News

News

• September 21, 2018 21 Sep'18

  State Department data breach exposes employee info

  A State Department data breach involving the agency's unclassified email system may have been due to a lack of multi-factor authentication, according to one expert.

• September 20, 2018 20 Sep'18

  Risk & Repeat: Trend Micro apps land in hot water

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss Trend Micro's Mac apps, which have come under fire for questionable data collection features.

• September 20, 2018 20 Sep'18

  GovPayNow leak exposes 14 million records dating back six years

  Experts question the security audit and government agency vetting that took place before the GovPayNow leak, which affected 14 million customer records dating back six years.

• September 19, 2018 19 Sep'18

  NSS Labs lawsuit takes aim at CrowdStrike, Symantec and ESET

  In an antitrust lawsuit, NSS Labs accused some of the top antimalware vendors in the industry, including CrowdStrike and Symantec, of conspiring to undermine its testing efforts.

• September 18, 2018 18 Sep'18

  WannaMine cryptojacker targets unpatched EternalBlue flaw

  Unpatched systems are still being targeted by the WannaMine cryptojacker, despite warnings and global cyberattacks using the EternalBlue exploit leaked from the NSA.

• September 17, 2018 17 Sep'18

  New Mirai variant attacks Apache Struts vulnerability

  New variants of the Gafgyt and Mirai botnets are targeting unpatched enterprise devices, which indicates a greater shift away from consumer devices, according to researchers.

• September 14, 2018 14 Sep'18

  What the GAO Report missed about the Equifax data breach

  The Government Accountability Office investigated the Equifax data breach, but the GAO's report leaves out several important points about the infamous incident.

• September 14, 2018 14 Sep'18

  Researchers bring back cold boot attacks on modern computers

  The idea of cold boot attacks began 10 years ago, but researchers at F-Secure found the attack can be used on modern computers to steal encryption keys and other data.

• September 14, 2018 14 Sep'18

  British Airways data breach may be the work of Magecart

  News roundup: The British Airways data breach may be the handiwork of hacking group Magecart, according to researchers. Plus, hacker Guccifer will be extradited to U.S., and more.

• September 13, 2018 13 Sep'18

  Trend Micro apps fiasco generates even more questions

  In addition to other Trend Micro apps banished from the Mac App Store for gathering data inappropriately, the company has admitted to publishing the Open Any Files app.

• September 12, 2018 12 Sep'18

  Risk & Repeat: Inside the GAO's Equifax breach report

  In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Government Accountability Office's report on the Equifax breach and the questions it raises.

• September 12, 2018 12 Sep'18

  Microsoft patches Windows ALPC flaw exploited in the wild

  Microsoft's September 2018 Patch Tuesday release included a fix for the Windows ALPC vulnerability that was exploited in the wild for about two weeks before being patched.

• September 12, 2018 12 Sep'18

  Jake Braun discusses the Voting Village at DEF CON

  The Voting Village at DEF CON 26 expanded its scope to test every aspect of election security that it could. Organizer Jake Braun discusses how it went and what's next.

• September 11, 2018 11 Sep'18

  Trend Micro apps on Mac accused of stealing data

  Researchers claimed Trend Micro apps in the Mac App Store were stealing data. The company removed the offending features, but researchers are still not sold on Trend Micro's excuse.

• September 11, 2018 11 Sep'18

  Robot social engineering works because people personify robots

  Brittany 'Straithe' Postnikoff studied robot social engineering and found personification of robots can lead to effective attacks, regardless of whether or not AI is involved.