About the Review

Welcome to the Cyber Security Review website.

The growth of the internet has impacted profoundly on everyday life and the global economy. It has evolved into a global, interconnected network of systems and information – cyberspace – that we know today, transforming the conduct of business and opening new markets.

Threats to cyber security are persistent and constantly evolving. With an ever-growing number of cyber attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a race against the attackers.

The Cyber Security Review is designed to draw on the combined knowledge, skills and expertise of the cyber security community to identify the emerging threats and facilitate the development of coherent policies and robust capabilities.

Our mission is to promote dialogue and provide a platform for information exchange and cooperation between stakeholders, industry, academia and security experts worldwide.

Latest news 

  • Experts working with Homeland Security hacked into Boeing 757

    November 10, 2017

    There’s some unsettling news about one of America’s most widely-used jetliners. In a test, experts working with Homeland Security hacked into a Boeing 757. The team of researchers needed only two days in September 2016 to remotely hack into a 757 parked at the airport in Atlantic City, New Jersey. Speaking at a conference this week, Robert Hickey of ...

  • Equifax spends $87.5 million on data breach, more expenses on deck

    November 9, 2017

    Equifax spent $87.5 million in the third quarter on its recent data breach. The disclosure came amid an earnings report that showed revenue growth of 4 percent to $834.8 million and net income of $96.3 million. In other words, the data breach affecting 145 million Equifax customers dented the cash cow, but it certainly didn’t kill it. Read more… Source: ZDNet  

  • Intel’s management engine – in most CPUs since 2008 – can be p0wned over USB

    November 9, 2017

    Positive Technologies, which in September said it has a way to attack the Intel Management Engine, has dropped more details on how its exploit works. The firm has already promised to demonstrate God-mode hack in December 2017, saying the bug “allows an attacker of the machine to run unsigned code in the Platform Controller Hub on any motherboard”. For ...

  • Evil pixels: researcher demos data-theft over screen-share protocols

    November 9, 2017

    It’s the kind of thinking you expect from someone who lives in a volcano lair: exfiltrating data from remote screen pixel values. The idea comes from Pen Test Partners’ Alan Monie, taking a break from sex toy hacks and wondering how to get data over a connection like RDP (remote desktop protocol) when the target had blocked file transfer ...

  • Russian ‘Fancy Bear’ Hackers Using (Unpatched) Microsoft Office DDE Exploit

    November 8, 2017

    Cybercriminals, including state-sponsored hackers, have started actively exploiting a newly discovered Microsoft Office vulnerability that Microsoft does not consider as a security issue and has already denied to patch it. Last month, we reported how hackers could leverage a built-in feature of Microsoft Office feature, called Dynamic Data Exchange (DDE), to perform code execution on the targeted device ...

  • IoT devices are an enterprise security time bomb

    November 8, 2017

    The Internet of Things (IoT) is causing serious security concerns for enterprises worldwide with few companies capable of securing them as they are unable to identify devices properly, according to new research. On Wednesday, ForeScout Technologies revealed the results of a new survey into the challenges IoT poses for the enterprise. The survey, conducted by Forrester Consulting, suggests that ...

  • The top 5 malware threats targeting Macs

    November 8, 2017

    While Macs offer strong security protections, they are far from immune to malware, according to new data from security firm Avast. Since January 2017, Avast has blocked more than 250 million malware threats aimed at their Mac customers. “Macs are not impervious to malware,” wrote Lukáš Hasik, senior product manager at Avast. “As secure as Macs generally ...

  • Fast-growing cyber crime threatens financial sector: Europol

    November 8, 2017

    The “remorseless” growth of cyber crime is leading to 4,000 ransom attacks a day and gangs’ technological capability now threatens critical parts of the financial sector, the head of Europol said on Wednesday. Online criminals have become so sophisticated that gangs have created “conglomerations” with company structures that specialize in different criminal activities to carry out ...

  • Hacker Distributes Backdoored IoT Vulnerability Scanning Script to Hack Script Kiddies

    November 8, 2017

    Nothing is free in this world. If you are searching for free hacking tools on the Internet, then beware—most freely available tools, claiming to be the swiss army knife for hackers, are nothing but a scam. For example, Cobian RAT and a Facebook hacking tool that we previously reported on The Hacker News actually could hack, but of the one who ...

  • Sowbug: Cyber espionage group targets South American and Southeast Asian governments

    November 7, 2017

    Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets. Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates. Symantec saw ...

  • US-CERT Warns of Crypto Bugs in IEEE Standard

    November 6, 2017

    Recent academic work focused on weak cryptographic protections in the implementation of the IEEE P1735 standard has been escalated to an alert published Friday by the Department of Homeland Security. DHS’ US-CERT warned the IEEE P1735 standard for encrypting electronic-design intellectual property and the management of access rights for such IP is flawed. “In the most egregious cases, enable attack vectors that allow ...

  • Critical Tor flaw leaks users’ real IP address—update now

    November 5, 2017

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users’ IP addresses when they visit certain types of addresses. TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common ...

  • Stuxnet-style code signing is more widespread than anyone thought

    November 3, 2017

    One of the breakthroughs of the Stuxnet worm that targeted Iran’s nuclear program was its use of legitimate digital certificates, which cryptographically vouched for the trustworthiness of the software’s publisher. Following its discovery in 2010, researchers went on to find the technique was used in a handful of other malware samples both with ties to ...