News
News
- April 16, 2020
16 Apr'20
Hackers embrace cryptocurrency laundering to evade the law
Cybercriminals are turning to cryptocurrency laundering methods to hide illicit proceeds as law enforcement agencies find success in tracing bitcoin transactions.
- April 15, 2020
15 Apr'20
Malware found on 45 percent of home office networks
New research by BitSight compared malware infections on home office networks versus corporate networks, and the results were unsettling for remote enterprise users.
- April 14, 2020
14 Apr'20
Russian threat group suspected of hacking SFO
San Francisco International Airport disclosed a data breach affected employees and third-party contractors, and ESET researchers said a Russian APT was likely behind the attack.
-
- April 09, 2020
09 Apr'20
APTs infiltrated Linux servers undetected for nearly 10 years
New BlackBerry research shows how five APT groups operating on behalf of the Chinese government infiltrated enterprise Linux environments undetected for nearly a decade.
- April 09, 2020
09 Apr'20
Risk & Repeat: Are Zoom security fears overblown?
This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction.
-
Sponsored News
-
It’s Time to Modernize Your SOC
Sponsored by Microsoft - With the shift to remote work caused by COVID-19, Security Operations Centers (SOCs) are under more pressure than ever, particularly with many SOC workers also working from home. Today’s reality is that SOCs have to embrace a new way of working in order to keep their analysts and admins effective and to ensure that morale doesn’t collapse under the weight of too much work and pressure. See More
-
6 Factors to Consider in Building Resilience Now
Sponsored by Microsoft - COVID-19 has been, and continues to be, a stark reminder of the importance of business resilience. Organizations of all types and sizes have had to adjust to rapidly changing and unpredictable circumstances: A shift to remote work, supply chain disruptions, new digitally driven business models and an environment where uncertainty is the rule, not the exception. See More
-
Why Zero Trust, Why Now
Sponsored by Microsoft - The concept of a Zero Trust cybersecurity architecture has been around for more than a decade, but adoption didn’t really begin to take hold until the past couple of years. As with many technology innovations, it hasn’t always been clear just what Zero Trust is all about and, more important, how to implement it easily and cost effectively. See More
-
5 Best Practices To Secure Remote Workers
Sponsored by Microsoft - The impact of COVID-19 has changed the dynamics and landscape of remote work for at least the foreseeable future and, probably, forever. All of a sudden, organizations across all industries had to scale remote workers at unprecedented intensity and speed. See More
-
- April 08, 2020
08 Apr'20
Researchers beat fingerprint authentication with 3D printing scheme
New research by Cisco Talos shows popular fingerprint scanning technology can be defeated by lifting actual fingerprints and reproducing them through 3D printers.
- April 06, 2020
06 Apr'20
Zoom takes new security measures to counter 'Zoombombing'
Zoom has implemented two key security and privacy measures in order to counter 'Zoombombing.' One enables passwords in meetings by default, while the second creates waiting rooms.
- April 02, 2020
02 Apr'20
Risk & Repeat: Zoom security comes under fire
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices.
- April 02, 2020
02 Apr'20
Zoom zero-day vulnerabilities patched a day after disclosure
An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly.
- April 02, 2020
02 Apr'20
Beazley: Ransomware attacks on clients 'skyrocketed' in 2019
The 2020 Beazley Breach Briefing reported a 131% increase in reported attacks against clients last year, and the insurance giant isn't expecting the trend to slow down.
-
- April 01, 2020
01 Apr'20
Voatz disputes claims it was 'kicked off' HackerOne
HackerOne has cut ties with Voatz, but the mobile voting vendor disputed reports that it was kicked off the bug bounty platform following controversy with security researchers.
- March 31, 2020
31 Mar'20
FTC calls out VoIP providers over coronavirus robocalls
The U.S. Federal Trade Commission warned nine voice over IP companies that 'assisting and facilitating' illegal robocalls related to COVID-19 is against the law.
- March 30, 2020
30 Mar'20
Coronavirus phishing lures continue to dominate threat landscape
Overall cybercrime activity isn't necessarily going up amid COVID-19, experts say. However, coronavirus-themed emails are becoming the dominant form of phishing attacks.
- March 27, 2020
27 Mar'20
Cyberinsurance carrier Chubb investigating possible data breach
Insurance giant Chubb confirmed it is investigating an incident that may involve the Maze ransomware group, which claims to have stolen sensitive data from the company.
- March 27, 2020
27 Mar'20
Risk & Repeat: COVID-19 boosting social engineering attacks
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic.
- March 25, 2020
25 Mar'20
China's APT41 attacks Citrix ADC flaws in cyberespionage campaign
A dual cyberespionage and cybercrime group known as APT41 exploited vulnerabilities in Citrix NetScaler/ADC and other products in an extensive, global threat campaign.
- March 24, 2020
24 Mar'20
Canon breach exposes General Electric employee data
Canon Business Process Services was breached last month, according to an announcement by General Electric, which used Canon for employee document processing.
- March 24, 2020
24 Mar'20
Cisco security GM discusses plan for infosec domination
At RSA Conference 2020, Gee Rittenhouse, senior vice president and general manager of Cisco's security group, talks about the company's strategy to reshape the infosec industry.
- March 24, 2020
24 Mar'20
RSA Conference 2020 guide: Highlighting security's human element
What's happening at the 2020 RSA Conference? Our team keeps you up to date with pre-conference coverage and breaking news from the infosec world's biggest event.
- March 20, 2020
20 Mar'20
Emsisoft, Coveware offer free ransomware services to hospitals
As they grapple with the COVID-19 pandemic, healthcare providers will have free access to a range of ransomware-related services from security vendors Emsisoft and Coveware.
- March 19, 2020
19 Mar'20
Deepfakes: Security experts undecided on the threat level
Deepfakes may seem like a scary new threat in today's world, but should the world be worried? SearchSecurity asked numerous experts to weigh in at RSA Conference 2020.
- March 19, 2020
19 Mar'20
Maze ransomware gang pledges to stop attacking hospitals
The infamous Maze gang announced it has stopped ransomware attacks on healthcare and medical facilities because of the seriousness of the coronavirus pandemic.
- March 19, 2020
19 Mar'20
Risk & Repeat: Coronavirus-themed threats on the rise
This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic.
- March 17, 2020
17 Mar'20
Ransomware attacks poised to disrupt coronavirus response efforts
Experts fear that coronavirus-themed threats will escalate to ransomware attacks, and such attacks will disrupt response efforts at hospitals and city, state and local governments.
- March 13, 2020
13 Mar'20
Ransomware attack hits Champaign-Urbana Public Health District
A ransomware attack shut down Champaign-Urbana's public health website, hindering the city's ability to provide information and updates on the Coronavirus pandemic.
- March 11, 2020
11 Mar'20
Microsoft discloses wormable SMBv3 flaw without a patch
Microsoft disclosed a new remote code execution vulnerability associated with the Microsoft Server Message Block 3.1.1 (SMBv3) protocol, but there's currently no patch available.
- March 11, 2020
11 Mar'20
Microsoft leads takedown of Necurs botnet
Microsoft, BitSight and other partners used legal and technical steps to take control of one of largest botnets in the world that infected more than 9 million systems.
- March 09, 2020
09 Mar'20
What's the biggest cybersecurity threat in 2020? Experts weigh in
At RSA Conference 2020, SearchSecurity asked several experts what they considered to be the biggest cybersecurity threat this year. Here's what they said.
- March 09, 2020
09 Mar'20
Researchers develop new side channel attacks on AMD chips
Security researchers behind the Meltdown and Spectre flaws discovered new side channel attacks on AMD processors, but the chipmaker has opted not to patch them.
- March 06, 2020
06 Mar'20
Intel CSME flaw deemed 'unfixable' by Positive Technologies
Positive Technologies researchers discovered a previously disclosed vulnerability in the Intel Converged Security and Management Engine is worse than originally reported.
