News

News

• November 18, 2016 18 Nov'16

  DLL code flaw marks the latest Symantec vulnerability

  News roundup: The latest chapter of Symantec's security struggles involves a high-severity DLL code flaw. Plus, Dyn attacker might be a lone gamer, James Clapper resigns and more.

• November 17, 2016 17 Nov'16

  Chinese company caught preinstalling Android spyware on budget devices

  A Chinese company was found to be preinstalling Android spyware on budget smartphones and collecting phone call and messaging data without consent.

• November 17, 2016 17 Nov'16

  DHS and NIST release complementary IoT security guidance

  New IoT security guidance from government agencies take on different aspects, with DHS tackling the basics and NIST giving a deeper take on securing new devices.

• November 16, 2016 16 Nov'16

  Android spyware detected in wild being used by government

  Researchers discover Italian-sourced Android spyware linked to Hacking Team, but it could be the work of another surveillance software vendor.

• November 15, 2016 15 Nov'16

  Massive FriendFinder Network breach prompts password security debate

  Experts debated various aspects of password security in the aftermath of the FriendFinder Network breach, which left 400 million user accounts exposed.

• Sponsored News

  • It’s Time to Modernize Your SOC

    Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More

  • 6 Factors to Consider in Building Resilience Now

    Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More

  • Why Zero Trust, Why Now

    Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More

  • 5 Best Practices To Secure Remote Workers

    Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More

  View All Sponsored News
• November 14, 2016 14 Nov'16

  BlackNurse hits big routers with low-volume denial-of-service attack

  Researchers claim 'BlackNurse,' a low-volume ICMP denial-of-service attack, can allow a laptop to bring down routers and firewalls with as little as 4 Mbps of malicious packets.

• November 11, 2016 11 Nov'16

  Postelection Russian hacker cyberattacks evade malware detection

  A rash of spear-phishing attacks by Russian hacker groups were seen following the presidential election this week, but antivirus and malware detection has been failing enterprises.

• November 11, 2016 11 Nov'16

  Pawn Storm APT ramps up attacks after Google's zero-day disclosure

  Roundup: Russia-based APT group Pawn Storm expands spear-phishing attacks after Google's disclosure of a Windows zero-day. Plus, OpenSSL updates, IoT security and more.

• November 11, 2016 11 Nov'16

  Adobe data breach settlement pays $1 million to 15 states

  Adobe agreed to pay several states a total of $1 million and agreed to new compliance measures as part of a settlement over the company's 2013 data breach.

• November 11, 2016 11 Nov'16

  Yahoo breach investigation adds more questions than answers

  An SEC filing updated what was learned in the investigation into the Yahoo breach in late 2014, but the language in the filing has created more confusion about the incident.

• November 09, 2016 09 Nov'16

  Google releases supplemental Android patch for Dirty COW

  Google released an Android patch for the Dirty COW vulnerability, but the fix won't be part of a mandatory security update until December.

• November 08, 2016 08 Nov'16

  Microsoft kills Windows zero-day flaw in November 2016 Patch Tuesday

  The November 2016 Patch Tuesday includes a patch for a Windows zero-day reportedly being exploited by Russian hackers, as well as bulletins experts think may be underrated by Microsoft.

• November 08, 2016 08 Nov'16

  Poor OAuth implementation leaves millions at risk of stolen data

  Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.

• November 04, 2016 04 Nov'16

  Dark web markets get warning shots from global law enforcement

  Law enforcement agencies around the world arrested and questioned users of dark web markets allegedly connected to the sale of illegal goods.

• November 04, 2016 04 Nov'16

  Mirai botnet attacks Liberia as new and improved IoT malware looms

  Roundup: Mirai botnet attacks take down Liberia internet, as a new IoT botnet adapts old malware. Plus, the latest on Dirty COW and the WoSign certificate authority controversy.

• November 03, 2016 03 Nov'16

  Experts question Microsoft's Windows zero-day response

  A Windows zero-day disclosed by Google caught Microsoft between patch cycles, and experts questioned whether Microsoft downplayed the severity of the vulnerability.

• November 02, 2016 02 Nov'16

  Microsoft claims Windows zero-day exploited by Russian state actors

  Google disclosed an unpatched Windows zero-day vulnerability, which Microsoft claims is actively being exploited by a Russian APT group connected to the DNC hack.

