25 Nov 2019

Critical Flaws in VNC Threaten Industrial Environments

Researchers with Kaspersky have uncovered a total of 37 security vulnerabilities, including several critical flaws, in Virtual Network Computing, a graphical desktop-sharing system that is frequently used in industrial environments. The issues impact up to 600,000 Internet-facing servers. Kaspersky warns that the use of VNC and other potentially vulnerable solutions

Read More
25 Nov 2019

Developers worry about security, still half of teams lack an expert

A new survey by WhiteHat sheds light on the state of security in the context of software development. Three in four (75%) developers express concerns about application security and 85% say that security is of high importance in the  software development lifecycle (SDLC). However, close to half of software development

Read More
22 Nov 2019

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

US security company Allied Universal was targeted by the group Maze Ransomware, encrypting their computers and obtaining access to sensitive files. After the deadline was missed for receiving the ransom payment requested, $2.3 million, Maze Ransomeware published 700 MB worth of stolen data. Maze Ransomware claimed it only released 10%

Read More
22 Nov 2019

Security lapse exposes personal data of 6,500 Singapore accountants

The Singapore Accountancy Commission (SAC) sent email messages to parties with an attached folder containing the personal data of over 6,000 accountants. The security lapse was uncovered months later when the Accountancy Commission conducted a review. Information exposed included names, national identification number, date of birth, and employment information. The

Read More
22 Nov 2019

Optus opens privacy can of worms with programmable voice play

Australian telco company Optus recently introduced a service that transcribes phone call interaction between customers and a call center officer. Seow Yoke Kong, Optus VP of IT, labeled the feature as assisting the Optus employee by taking notes from the phone call, saving them “five minutes” not having to take

Read More
21 Nov 2019

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

WordPress website admins and owners are encouraged to immediately apply the Jetpack 7.9.1 critical security update. Vulnerabilities in Jetpack that could leave websites subject to attack have existed since Jetpack 5.1. Jetpack is a popular WordPress plugin that features security, performance and site management services including malware scanning and brute-force

Read More
21 Nov 2019

Infection Hits French Hospital Like It’s 2017 As Ransomware Cripples 6,000 Computers

The Rouen University Hospital-Charles Nicolle in northern France has been targeted to a ransomware attack with consequences similar to that of the infamous WannaCry attack of 2017. IT staff discovered the attack late on the evening of November 15th, and Rouen University Hospital claims that it impacted all five sites

Read More
21 Nov 2019

Federal CISO: Better Info Sharing Will Lead to More Secure Supply Chain

According to the Federal CISO Grant Schneider, supply chain security threats will be on the rise in 2020, culminating with guidance from the Federal Acquisition Supply Chain Council, which was created in late 2018. The council was formed under the SECURE Technologies act and is compromised of civilian agencies, the

Read More
21 Nov 2019

Hackers Dump 2.2M Gaming, Cryptocurrency Passwords Online

Passwords and other personal data of more than 2.2 million users were revealed as a result of dual data breaches. Users of cryptocurrency walled GateHub and gaming bot provider EpicBot were posted online despite heavy encryption. Security researcher Troy Hunt announced on Tuesday that he had uncovered databases with information

Read More
21 Nov 2019

Fake Windows Update Delivers Cyborg Ransomware

A fake Windows Update spam campaign drops Cyborg ransomware when the recipient opens an attachment titled “the latest critical update.” Trustwave discovered the campaign and said that although the file has a .jpg file extension, it is an executable with a file size around 28KB that delivered malware to the

Read More