News


  • Dead Web Apps Haunt 70 Percent of FT 500 Firms

    October 30, 2018

    Abandoned web applications used by FT 500 Global Companies have exploitable flaws and weaknesses. A study of abandoned websites owned by leading global corporations hammers home the point that old web applications need to be properly mitigated or retired. Otherwise, these resources often haunt a firm long after they have been forgotten. Researchers at High-Tech Bridge used ...

  • New iPhone Passcode Bypass Found Hours After Apple Releases iOS 12.1

    October 30, 2018

    It’s only been a few hours since Apple releases iOS 12.1 and an iPhone enthusiast has managed to find a passcode bypass hack, once again, that could allow anyone to see all contacts’ private information on a locked iPhone. Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass ...

  • DHS: Election officials inundated, confused by free cyber-security offerings

    October 29, 2018

    Election officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. According to a list compiled by CyberScoop, companies that have provided free tools and services to election officials include McAfee, Cylance, Cloudflare, Google’s Jigsaw, Synack, Akamai, Centrify, Microsoft, Valimail, Facebook, Symantec, Netscout, and 1Password. ...

  • Demand for cryptocurrency skills surges, but lacks cyber security expertise

    October 29, 2018

    Trend Micro warns the lack of cybersecurity skills in cryptocurrency environments could be dangerous for firms. Demand for skills in cryptocurrencies is growing, but security expertise isn’t keeping up, leaving businesses open to attack, a report by Trend Micro has revealed. In the cryptocurrency world, businesses are seeking employees with a knowledge of blockchain, finance, Java, bitcoin ...

  • Why website maintenance is essential for small businesses’ cyber-security

    October 29, 2018

    Investing time in ongoing website maintenance is a key way to ensure that your small business website is as protected as it can be against cyber-security threats. October 2018 is Cyber Security Awareness Month, an annual campaign which aims to raise awareness of cyber-security threats. Research from the Cyber Security Breaches Survey 2018 shows that four ...

  • Protect yourself from a cyber attack — before it happens

    October 29, 2018

    The biggest threat to your firm’s security may be lurking in your inbox. Email is a primary means for RIA communication with clients, vendors, other third parties and within a firm. As a result, most data and security breaches happen through email, usually due to some combination of user error and gaps in cybersecurity protection. The ...

  • New Zealand: Cyber attacks aimed at school websites surge

    October 28, 2018

    Schools are reporting an upsurge in cyber attacks, apparently from disgruntled students who are attacking school websites rather than pressing the fire alarm to disrupt classes. Network for Learning (N4L), a Crown company that provides internet services to 98 per cent of New Zealand schools, says six schools were targeted with “dozens of attacks” aimed at taking ...

  • How to prevent your business becoming collateral damage of geopolitical cyber conflict

    October 27, 2018

    According to Bryan Becker, an application security researcher at WhiteHat Security, the United States is “woefully behind the entire developed world in terms of cybersecurity.” Defensively, he insists, it would “easily take us a decade” and then some to catch up with allies and competitors alike. Does this mean that it’s up to the cybersecurity ...

  • Russia suggests UN set up working group on cybersecurity

    October 26, 2018

    UNITED NATIONS – Russia has submitted to the 73rd session of the United Nations General Assembly a draft resolution on cybersecurity that provides for the establishment of a working group on these issues and for the elaboration of rules of conduct of states in cyberspace, Russian presidential envoy for international cooperation in information security Andrey ...

  • New Privilege Escalation Flaw Affects Most Linux Distributions

    October 26, 2018

    An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It ...

  • Malware Distributors Adopt DKIM to Bypass Mail Filters

    October 25, 2018

    In July 2018, US-CERT raised an alert regarding the Emotet banking trojan, which is also being used to distribute a secondary malware known as “Trickbot”. This alert provided recommendations on how businesses can mitigate their exposure to the Trojan. Unfortunately, it looks like criminals are also reading the US-CERT’s warnings as they have adopted new techniques ...

  • Unusual Remote Execution Bug in Cisco WebEx Discovered by Researchers

    October 25, 2018

    While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco’s WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections. Remote code execution vulnerabilities are bugs that allow a users ...

  • Cathay Pacific Data Breach Highlights A Need To Change Airline Security Focus

    October 25, 2018

    Cathay Pacific has been hit by a data breach affecting 9.4 million passengers of Cathay and Hong Kong Dragon Airlines, a serious exposure that shows—not for the first time—that the focus of airline security can’t be limited to airport terminals and aircraft cabins. First discovered in March, and confirmed in May of this year, the Cathay Pacific ...

  • ‘A cyber-attack could stop the country’

    October 25, 2018

    Superfast 5G mobile broadband could power smart cities and the internet of things, (IoT) but as more devices get connected, telecoms and security experts are warning that cyber-attacks could increase in number and severity. Our homes and cities are getting “smarter” – thermostats, video doorbells, sprinkler systems, street lights, traffic cameras, cars. all connected to the ...

  • British Airways: If you’re feeling left out of our 380,000 passenger hack, then you may be one of another 185,000 victims

    October 25, 2018

    British Airways’ horror hack is worse than first thought: the world’s favorite airline has added 185,000 cardholders to the pile of 380,000 potentially caught up in the IT security breach. In September, it emerged that hackers spent two weeks slurping the personal and payment card data of people who booked travel via BA’s website and mobile application. As ...

  • Pentagon Expands Bug-Bounty Program to Include Physical Systems

    October 25, 2018

    The news comes shortly after the DoD was called out for having rampant bugs in its weapons systems. The Department of Defense is expanding its “Hack the Pentagon” bug-bounty program to include hardware assets, tapping the Synack, HackerOne and Bugcrowd platforms to attract more white hats to the effort. The news comes two weeks after the Government ...

  • Ex spy bosses: Cyber-warfare needs rules of engagement

    October 24, 2018

    OpenWorld Former intelligence leaders have called for international terms of engagement in cyber warfare and greater collaboration between the public and private sectors to defend critical infrastructure. The comments came at a security-focused keynote at this year’s Oracle OpenWorld conference in San Francisco, where – instead of the usual parade of enthusiastic customers – co-CEO Mark Hurd ...

  • Critical Infrastructure & Supply Chain Remain Highly Vulnerable to Attacks

    October 24, 2018

    This week, the National Cyber Security Alliance (NCSA) reminds us that, “our day-to-day life depends on the country’s 16 sectors of critical infrastructure, which supply food, water, financial services, public health, communications and power along with other networks and systems. A disruption to this system, which is operated via the internet, can have significant and even catastrophic ...

  • IAEA Launches International Training Course on Protecting Nuclear Facilities from Cyber-Attacks

    October 24, 2018

    The International Atomic Energy Agency (IAEA) has introduced a new international training course (ITC) on protecting nuclear facilities from cyber-attacks, highlighting the Agency’s role in supporting national efforts to strengthen nuclear security. The inaugural course, Protecting Computer-Based Systems in Nuclear Security Regimes, was held earlier this month. It brought together 37 participants from 13 countries for two ...

  • StrongPity APT Changes Tactics to Stay Stealthy

    October 23, 2018

    After being exposed, the APT made minor adjustments in their tactics to stay off the security radar. The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has changed its tactics, after various research groups analyzed the malware and exposed its methods of deployment. The efforts have allowed the group to return to hidden ...