• November 01, 2016 01 Nov'16

  Nematode worm could dismantle Mirai IoT botnet

  A new nematode worm proof of concept could help the internet avoid the next massive Mirai IoT botnet DDoS attack, but experts are unsure of the legality of the option.

• October 31, 2016 31 Oct'16

  Mandatory certificate transparency for Chrome trust starts Oct 2017

  Certificate transparency compliance will be mandatory for publicly trusted website certificates in order to be considered secure by Google's Chrome browser.

• October 31, 2016 31 Oct'16

  The Shadow Brokers dumps list of NSA-targeted servers

  In its latest data dump, The Shadow Brokers dropped a list of Equation Group-targeted servers across the globe that may have been used to stage NSA exploits and hacking tools.

• October 28, 2016 28 Oct'16

  Mozilla drops WoSign as trusted certificate authority, adopts TLS 1.3

  Mozilla boots WoSign as a trusted certificate authority for backdating SHA-1 certs and other controversial behavior, and it prepares to add default support for TLS 1.3 in 2017.

• October 28, 2016 28 Oct'16

  FCC passes new ISP privacy rules to protect customers

  The FCC passed new ISP privacy rules that increase transparency from broadband providers and mandate that customers must opt in before ISPs can use or share sensitive user data.

• October 28, 2016 28 Oct'16

  Details emerging on Dyn DNS DDoS attack, Mirai IoT botnet

  As more details emerge on last week's massive Dyn DNS DDoS, new analysis indicated as few as 100,000 Mirai IoT botnet nodes were enlisted in the incident and reported attack rates up to 1.2 Tbps.

• October 28, 2016 28 Oct'16

  Windows atom tables vulnerable to code-injection attack

  A new attack, called AtomBombing, allows malicious code injection into atom tables by a threat actor. And while all versions of Windows are vulnerable to attack, no patch will fix the flaw.

• October 28, 2016 28 Oct'16

  Risk & Repeat: DNS DDoS attacks raise concerns over IoT devices

  In this Risk & Repeat podcast, SearchSecurity editors discuss the DDoS DNS attacks on Dyn and what they mean for DNS providers, IoT device manufacturers and enterprises.

• October 27, 2016 27 Oct'16

  XNU kernel vulnerability patched for iOS and macOS

  An XNU kernel vulnerability in iOS and macOS was patched after being reported by Google's Project Zero. And hackers at Pwn2Own 2016 cracked the Nexus 6P and iPhone 6s.

• October 27, 2016 27 Oct'16

  Adobe Flash patch for Flash zero-day exploit on Windows

  Surprise! It's time, again, for another critical Adobe Flash patch to fix a remote code execution vulnerability reported by the Google Threat Analysis Group.

• October 26, 2016 26 Oct'16

  Android malware delivery is harder than you might think

  Headlines about Android malware often gloss over just how difficult the process is for a user to install a malicious app on a device. Let's talk about that.

• October 26, 2016 26 Oct'16

  Clapper, Flashpoint: Dyn DNS DDoS attacker likely not a state actor

  As the dust settles around the Dyn DNS DDoS attack, the perpetrator is most likely not a state actor, according to the director of national intelligence and Flashpoint.

• October 26, 2016 26 Oct'16

  FBI queried on use of vulnerabilities equities process in Playpen case

  A U.S. district judge grants the defendants in a child porn case the right to know whether the FBI used the vulnerabilities equities process before the hack of the Playpen Tor hidden service site.

• October 25, 2016 25 Oct'16

  Drammer proves Rowhammer can be used to root Android

  Researchers devised a way to exploit the Rowhammer hardware vulnerability on Android devices and gain root access by using an app with no special permissions.

• October 24, 2016 24 Oct'16

  Questions still loom after Dyn DNS DDoS disrupts internet access

  Users and companies suffer after Dyn DNS DDoS attacks disrupt access to top sites; links to the Mirai botnet raise more questions, as Dyn mops up.

• October 21, 2016 21 Oct'16

  Dirty COW Linux vulnerability has existed for nine years

  A Linux vulnerability called Dirty COW has existed in the Linux kernel for nine years and allowed attackers to gain root access to virtually all Linux systems.

• October 21, 2016 21 Oct'16

  Malicious links led to Clinton campaign and Colin Powell hacks

  Malicious links from the DNC hacker group were responsible for account takeovers and leaked emails from the Clinton campaign chairman and Colin Powell.

• October 21, 2016 21 Oct'16

  Dyn hit by massive DNS DDoS, Eastern U.S. bears brunt of attacks

  At least two DNS DDoS attacks on Dyn are disrupting access to many popular websites, users and companies on the Eastern U.S. are impacted.

• October 21, 2016 21 Oct'16

  Mozilla set to dump SHA-1 certificates by early 2017

  Roundup: Firefox browser will reject SHA-1 certificates as soon as Mozilla announces further details relating to the deprecation of the outdated algorithm; plus, Oracle patches and more.

• October 21, 2016 21 Oct'16

  EU-U.S. Privacy Shield certification process picks up steam, slowly

  After a slow start, some U.S. companies are starting to address the questions and challenges of EU-U.S. Privacy Shield certification. But most haven't started the process.

• October 19, 2016 19 Oct'16

  Intel chip flaw allows attackers to bypass ASLR protection

  Researchers devised an exploit of an Intel chip flaw that allows an adversary to bypass ASLR protection and potentially boost the effectiveness of an attack on any platform.

• October 19, 2016 19 Oct'16

  IBM yanks POC code in coordinated vulnerability disclosure

  IBM asks, and researcher pulls proof of concept code from a coordinated vulnerability disclosure, internet explodes.

• October 18, 2016 18 Oct'16

  Secret Service cybersecurity audit shows 'unacceptable' flaws

  A cybersecurity audit of the U.S. Secret Service found 'unacceptable vulnerabilities' that leave the possibility of insider-threat activity and privacy violations.

• October 17, 2016 17 Oct'16

  The Shadow Brokers cancel the auction of NSA cyberweapons

  The first auction of NSA cyberweapons didn't generate much money for the Shadow Brokers, so the group is changing tactics with a direct sale of the files.

• October 14, 2016 14 Oct'16

  Certificate revocation list error strands sites signed by GlobalSign

  Attempting to tidy its root certificates, a mis-issued GlobalSign certificate revocation list left website owners scrambling to address cert errors, restore safe browsing icons.

• October 14, 2016 14 Oct'16

  Pork Explosion opens Android backdoor, roasts branded vulnerabilities

  The Pork Explosion flaw in the app bootloader provided by Foxconn creates an Android backdoor which could give an attacker dangerous levels of access.

• October 14, 2016 14 Oct'16

  Odinaff banking Trojan linked to Carbanak group, attacks SWIFT

  The Odinaff banking Trojan has been found targeting the SWIFT messaging system at financial institutions around the world and may have links to the infamous Carbanak group.

• October 14, 2016 14 Oct'16

  Adobe patches 83 vulnerabilities in latest crop of fixes

  News roundup: As Adobe patches 83 vulnerabilities in Flash Player, Acrobat and Reader, the good news is none have been exploited in the wild -- yet. Plus, IoT threats and more.

• October 13, 2016 13 Oct'16

  Hackers leverage 12-year-old OpenSSH vulnerability for IoT attack

  Akamai researchers discovered how unknown threat actors are using an SSH flaw to secretly gain control of IoT devices and turn them into proxies for malicious traffic.

• October 13, 2016 13 Oct'16

  Researchers demonstrate undetectable encryption backdoor in crypto keys

  Academic researchers show how to place undetectable encryption backdoors in cryptographic keys and passively decrypt data, which could undermine confidence in certain algorithms.

• October 12, 2016 12 Oct'16

  Lack of awareness may hamper GDPR compliance, Dell reports

  With EU's new privacy regulation set to take effect in May 2018, GDPR compliance may be hampered by lack of planning and awareness, Dell research finds.

• October 12, 2016 12 Oct'16

  White House considers proportional response to Russian hackers

  U.S. intelligence agencies officially attributed potential election-tampering activity to government-led Russian hackers, and the White House said it is considering a proportional response.

