07 Oct 2019

DHS and FDA warn about much broader impact of Urgent/11 vulnerabilities

Urgent/11, a range of security vulnerabilities that were initially thought to impact only the VxWorks real-time operating system (RTOS), actually put many more systems at risk, the US Department of Homeland Security (DHS) and the US Food and Drug Administration (FDA) warned last week. Earlier this year, security researchers with

Read More
07 Oct 2019

Signal Rushes to Patch Serious Eavesdropping Vulnerability

A security flaw in the privacy-focused encrypted messaging service Signal could enable a threat actor to listen to the audio stream recorded by the Android device of another Signal user, without their knowledge. The vulnerability, tracked as CVE-2019-17191, closely resembles a FaceTime flaw that was discovered earlier this year. Attackers

Read More
07 Oct 2019

EA leaks personal details of 1,600 FIFA 20 Global series players

Last week, EA inadvertently leaked the personal data of about 1,600 FIFA 20 players. The leak occurred via an EA website where gamers could register for the FIFA 20 Global Series, an eSports tournament. The website asked users who were trying to to register for the tournament to verify their

Read More
04 Oct 2019

Google Android Alert: Millions Of Phones Are Vulnerable To Hack By Israeli Surveillance Dealers

Google is warning that hundreds of millions of Android devices are vulnerable to an attack developed by NSO Group, an Israeli spyware vendor. No patch has been released for the flaw, which affects many popular phones including the Google Pixel 2, Huawei P20, Xiaomi Redmi 5A, Xiaomi Redmi Note 5,

Read More
04 Oct 2019

Cyber-Spy Group Active Since 2013 Now Tied to Chinese State Actor

Researchers with Palo Alto Networks say that a hacking group dubbed “PKPLUG” was responsible for a number of previously unattributed cyber-espionage campaigns targeting people in various Asian countries. PKPLUG has been active since at least 2013 and has targeted individuals in Mongolia, Myanmar, Tibet, Vietnam, Indonesia and Taiwan as well as

Read More
04 Oct 2019

How to protect your organization against insider threats

Nearly half (49%) of business executives and 43% of IT decision makers have clicked on a potentially malicious link in an email before verifying that it was safe to do so, according to a new Code42 study[pdf] that highlights the insider threat to companies. In the past year and a

Read More
04 Oct 2019

Experts Slam US, Australia and UK’s Facebook Encryption Demands

The governments of the United States, the United Kingdom and Australia are urging Facebook not to implement end-to-end encryption on its Instagram and Messenger services. Earlier this year, the FTC slapped a $5bn fine on the social media giant over data protection and privacy issues that led to the Cambridge

Read More
04 Oct 2019

New Android Cyberwarfare Attack Exposed—And It’s Hiding A Devious Twist

Earlier this week, the New York Times covered what it referred to as an “attack on Egyptian journalists, academics, lawyers, opposition politicians and human rights activists.” The report was based on recent research by Check Point, which in turn followed a report by Amnesty from March of this year. Check

Read More
04 Oct 2019

Being compliant with laws and regulations is not a guarantee against data breaches

A new report[pdf] by Advisera underscores what security consultants have been telling their clients for years: compliance does not guarantee security. The two are closely related however, as 85% of survey respondents agreed. 90% of respondents said that low security awareness among employees due to a lack of relevant training

Read More
04 Oct 2019

Update now: WhatsApp bug allows malicious GIF to steal user data

A security researcher using the moniker “Awakened” has uncovered a security flaw in WhatsApp that could make it possible for hackers to steal data from devices running the popular messaging app merely by targeting users with nefarious GIFs. After a malicious image is sent to the victim’s phone, it will

Read More