09 Dec 2019

Microsoft Security: Password Problem Affecting 44 Million Users Revealed

The Microsoft threat team recently analyzed a database that contained leaked login credentials of over 44 million users, exposed from multiple security breaches. Microsoft disclosed that the information came from multiple sources, including law enforcement agencies and open source resources. In the first three months of 2019, Microsoft uncovered that

Read More
05 Dec 2019

Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers, Warns IBM

IBM found that state-sponsored hacking group APT34 has deployed a new strain of malicious malware aimed at the industrial and energy sectors in the Middle East. APT34 was responsible for a phishing attack using LinkedIn earlier this year, but IBM claims that they are working with another group whose identity

Read More
03 Dec 2019

Report: ‘Smishing,’ Deepfakes to Continue to Rise in 2020

Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that

Read More
02 Dec 2019

5G hackers: These six groups will try to break into the networks of tomorrow

European security agency Enisa has identified the groups it believes are the biggest threat to 5G networks. Enisa warns that threats to telecoms infrastructure will increase with the arrival of 5G and next-generation mobile connectivity. 5G will present a wide array of risks, from automated factories to connected cars, attracting

Read More
02 Dec 2019

Snapshot: Top 25 Most Dangerous Software Errors

The Homeland Security Systems Engineering and Development Institute (HSSEDI), under the Department of Homeland Security, updated the top 25 Common Weakness Enumeration (CWE) list for the first time in eight years. The CWE list compiles the most critical errors that lead to flaws in software. The CWE list is vital

Read More
25 Nov 2019

Cybercriminals targeting e-commerce website vulnerabilities this holiday season

98% of Alexa 1000 websites have not adopted sufficient client-side cybersecurity measures to prevent threat actors from attacking the websites to carry out personal, financial and credential theft, a recent study by Tala Security found. This risk is elevated during the holiday season when ecommerce sales and cybercriminial activity related

Read More
25 Nov 2019

Developers worry about security, still half of teams lack an expert

A new survey by WhiteHat sheds light on the state of security in the context of software development. Three in four (75%) developers express concerns about application security and 85% say that security is of high importance in the  software development lifecycle (SDLC). However, close to half of software development

Read More
22 Nov 2019

Senators Demand Amazon Disclose Ring Privacy Policies

Amazon’s home surveillance and doorbell system Ring data collection policies are attracting attention, with US Senator demanding that Amazon disclose how it is securing footage. After several security vulnerabilities and privacy-related incidents, 5 Senotros wrote a list of demands in a letter to Amazon CEO Jeff Bezos. The Senators stated

Read More
22 Nov 2019

Allied Universal Breached by Maze Ransomware, Stolen Data Leaked

US security company Allied Universal was targeted by the group Maze Ransomware, encrypting their computers and obtaining access to sensitive files. After the deadline was missed for receiving the ransom payment requested, $2.3 million, Maze Ransomeware published 700 MB worth of stolen data. Maze Ransomware claimed it only released 10%

Read More
18 Nov 2019

US Govt Recommends Vendor System Configs To Block Malware Attacks

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) reminded users last week to property configure systems to defend against malware. CISA published the document through the US National Cyber Awareness System, which is designed to keep users updated on current security threats. The agency recommended installing and

Read More