- March 06, 2020
06 Mar'20
Risk & Repeat: Recapping RSA Conference 2020
This Risk & Repeat podcast looks back at RSA Conference and discusses some of the highlights from the show, from ransomware trends to nation-state hacking discussions.
- March 05, 2020
05 Mar'20
Amid expansion, BlackBerry security faces branding dilemma
BlackBerry continues its push into security by addressing a number of endpoint devices. But analysts discuss whether the former mobile device maker has a perception problem.
- March 05, 2020
05 Mar'20
Risky ransomware payments on the rise, attacks increasing
Making payments to threat actors to retrieve data was once viewed in black-and-white terms. But RSA Conference attendees say attitudes about paying up have changed drastically.
- March 05, 2020
05 Mar'20
With BEC/EAC threats rising, Proofpoint offers a new approach
Business email compromise and email account compromise attacks are increasing and evolving. To keep up with threat actors, Proofpoint says a new approach is required.
- March 04, 2020
04 Mar'20
Should ransomware payments be insurable? Experts weigh in
Ransomware payments are insurable, but should they be? Several experts weighed in on the question, and the effect of cyberinsurance, during RSA Conference 2020.
- February 28, 2020
28 Feb'20
RSA Conference panel tackles Huawei security risks
Four panelists discussed the ban on the world's largest telecommunications equipment manufacturer in relation to to supply chain risk.
- February 28, 2020
28 Feb'20
Thoma Bravo's Sophos acquisition near completion
SearchSecurity has learned completion of the Sophos acquisition is imminent, though the endpoint security vendor says the deal has not officially closed.
- February 27, 2020
27 Feb'20
CrowdStrike founder: China hacking indictments are working
During his RSA Conference keynote, CrowdStrike co-founder Dmitri Alperovitch explains why the U.S. Department of Justice's indictments against Chinese hackers has been effective.
- February 26, 2020
26 Feb'20
Target embraces cyber war gaming to improve incident response
At an RSA Conference 2020 panel, Target explained how the company is using war gaming to simulate real attacks and data breaches in order to hone its incident response plan.
- February 25, 2020
25 Feb'20
Securiti.ai wins RSA Innovation Sandbox Contest
Securiti.ai, which offers an AI-powered 'PrivacyOps' platform, took home the title of 'Most Innovative Startup' at RSA Conference's Innovation Sandbox Contest.
- February 25, 2020
25 Feb'20
RSA Security president: We're excited about sale to STG
In his RSA Conference keynote, Rohit Ghai didn't say much about his company's sale to a private equity firm, instead urging attendees to focus on the 'human element' of security.
- February 25, 2020
25 Feb'20
Colorado CISO details SamSam ransomware attack, recovery
At RSA Conference, Colorado CISO Deborah Blyth gave an inside look at the state's response and recovery effort following a devastating SamSam ransomware infection in 2018.
- February 25, 2020
25 Feb'20
FBI: $144 million in ransomware payments made over 6 years
In an RSA Conference 2020 session, FBI agent Joel DeCapua revealed how much money has been paid in ransoms, what the most pervasive ransomware variants are and more.
- February 24, 2020
24 Feb'20
Risk & Repeat: Breaking down RSA Security's sale
This Risk & Repeat podcast discusses Dell's recent sale of RSA for $2.075 billion, plus insights from experts on where venture capital firms are investing this year.
- February 24, 2020
24 Feb'20
Cisco launches SecureX platform for integrated security
At RSA Conference 2020, Cisco unveiled SecureX, which integrates the vendor's security portfolio into a single platform with enhanced visibility and automation.
- February 20, 2020
20 Feb'20
Voatz, MIT researchers spar over blockchain e-voting app
MIT researchers contested claims that Voatz's voting app used blockchain technology to provide secure voting. Voatz responded, but questions about the company's technology remain.
- February 20, 2020
20 Feb'20
AT&T bows out of RSA Conference 2020
AT&T announced it's skipping RSA Conference 2020 due to coronavirus concerns, bringing the total number of exhibitors that have dropped out of this year's conference to 13.
