15 Apr 2019

Gov’t warns on VPN security bug in Cisco, Palo Alto, F5, Pulse software

VPN applications offered by Cisco, Palo Alto, F5 and Pusle are putting users at risk by failing to securely store session cookies, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Carnegie Mellon’s CERT are warning. If threat actors can obtain access to a session cookie,

Read More
10 Apr 2019

It’s raining patches, Hallelujah! Microsoft and Adobe put out their latest major fixes

As part of this month’s patch Tuesday, Microsoft and Adobe have issued a total of 117 fixes for security flaws. Microsoft released patches for 74 vulnerabilities, 15 of which are critical flaws. Two of the Windows vulnerabilities are zero-days that have been actively exploited in the wild. The flaws, classified

Read More
08 Apr 2019

Half of online banks allow hackers to steal your money

Recent research indicates that financial institutions are tragically falling short in their responsibility to provide customers with secure solutions for online banking and other digital financial services. While a recent study by Aite Group and Arxan Technologies found major security shortcomings in financial apps, Positive Technologies last week released a

Read More
08 Apr 2019

Industry 4.0 at Risk as Manufacturers Fail to Patch

A new Trend Micro report underscores the poor state of security in the manufacturing sector. The study found that old and outdated operating systems with serious security shortcomings prevail in the industry. Windows 10 is running on a mere 29% of machines in the sector, while 60.2% still run Windows

Read More
08 Apr 2019

Hackers Can Add, Remove Cancer From CT Scans: Researchers

In the latest example of security issues that can result from the proliferation of Internet-facing medical devices, a team of security researchers from two Israeli universities has discovered that it is possible for threat actors to manipulate the 3D images generated during a Computer Tomography (CT) scan using custom malicious

Read More
29 Mar 2019

IT Security Pros Slam State-Backed Encryption Backdoors

New Venafi research shows that the vast majority of IT professionals have major problems with state-enforced encryption backdoors. Almost 3 in 4 (73%) respondents believe that state laws mandating that tech firms provide law enforcement with access to encrypted communications, actually serve to undermine national security. In addition, 70% of

Read More
29 Mar 2019

Hundreds of compromised WordPress and Joomla websites are serving up malware to visitors

Researchers with Zscaler warn that threat actors are increasingly trying to take advantage of flaws in the immensely popular content management systems (CMSs) WordPress and Joomla in order to get legitimate websites to target users with malicious payloads. In the past month, the researchers detected thousands of attacks, hundreds of

Read More
29 Mar 2019

The Huawei Threat Isn’t Backdoors. It’s Bugs.

A UK government report aiming to assess the cybersecurity risks of using Huawei technology for the establishment of 5G networks across the country, discovered that products of the Chinese tech giant are riddled with simple yet severe security vulnerabilities that put users at risk. The Trump administration has boycotted Huawei

Read More
26 Mar 2019

Medtronic cardiac implants can be hacked, FDA issues alert

In response to the discovery of two serious security vulnerabilities in a range of implantable heart defibrillators and home monitoring systems produced by Medtronic, the US Food and Drug Administration (FDA) last week issued a special alert. The flaws could not only enable threat actors to capture sensitive data from

Read More
13 Mar 2019

Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack

As part of Patch Tuesday, Microsoft has released mitigations for 64 security vulnerabilities affecting various products including Microsoft Windows, Microsoft Office, Internet Explorer, Edge and Exchange Server. The patches covered 17 critical flaws and 45 important ones. Two of  the vulnerabilities have been actively exploited in the wild. One of

Read More