News
News
- February 26, 2019
26 Feb'19
Eclypsium: Bare-metal cloud servers vulnerable to firmware attacks
Eclypsium found IBM SoftLayer cloud services are vulnerable to what it calls Cloudborne, which allows threat actors to make small, but potentially deadly firmware changes.
- February 26, 2019
26 Feb'19
Android brings FIDO2 certification to 1 billion devices
The FIDO Alliance announced Android has received FIDO2 certification, which will bring the ability to sign into websites and apps with biometrics, rather than passwords.
- February 26, 2019
26 Feb'19
CERT/CC's Art Manion says CVSS scoring needs to be replaced
Security expert Art Manion discusses what he calls major problems within the Common Vulnerability Scoring System and explains why CVSS needs to be replaced.
-
- February 25, 2019
25 Feb'19
WinRAR bug found and patched after 19 years
A WinRAR bug that affects every version of the app over the past 19 years was discovered and patched. But it's unclear if the millions of the app's users will get the needed fix.
- February 22, 2019
22 Feb'19
Security automation on display in 2019 RSAC Innovation Sandbox
Security automation will be a factor when most innovative startup is chosen at this year's RSAC Innovation Sandbox since almost all finalists use automation to improve security.
- February 22, 2019
22 Feb'19
Supply chain cybersecurity is a hot topic for RSAC 2019
Following years of AI climbing the hype wheel at RSA Conference, the topic is no longer one of the most prevalent as supply chain and infrastructure fears take focus at RSAC 2019.
- February 21, 2019
21 Feb'19
CrowdStrike report says breakout time for threat actors is increasing
CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.'
- February 20, 2019
20 Feb'19
ConnectWise plugin flaw exploited in ransomware attacks on MSPs
GandCrab ransomware infected several managed service providers, thanks to an old a ConnectWise manage plugin vulnerability, but a new decryptor tool is offering relief to victims.
- February 20, 2019
20 Feb'19
At RSAC 2019, speculative execution threats take a back seat
The Meltdown and Spectre vulnerabilities loomed large last year, but RSAC 2019 will have little fodder on speculative execution threats and side channels attacks.
- February 19, 2019
19 Feb'19
Palo Alto Networks to acquire SOAR vendor Demisto
Palo Alto Networks announced its plan of acquiring SOAR vendor Demisto for $560 million to accelerate its Application Framework strategy and beef up security operations automation.
-
- February 15, 2019
15 Feb'19
Google Play security improved by targeting repeat offenders
Google this week attributed security improvements in Google Play to both automated processes and human reviewers. The improvements include stopping bad apps from being published.
- February 15, 2019
15 Feb'19
Astaroth Trojan returns, abuses antivirus software
Cybereason's Nocturnus Research team has discovered a new strain of the Astaroth Trojan that attacks antivirus software to steal credentials.
- February 15, 2019
15 Feb'19
Ponemon study: Poor password practices remain rampant
More than two-thirds of employees share passwords with colleagues, research reveals. Experts sound off on what's fueling poor password practices and how to solve the problem.
- February 13, 2019
13 Feb'19
Dunkin' security alert warns of new credential-stuffing attacks
Dunkin' sent a security alert to customers warning of potentially malicious access of accounts due to the second credential stuffing attack in less than three months.
- February 12, 2019
12 Feb'19
Senators want potential VPN threat investigated by DHS
Two senators called on the Department of Homeland Security to investigate the possibility that VPNs are allowing valuable information to be routed to foreign adversaries.