• October 11, 2016 11 Oct'16

  October 2016 Patch Tuesday fixes five zero-day flaws in monthly rollup

  Microsoft's October 2016 Patch Tuesday changes the structure of the release to the monthly rollup and starts out by taking on five zero-day flaws.

• October 07, 2016 07 Oct'16

  Expired domains present an opportunity for malicious activity

  Security researchers said expired domains and abandoned SDKs could present a way to hide malicious activity targeting vulnerable mobile devices.

• October 07, 2016 07 Oct'16

  October's Android Security Bulletin patches 78 vulnerabilities

  Google patches 78 vulnerabilities, including half a dozen critical flaws -- but none exploited in the wild -- in two patch levels in October's Android Security Bulletin.

• October 06, 2016 06 Oct'16

  Patent race picks up speed in the cloud access security broker market

  SkyHigh Networks was awarded another patent for its CASB platform. The newest patent is for technology for managing encrypted enterprise data used in cloud applications and services.

• October 06, 2016 06 Oct'16

  Yahoo implicated in secret surveillance program, but questions remain

  A report claims Yahoo built custom software under order of the U.S. government to perform secret surveillance on all incoming emails, though questions about the program remain.

• October 04, 2016 04 Oct'16

  DNS monitoring can help deanonymize Tor users

  Researchers found a way to use DNS monitoring to deanonymize Tor users by enhancing the effectiveness of fingerprinting attacks.

• October 04, 2016 04 Oct'16

  Cisco Talos finds severe JPEG 2000 flaw for remote code execution

  Cisco Talos discovered a severe flaw in the JPEG 2000 image file-format parser -- which is often used in PDF documents -- that could allow remote code execution on affected systems.

• October 04, 2016 04 Oct'16

  Release of Mirai IoT botnet malware highlights bad password security

  Mirai, the IoT botnet malware code used in the massive DDoS attack on Brian Krebs' website, has been released to the public and highlights a problem of using default passwords.

• October 03, 2016 03 Oct'16

  Will Apple become a HIPAA covered entity or business associate?

  Whether Apple is a HIPAA covered entity was called into question when it advertised for a health regulations lawyer. Expert Mike Chapple discusses Apple's relationship with HIPAA.

• September 30, 2016 30 Sep'16

  Patched OpenSSL vulnerability creates new critical flaw; patched again

  The cure for a low-severity OpenSSL vulnerability proves worse than the disease, as it opened a new, critical flaw, forcing the OpenSSL Project to rush out a new set of patches.

• September 30, 2016 30 Sep'16

  James Plouffe talks 'Mr. Robot' hacks and the show's technical accuracy

  In part two of his interview with SearchSecurity, MobileIron's James Plouffe talks about his role as a technical consultant on 'Mr. Robot' and how the show achieves its authenticity.

• September 30, 2016 30 Sep'16

  FBI confirms more state voter databases targeted by attackers

  The FBI confirmed many state voter databases have been scanned or attacked by malicious actors, and it urged states to ensure security is in place and ready.

• September 29, 2016 29 Sep'16

  Mozilla to drop WoSign as a trusted certificate authority

  Citing a long list of transgressions, Mozilla prepares to sanction Chinese certificate authority WoSign by removing it from its list of trusted certificate issuers.

• September 29, 2016 29 Sep'16

  Yahoo breach calls into question detection and remediation practices

  The Yahoo breach was the largest in history and the fallout is widespread, including a lawsuit, possible SEC investigation and questions about Yahoo's breach detection and response.

• September 29, 2016 29 Sep'16

  MobileIron: Enterprises aren't focusing enough on mobile threats

  A new report from MobileIron shows enterprises aren't taking mobile threats seriously enough. MobileIron's James Plouffe explains what that is and what's to be done about it.

• September 28, 2016 28 Sep'16

  SWIFT security controls to be mandatory by 2018

  New SWIFT security policy will mandate baseline controls for banking partners, but experts are unsure how effectively the changes can be enforced.

• September 28, 2016 28 Sep'16

  ICANN grinds forward on crucial DNS root zone signing key update

  Domain name system watchdog ICANN has begun the process of updating the DNS root zone signing key to strengthen DNSSEC protection against man-in-the-middle attacks.

