News
News
- December 05, 2019
05 Dec'19
Session cookie mishap exposed HackerOne private reports
A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack and earned a bug bounty for their efforts.
- December 04, 2019
04 Dec'19
NSS Labs drops antitrust suit against AMTSO, Symantec and ESET
NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a contentious legal battle in the endpoint security market.
- December 02, 2019
02 Dec'19
Exposed Firebase databases hidden by Google search
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet.
-
- November 25, 2019
25 Nov'19
Ransomware attacks shaking up threat landscape -- again
Threat actors have employed new techniques and built more sophisticated business models for their ransomware campaigns, which has had devastating consequences.
- November 22, 2019
22 Nov'19
Android Security Rewards program expands, adds $1.5M bounty
Google expanded its Android bug bounty program to include data exfiltration and lock screen bypass and raised its top prize for a full chain exploit of a Pixel device.
- November 21, 2019
21 Nov'19
IBM Cloud Pak for Security aims to unify hybrid environments
IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data.
- November 21, 2019
21 Nov'19
Ohio builds 'Cyber Reserve' to combat cyberattacks
Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks.
- November 19, 2019
19 Nov'19
Louisiana ransomware attack hits government systems
A ransomware attack on Louisiana government systems has been contained, according to Governor John Bel Edwards, and experts are praising the state's response.
- November 19, 2019
19 Nov'19
CrowdStrike: Incident response times still too long
A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident.
- November 15, 2019
15 Nov'19
Check Point: Qualcomm TrustZone flaws could be 'game over'
Researchers discovered vulnerabilities in Qualcomm TrustZone that Check Point says could lead to 'unprecedented access' because of the extremely sensitive data stored in mobile secure elements.
-
- November 14, 2019
14 Nov'19
InfoTrax settles FTC complaint, will implement infosec program
InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program.
- November 13, 2019
13 Nov'19
Microsoft to apply CCPA protections to all US customers
Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states.
- November 13, 2019
13 Nov'19
ZombieLoad v2 disclosed, affects newest Intel chips
Researchers disclosed another variant of the ZombieLoad side-channel attack that affects the newest Intel processors, and also discovered a flaw in the original ZombieLoad patch.
- November 12, 2019
12 Nov'19
How and why data breach lawsuits are settled
For all of the talk about data breach class action lawsuits, virtually none of them reach a courtroom. Here's why and how data breach lawsuits almost always end in settlements.
- November 12, 2019
12 Nov'19
Application Guard to block malicious attachments in Office 365
Microsoft is bringing the Application Guard security container to Office 365 ProPlus this year, which could limit the threat of malicious Office documents for subscribers.