- February 19, 2020
19 Feb'20
Why ransomware attacks on municipalities spiked in 2019
Ransomware spread to a number of city, state and local governments across the U.S. in 2019. Threat researchers weigh in on the increased attacks and what to expect in 2020.
- February 18, 2020
18 Feb'20
Dell sells RSA Security to private equity firm for $2 billion
With RSA Conference just around the corner, Dell announced it has agreed to sell RSA to private equity firm Symphony Technology Group for approximately $2 billion.
- February 18, 2020
18 Feb'20
Mapping cybersecurity investments ahead of RSA Conference 2020
SearchSecurity asked several experts to weigh in on cybersecurity investment trends ahead of RSA Conference 2020 next week. The results featured a wide range of opinions.
- February 17, 2020
17 Feb'20
Risk & Repeat: Mobile World Congress canceled, RSAC 2020 still on
This week's Risk & Repeat podcast discusses RSA Conference's decision to move ahead with the show after the cancellation of Mobile World Congress over coronavirus concerns.
- February 13, 2020
13 Feb'20
Voatz mobile voting app deemed insecure by MIT researchers
Security researchers at MIT claim a mobile e-voting app piloted in several state elections is insecure, but the vendor has aggressively pushed back on the findings.
- February 12, 2020
12 Feb'20
Data security, IAM led cybersecurity investments in 2019
Vendors specializing in data security, risk and compliance, and IAM raised the most funding in 2019, according to Momentum Cyber, a strategic advisor and investment bank for the cybersecurity industry.
- February 11, 2020
11 Feb'20
SCVX: Cybersecurity industry needs consolidation
SCVX's Mike Doniger and Hank Thomas discuss why they want to drive vendor consolidation in the cybersecurity industry and how they're planning to accomplish it.
- February 10, 2020
10 Feb'20
Chinese military personnel charged in Equifax breach
Four members of China's military have been charged for hacking Equifax following a 2017 breach that compromised nearly 150 million Americans' personal information.
- February 06, 2020
06 Feb'20
NSS Labs quietly acquired by private equity firm
Product testing company NSS Labs was acquired by private equity firm Consecutive, Inc., last October but neither company publicly announced the deal.
- February 06, 2020
06 Feb'20
Forescout acquired by private equity firm for $1.9 billion
Network security vendor Forescout Technologies was acquired for $1.9 billion by Advent International, a private equity firm looking to increase its cybersecurity investments.
- February 05, 2020
05 Feb'20
More McAfee leadership changes follow Chris Young's departure
More executives have departed McAfee in recent months amid the departure of former CEO Chris Young, who was replaced by former BMC Software head Peter Leav last month.
- February 05, 2020
05 Feb'20
Cisco Discovery Protocol flaws jeopardize 'tens of millions' of devices
Armis Security disclosed five vulnerabilities, dubbed 'CDPwn,' in Cisco's Discovery Protocol, which impact 'tens of millions' of Cisco devices such as routers and IP phones.
- February 05, 2020
05 Feb'20
Threat actors combining data exposure with ransomware attacks
New Cisco Talos research shows an increase in ransomware attacks that double the pressure on victims by threatening them with the exposure of their sensitive data.
- January 30, 2020
30 Jan'20
Payment cards from Wawa data breach found on dark web
Payment card information from customers of the convenience store chain Wawa has reportedly gone up for sale on the dark web, though questions about the breach remain.
- January 30, 2020
30 Jan'20
SCVX launches with $230M IPO, eyes cybersecurity acquisition
SCVX, a special purpose acquisition company (SPAC), raised $230 million this week in its initial public offering and will look to acquire a major cybersecurity vendor.
- January 28, 2020
28 Jan'20
'CacheOut': Researchers unveil new attack on Intel chips
Researchers unveiled a new speculative execution attack that leaks data from most Intel microprocessors and gives attackers greater control over what data is leaked.
- January 28, 2020
28 Jan'20
3 Magecart suspects arrested in Interpol operation
Three alleged cybercriminals suspected of being associated with Magecart were arrested in Indonesia via an Interpol-assisted operation called Operation Night Fury.