• September 26, 2016 26 Sep'16

  Latest iOS 10 release includes password-verification flaw

  A Russian cyberforensics firm discovered a password-verification flaw in iOS 10 that leaves local backups exposed, allowing hackers to obtain passwords and other valuable data.

• September 26, 2016 26 Sep'16

  Powerful DDoS attacks leveraging IoT devices hit several companies

  A series of potent, record-setting DDoS attacks hit several targets last week and apparently used IoT malware to infect and leverage a large number of internet connect devices.

• September 23, 2016 23 Sep'16

  Yahoo breach leaves 500 million accounts compromised

  Yahoo confirmed it was the victim of one of the largest breaches in history two years ago, when information on at least 500 million user accounts was stolen.

• September 23, 2016 23 Sep'16

  FBI ransomware alert: Don't pay; report, defend against attacks

  A new FBI ransomware alert urges victims to report incidents to federal law enforcement, gives defense tips and urges victims to avoid paying a ransom, if possible.

• September 21, 2016 21 Sep'16

  Symantec patches two more flaws after Google Project Zero discoveries

  Symantec patched another set of serious file parsing flaws in its antivirus products, which were discovered by Google Project Zero researcher Tavis Ormandy.

• September 21, 2016 21 Sep'16

  Risk & Repeat: OPM breach report sheds light on infosec failings

  In this Risk & Repeat podcast, SearchSecurity editors discuss the recent OPM breach report from Congress and what it means for the state of federal government cybersecurity.

• September 21, 2016 21 Sep'16

  Anomaly detection in new SWIFT antifraud reports may fall short

  The SWIFT messaging system aims to improve the security of supported banks with new antifraud reports, but experts are unsure how useful the anomaly detection will be.

• September 20, 2016 20 Sep'16

  Shadow Brokers' Cisco vulnerability exploited in the wild

  Cisco warns that an as-yet unpatched vulnerability derived from Shadow Brokers' BENIGNCERTAIN hacking tool is being exploited in the wild.

• September 20, 2016 20 Sep'16

  NAND-mirroring iPhone hack would have made the FBI's job much easier

  A researcher has demonstrated a NAND-mirroring iPhone hack that could have helped the FBI crack the San Bernardino iPhone 5c at a far lower cost.

• September 16, 2016 16 Sep'16

  Most popular exploit kits target Flash, Java and IE

  Exploit kits make the job of an attacker much easier but can be defended against easily by understanding the vulnerabilities and software they most often target.

• September 16, 2016 16 Sep'16

  Google Project Zero Prize competition set to tighten Android security

  Google Project Zero Prize hacking competition is set to improve Android security by rewarding remote code execution exploits with prizes up to $200,000.

• September 15, 2016 15 Sep'16

  MySQL vulnerability disclosed, status of patches uncertain

  Oracle's lack of response to security researchers raises more questions after a zero-day MySQL vulnerability was reported, though patches may have already been released.

• September 15, 2016 15 Sep'16

  Law enforcement hacking declared search under Fourth Amendment

  A new ruling in a Texas court declared law enforcement hacking to be search in the definition of the Fourth Amendment, but experts say further clarification is needed.

• September 14, 2016 14 Sep'16

  Monthly Windows rollup: Simplification or loss of patching control?

  Microsoft's Patch Tuesday will change drastically in October, and experts disagree whether the new monthly Windows rollup will make patching simpler or more of a hassle.

• September 13, 2016 13 Sep'16

  September 2016 Patch Tuesday: Browser security takes center stage

  Microsoft's September 2016 Patch Tuesday is what many would consider a standard bulletin release with a major focus on fixes related to web browser security.

• September 13, 2016 13 Sep'16

  Burr-Feinstein bill still looks to force companies to break encryption

  Revisions to the Burr-Feinstein Compliance with Court Orders Act are allegedly circulating, but there are questions about how close the bill is to being resurrected.

• September 09, 2016 09 Sep'16

  RSA: No major changes expected following Dell-EMC merger

  Following the Dell-EMC merger, RSA executives expect no significant changes to the business -- although, there will be some product overlap to deal with.

