16 Aug 2019

3,813 breaches were reported through June 30, exposing over 4.1 billion records

In the first half of this year 3,813 data breaches were reported, which is 54% more than in the same period last year, a new report by Risk Based Security shows. The number of exposed records rose by 52%. The eight biggest breaches in the first six months of 2019

Read More
16 Aug 2019

Huge Survey of Firmware Finds No Security Gains in 15 Years

A study by Cyber Independent Testing Lab (CITL) found that even though cyber attacks on Internet of things (IoT) devices have skyrocketed in the last 15 years, vendors have hardly done anything to make the firmware of these devices more secure. The research covered 6,000 firmware images of 18 vendors

Read More
16 Aug 2019

Network Deception Techniques Cut Dwell Times, Says Report

A new survey by Enterprise Management Associates (EMA) and Attivo Networks looks at how deception technology can improve the cyber defenses of organizations. It found that the majority of firms (55%) are using this technology. Around half of these firms rely on commercial solutions, 30% have developed their own solutions

Read More
16 Aug 2019

Red/Blue team exercises show defensive shortfalls: Survey

A new Exabeam survey indicates that according to 35% of organizations, their blue teams hardly ever or never succeed in mitigating simulated attacks by red teams. A mere 2% of firms indicated that red teams were caught every time, with the rest reporting occasional blue team success. 60% of firms

Read More
16 Aug 2019

Critical Bluetooth flaw opens millions of devices to eavesdropping attacks

Security researchers have uncovered a serious flaw in the Bluetooth Core Specification that can enable attackers to capture and meddle with Bluetooth communications between impacted devices. The vulnerability, tracked as CVE-2019-9506, has already been fixed in many devices. According to the research report[pdf], the Key Negotiation Of Bluetooth (KNOB) attack

Read More
16 Aug 2019

700,000 Choice Hotels records leaked in data breach, ransom demanded

Threat actors claim to have stolen 700,000 records containing personal information of Choice Hotels guests and want the hotel chain to pay 0.4 Bitcoin (over $4,000) for the data that had been stored in an unsecured MongoDB database. The exposed data includes guest names, email addresses, and phone numbers. Last

Read More
16 Aug 2019

Google Estimates 1.5% of Web Logins Exposed in Data Breaches

A new Google report based on data recorded by the Password Checkup browser extension for Chrome shows that 1.5% of web logins involved credentials that have been exposed in a data breach. The extension anonymously checks hashes against a massive database of credentials that have been compromised in a breach.

Read More
16 Aug 2019

Apache Struts Called Out For Incorrect Security Advisories

Apache Struts has repeatedly provided incorrect and incomplete information in the security advisories for the popular open-source web application framework, new research by Synopsys has found. 24 of the 57 security advisories that were covered by the study contained errors in terms of the Apache Struts versions that were said

Read More
16 Aug 2019

ECB Says One of Its Websites Was Hacked, Data Possibly Captured

Earlier this year, a threat actor hacked the Banks’ Integrated Reporting Dictionary (BIRD) website of the European Central Bank and installed malware designed for phishing campaigns on the server of the third-party hosting provider. The ECB said the hackers may have obtained the names and email addresses of 481 subscribers

Read More
15 Aug 2019

The changing face of DDoS attacks: Degraded performance instead of total takedown

Research by Neustar looks at the growing threat of small-scale DDoS attacks that are increasing in frequency and sophistication. 75% of the attacks that Neustar mitigated in Q2 of this year involved malicious traffic that reached no more than 5Gbps, and the number of attacks involving over 100 Gbps dropped

Read More