- January 24, 2020
24 Jan'20
Citrix patches vulnerability as ransomware attacks emerge
Citrix rolls out more patches ahead of schedule for CVE-2019-19781, a directory traversal vulnerability that affects Citrix ADC, Gateway and SD-WAN WANOP products.
- January 23, 2020
23 Jan'20
AWS leak exposes passwords, private keys on GitHub
UpGuard discovered a public GitHub repository that contained sensitive AWS customer data, including passwords, authentication tokens and private encryption keys.
- January 22, 2020
22 Jan'20
Netgear under fire after TLS certificates found in firmware -- again
Security researchers revealed Netgear firmware exposed TLS certificate keys, but SearchSecurity discovered it wasn't the first time the issue had been reported to the vendor.
- January 21, 2020
21 Jan'20
2019 data breach disclosures: 10 more of the biggest
Here is a list of 10 of the largest data breaches (mostly) from the second half of 2019, including DoorDash, T-Mobile, Capital One and more.
- January 20, 2020
20 Jan'20
CyCognito turning tables by using botnets for good
In this Q&A with CyCognito CEO Rob Gurzeev, he discusses what led to his company, how attack simulations work and how he plans to spend the company's recent round of funding.
- January 17, 2020
17 Jan'20
McAfee CEO Chris Young steps down, Peter Leav to take over
Chris Young has stepped down as McAfee CEO, and Peter Leav is taking his place. Young led the company's spin-out from Intel in 2016 after joining the chip maker two years earlier.
- January 17, 2020
17 Jan'20
Unpatched Citrix vulnerability expands as mitigations fall short
Citrix discovered another product affected by last month's vulnerability, while security researchers found an attacker blocking exploits of the vulnerability.
- January 15, 2020
15 Jan'20
NSA reports flaw in Windows cryptography core
Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA.
- January 14, 2020
14 Jan'20
CrowdStrike: Intrusion self-detection, dwell time both increasing
The 2019 CrowdStrike Services Cyber Front Lines Report found that while the percentage of organizations that self-detected an intrusion is up, dwell time has gone up as well.
- January 14, 2020
14 Jan'20
Citrix patches for ADC and Gateway flaw to begin rolling out next week
Citrix announced security fixes on the way one month after disclosing a vulnerability in its ADC and Gateway appliances, which has already seen preliminary attacks in the wild.
- January 13, 2020
13 Jan'20
Signal Sciences: Enterprises still overlooking web app security
Signal Sciences co-founder and CEO Andrew Peterson explains why web application security often gets shortchanged and what his next-gen WAF company is doing to change that.
- January 10, 2020
10 Jan'20
Threat actors scanning for vulnerable Citrix ADC servers
Scans for vulnerable Citrix servers were discovered by security researchers following the disclosure of a remote code execution flaw in Citrix ADC and Gateway products.
- January 08, 2020
08 Jan'20
Experts weigh in on risk of Iranian cyberattacks against U.S.
Cybersecurity experts weigh in on the risks of potential nation-state cyberattacks from Iran following a DHS warning and heightened tensions between the country and the U.S.
- January 07, 2020
07 Jan'20
Broadcom sells Symantec Cyber Security Services to Accenture
Accenture agreed to acquire Symantec's Cyber Security Services business from Broadcom, less than six months after Broadcom acquired Symantec's enterprise business.
- January 07, 2020
07 Jan'20
Pulse Secure VPN vulnerability targeted with ransomware
Threat actors appear to be exploiting vulnerable Pulse Secure VPN servers to hit enterprises with ransomware attacks, even though a patch has been available since April 2019.
- January 06, 2020
06 Jan'20
5 cybersecurity vendors to watch in 2020
A number of cybersecurity startups earned tens of millions of dollars in venture capital investments last year. Here are five such vendors poised to emerge and grow in 2020.
- December 30, 2019
30 Dec'19
BigID: New privacy regulations have ended 'the data party'
New privacy laws are changing data management practices in the enterprise. BigID co-founder Nimrod Vax discusses the importance of being 'data native' in the era of the CCPA.
- December 26, 2019
26 Dec'19
Siemplify looks to streamline security operations for enterprises
Siemplify aims to become the security equivalent of Salesforce. Chief strategy officer Nimmy Reichenberg discusses the company's plans for 2020 and the obstacles it faces.
- December 20, 2019
20 Dec'19
F5 Networks to acquire Shape Security for $1 billion
F5 Networks is acquiring Shape Security for approximately $1 billion in a move to strengthen its presence in the application security and anti-fraud markets.
- December 19, 2019
19 Dec'19
Clumio eyes security, BaaS expansion with VC funding
Clumio CTO Chad Kinney and CSO Glenn Mulvaney discuss their company's roadmap and how Clumio addresses ransomware threats in a way that's different from other backup providers.
- December 19, 2019
19 Dec'19
Two attacks on Maze ransomware list confirmed
Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom.
- December 18, 2019
18 Dec'19
Cyberinsurance is on the rise -- and so is ransomware
A debate has erupted between the insurance industry and the infosec community over whether cyberinsurance payouts have led to the surge in ransomware attacks this year.
- December 17, 2019
17 Dec'19
Maze gang outs ransomware victims in shame campaign
The threat actors behind Maze ransomware started a campaign to pressure victims into paying ransom by publicly listing successful attacks and threatening to leak data.
- December 16, 2019
16 Dec'19
Latest city ransomware attack: New Orleans
The city of New Orleans declared a state of emergency as the government tries to get systems back online following a ransomware attack Friday morning.
- December 16, 2019
16 Dec'19
Siemens ICS flaws could allow remote exploits
Siemens recommends locking down industrial control systems as security researchers disclose 54 bugs, including remote exploit flaws, but only three patches are available.
- December 13, 2019
13 Dec'19
Google expands multiple Chrome password protection features
Chrome's updated, built-in protections are intended to help users protect their passwords and data against malware, data breaches and phishing sites, according to the company.
- December 13, 2019
13 Dec'19
RSA teams up with Yubico for passwordless authentication
RSA Security joined forces with Yubico to eliminate passwords within the enterprise. RSA's Jim Ducharme explains what it will take to the reach the 'last mile' of the pursuit.
- December 12, 2019
12 Dec'19
Pentagon CMMC program to vet contractor cybersecurity
The U.S. Department of Defense has developed a five-level certification framework designed to vet the cybersecurity posture of potential contractors in an effort to avoid future risks.
- December 10, 2019
10 Dec'19
City of Pensacola hit by ransomware attack
A cyberattack, later confirmed to be ransomware, hit the city of Pensacola, Florida on Saturday, and the city is currently in the process of responding.
- December 10, 2019
10 Dec'19
Ryuk ransomware change breaks decryption tool
The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, according to security researchers.
- December 05, 2019
05 Dec'19
DOJ takes action against Dridex malware group, Evil Corp
The U.S. Justice Department indicts two alleged members of the Russian threat group behind the Dridex banking Trojan, known as Evil Corp, and offers a $5 million bounty.
- December 05, 2019
05 Dec'19
Session cookie mishap exposed HackerOne private reports
A security researcher used a mishandled session cookie to access private HackerOne bug reports with an account takeover attack and earned a bug bounty for their efforts.
- December 04, 2019
04 Dec'19
NSS Labs drops antitrust suit against AMTSO, Symantec and ESET
NSS Labs dropped its antitrust suit against the Anti-Malware Testing Standards Organization, Symantec and ESET, ending a contentious legal battle in the endpoint security market.
- December 02, 2019
02 Dec'19
Exposed Firebase databases hidden by Google search
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet.
- November 25, 2019
25 Nov'19
Ransomware attacks shaking up threat landscape -- again
Threat actors have employed new techniques and built more sophisticated business models for their ransomware campaigns, which has had devastating consequences.
- November 22, 2019
22 Nov'19
Android Security Rewards program expands, adds $1.5M bounty
Google expanded its Android bug bounty program to include data exfiltration and lock screen bypass and raised its top prize for a full chain exploit of a Pixel device.