New research by ESET provides insights into the activity of the Ke3chang advanced persistent threat (APT) group that is believed to be operating out of China. Since 2015, Ke3chang has been targeting diplomatic entities in various countries across the globe, with a particular focus on Europe and Latin America. Ke3chang

A recent report by California’s state auditor uncovered “high risk deficiencies” at 21 of 33 government entities that are not forced to follow security standards developed by the California Department of Technology. Certain entities had not implemented basic security measures including changing default passwords and patching vulnerable systems. The report

Security researchers with Skylight Cyber have found a surprisingly easy way to let malware bypass Cylance’s AI-based anti-malware solution. The research shows that while artificial intelligence holds great potential for cybersecurity, AI-driven security offerings can be far from bulletproof.  In order to deceive Cylance’s algorithm, all the researchers had to

Is FaceApp a privacy breach or a blah?  This story and more in the analysis by Mike Tanji in this week’s Cyber Threat Analysis Report.

A new Security.org report underscores how poor the password practices of many people still are. The survey found that the vast majority (72%) of users reuse passwords. On average, recycled passwords are used for 4 different accounts. Password recycling is a terrible practice because it puts users at risk of

Slack has reset the passwords of 1% of its user accounts because these may have been compromised in a 2015 security breach. The company stated that this incident involved a third party obtaining unauthorized access to a Slack database containing “user profile information including usernames and irreversibly encrypted, or ‘hashed,’

A database containing 11 GB worth of data on Bulgarian citizens that was recently leaked to local media outlets by an unidentified actor, is now available for download on hacking forums. The database allegedly contains only half of the information that was recently stolen from Bulgaria’s National Revenue Agency (NRA),

The government of Kazakhstan has advanced its surveillance efforts by beginning to intercept all HTTPS traffic within its borders by means of a special certificate that citizens must install on all their devices and browsers. The government has ordered local internet service providers (ISPs) to enforce the installation of the

Even though 7 in 10 software developers are expected to write secure code, they rarely receive instructions or assistance to help them avoid security flaws, a new GitLab survey shows. Moreover, 44% of developers indicated that security vulnerabilities are not addressed when their work is being evaluated. Meanwhile, more than

A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable