small and medium-sized businesses.

Congress is tightening security by controlling its users' access to certain cloud services. This includes blocking Yahoo Mail and applications running on Google's appspot.com domain.

Panasonic has released an update for its FPWIN Pro application to patch several vulnerabilities identified by a researcher.

The investigation conducted by fast food restaurant chain Wendy’s following reports of suspicious credit card activity is nearly completed, and the company has confirmed that some of its point-of-sale (PoS) systems have been breached.

Google on Wednesday released yet another set of security patches for Chrome 50, resolving five vulnerabilities in the popular web browser, three of which were assigned a “High” severity score.

Yahoo rewarded a bug bounty hunter after he demonstrated that a recently disclosed ImageMagick vulnerability could be exploited for remote code execution on a website acquired by the company last year.

On March 14, 2012, at 4:44 am in Washington, Hillary Clinton's chief of staff received a CIA employee's email with the subject line: "URGENT -- From Dave Petraeus's Chief of Staff."

Security researchers are seeing evidence that up to 36 global organizations have been hacked via exploits against a vulnerability in SAP Business Applications that was patched more than five years ago.The vulnerability, patched by SAP in 2010, exists in the built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms).

Some of the attacks launched in March by a financially-motivated threat actor against organizations in North America involved a zero-day privilege escalation vulnerability affecting Windows.According to FireEye, this sophisticated cybercrime group targeted more than 100 companies — mainly in the retail, hospitality and restaurant sectors.