• September 09, 2016 09 Sep'16

  Google to tweak Chrome browser security in 2017, flag HTTP as insecure

  Google's campaign to encrypt the web continues, as Chrome browser security will flag any sites using HTTP for passwords or payment info as insecure, starting in 2017.

• September 09, 2016 09 Sep'16

  OPM breach report blames leadership inaction for data loss

  A House committee investigation into the OPM breach said leadership failed to implement the recommended security improvements that could have prevented the attack and data loss.

• September 08, 2016 08 Sep'16

  Intel Security sale finalized, McAfee brand resurrected

  After completion of the Intel Security sale to private equity firm TPG, the new jointly-held cybersecurity company will resurrect the McAfee brand and net $3.1 billion for Intel.

• September 07, 2016 07 Sep'16

  Experts split on whether we're in a cyber arms race or open conflict

  While President Obama said we can still defuse a potential cyber arms race, some experts believe we are already in such competition or already past it and in open conflict.

• September 06, 2016 06 Sep'16

  President Obama urges focus on non-state actors, not cyber arms race

  President Obama said he wants to avoid a cyber-Cold War and urged nations to focus more on the dangers of non-state actors and less on a potential cyber arms race.

• September 02, 2016 02 Sep'16

  The original hacker, Guccifer, sentenced to 52 months in prison

  Romanian hacker Guccifer, made famous for exposing the misuse of Hillary Clinton's personal email servers, was sentenced to 52 months in prison for unrelated crimes.

• September 02, 2016 02 Sep'16

  Apple patches Pegasus spyware bugs in OS X, Safari

  Apple patched spyware bugs in OS X and Safari that enabled the 'lawful intercept' Pegasus cyberweapon exploit against iOS because the desktop and mobile OSes shared vulnerable code.

• September 01, 2016 01 Sep'16

  FBI wants 'adult' conversation about 'going dark' encryption debate

  FBI Director James Comey wants to have an 'adult' conversation on the encryption debate, but many think that means ignoring experts and embracing the 'going dark' argument.

• August 31, 2016 31 Aug'16

  Windows 10 Anniversary update adds headaches for antivirus vendors

  The antivirus industry has been under fire lately, and Microsoft's Windows 10 Anniversary update has added new troubles for antivirus software vendors.

• August 31, 2016 31 Aug'16

  SWIFT discloses new attacks and bank thefts in private letter

  SWIFT told clients there have been more attacks on its bank messaging system and some have resulted in bank thefts, but no solutions to security are available.

• August 30, 2016 30 Aug'16

  Voter data breach leads to questions of tampering and state security

  Election registration databases in two states were attacked and the resulting voter data breach has led to questions of possible election tampering and inadequate state security.

• August 29, 2016 29 Aug'16

  Pegasus iOS exploit uses three zero days to attack high-value targets

  A new remote iOS exploit called Pegasus leverages three zero days in what appear to be state-sponsored targeted attack campaigns against political dissidents.

• August 26, 2016 26 Aug'16

  Ransomware decryption tool from Intel and Kaspersky quenches Wildfire

  Intel and Kaspersky cooperate with authorities to snuff out Wildfire with a ransomware decryption tool and end the threat from a $79,000 per month campaign with over 5,000 victims.

• August 25, 2016 25 Aug'16

  NSA's SNMP exploit cyberweapon affects all Cisco ASA software

  Researchers easily modified the NSA's EXTRABACON SNMP exploit to target newer versions of Cisco ASA software, but Cisco has patches rolling out.

• August 25, 2016 25 Aug'16

  Questions swirl around Shadow Brokers' cyberweapons dump

  More unanswered questions remain about the Shadow Brokers' release of NSA/Equation Group cyberweapons cache, as vendors move to mitigate and researchers search for vulnerabilities.

• August 23, 2016 23 Aug'16

  Hospital cybersecurity failing to encrypt transmitted health records

  New research found a number of troubling issues with hospital cybersecurity, including transmitting unencrypted health records and failing to deploy cybersecurity measures.

• August 23, 2016 23 Aug'16

  Leaked Cisco security vulnerability found in NSA exploit stockpile

  A Cisco security vulnerability affecting routers was found in the Shadow Brokers cyberweapon dump, and it may have been used by the NSA for years to decrypt VPN traffic.