Sign up for our weekly newsletter!
News & Views
Content posted in September 2018
50M Facebook Accounts Exposed Due to Software Vulnerability
News Analysis  
9/28/2018   7 comments
A vulnerability in Facebook's 'View As' feature could have exposed the personal information of 50 million of the social network's users.
Majority of Cyber Attacks Against Small Businesses Can Cost $500K
News Analysis  
9/28/2018   4 comments
For the majority of small and midsized businesses, a cyber attack can cost a company $500,000, although some incidents can skyrocket to $2.5 million, according to a report from Cisco.
Magecart Group Likely Behind Increase in Formjacking Attacks
Larry Loeb  
9/28/2018   4 comments
A recent analysis by Symantec researchers has found a significant increase in formjacking attacks. The reason, according to some, is an increase in activity from the Magecart group.
VPNFilter Is 'Swiss Army Knife' of Malware
News Analysis  
9/27/2018   5 comments
A report from Cisco Talos finds that the VPNFilter malware, which infected some 500,000 routers worldwide, is even more versatile than previously thought, thanks to seven additional third-stage modules.
Verizon Study Finds PCI DSS Compliance Falls Worldwide
Jeffrey Burt  
9/27/2018   8 comments
Verizon's report says that fewer businesses are complying with the PCI DSS payment standard despite the rising threat of security breaches and consumer data theft.
Uber Settles With California Authorities Over 2016 Data Breach
News Analysis  
9/27/2018   26 comments
Uber has agreed to pay the California Attorney General and the San Francisco District Attorney $148 million to settle charges stemming from the 2016 data breach.
Cryptomining Malware Continues to Surge as Cybercriminals Cash In
News Analysis  
9/26/2018   Post a comment
The latest research by McAfee Labs shows that cybercriminals are still raking in big bucks from cryptomining malware. Ransomware also continues to plague enterprises.
Adwind RAT Squeaks Past Linux, Windows, macOS Defenses
Larry Loeb  
9/26/2018   6 comments
A newer version of the Adwind 3.0 Trojan can elude the AV defenses of Linux, Windows and macOS systems, according to Talos and ReversingLabs.
United Nations' Websites Besieged by Data Leaks, Exposed Files
News Analysis  
9/25/2018   5 comments
In time for the UN's General Assembly this week, two reports find that the United Nations' websites have been leaking data for months, thanks to unsecured files and applications.
Zero Trust & Network Segmentation: Keys to Securing IoT
News Analysis  
9/25/2018   1 comment
As IoT devices become more popular both in the home and within businesses, enterprises need new approaches to security. Here's how zero trust and network segmentation can be combined to create a more robust defense.
iOS 12: How Apple Keeps Getting Mobile Security Wrong
Joe Stanganelli  
9/25/2018   Post a comment
Are iOS updates for suckers? Apple's iOS 12 may represent the latest in a series of flawed releases that could compound user mistrust – further training the company's users to delay updates and patches.
Microsoft Looks to End the Era of Security Passwords
News Analysis  
9/24/2018   1 comment
At its Ignite show this week, Microsoft plans to update its users on a number of security products and updates, including a plan to eliminate passwords for good through its Authenticator app, which works with Azure.
Malicious Bot-Enabled, Credential-Stuffing Jamming Networks
Larry Loeb  
9/24/2018   2 comments
A research report from Akamai finds the number of bot-enabled, credential-stuffing incidents has spiked in recent months, jamming networks with malicious traffic.
Cloudflare Looks to Take the Pain Out of DNSSEC Protocol Adoption
Larry Loeb  
9/21/2018   Post a comment
Uptake of the newer DNSSEC protocol has been slow, but a new tool from Cloudflare looks to make it easier to ensure secure websites and more control over DNS.
Xbash Malware: Dangerous Mix of Threats
Jeffrey Burt  
9/21/2018   Post a comment
The Xbash malware includes ransomware and cryptomining functions as well as botnet and self-propagation capabilities and will delete Linux databases.
Ransomware Developers Embrace Politics, Targeting Obama, Trump & Merkel
Jeffrey Burt  
9/20/2018   1 comment
Recent malware campaigns have used names such as Barak Obama, Angela Merkel and Donald Trump to entice unsuspecting users to download the ransomware, McAfee researchers have found.
Hackers Still Targeting Windows 10, Windows 8 – Survey
News Analysis  
9/20/2018   Post a comment
A newly released survey by PAM specialist Thycotic finds that hackers are continuing to target Windows 10 and Windows 8 by using social engineering techniques. The solution is to adopt a zero-trust policy.
Account Takeover Attacks Are on the Rise
News Analysis  
9/20/2018   Post a comment
An analysis by Barracuda Networks finds that Account Takeover attacks are increasing as cybercriminals and even amateurs are using this technique to create more sophisticated phishing campaigns.
Data Breach Can Affect Company's Long-Term Stock Price
Larry Loeb  
9/19/2018   6 comments
A recent study by CompariTech finds that data breaches can have some long-term effects when it comes to a company's stock price, but most of the financial damage diminishes over time.
California Looks to Pass Rudimentary IoT Security Legislation
Joe Stanganelli  
9/19/2018   2 comments
A California bill specific to IoT cybersecurity measures sits on Gov. Jerry Brown's desk, ready for him to sign it into law. The wording and limits of the law, however, leaves questions as to just how big an effect it will have.
House Bill Would Create Federal Standards for Data Breach Notifications
News Analysis  
9/19/2018   1 comment
A bill that has now passed the House Financial Services Committee would create federal standards for how banks and other financial institutions notify customers when a data breach occurs.
PyLocky Ransomware Can Get Around Machine Learning Solutions
Jeffrey Burt  
9/18/2018   Post a comment
The PyLocky ransomware, detected by Trend Micro, puts a focus on the ongoing machine learning race between cybersecurity experts and bad actors.
'Peekaboo' Zero-Day Exploit Targets Security Camera
News Analysis  
9/18/2018   Post a comment
Researchers at Tenable are detailing a new zero-day exploit dubbed 'Peekaboo,' which targets the software that runs security cameras and other surveillance equipment.
Data Breaches Costing More C-Level Executives Their Jobs
News Analysis  
9/17/2018   Post a comment
A survey conducted by Kaspersky Labs shows that a major data breach can cost CIOs, CISOs and even CEOs their jobs, especially in North America.
Fuji's Electric V-Server Susceptible to Numerous Vulnerabilities
Larry Loeb  
9/17/2018   5 comments
Another industrial control system is shown to have a series of serious flaws. This time, it's Fuji's Electric V-Server, according to warnings from ICS-CERT.
Why CISOs Need a Seat at the IoT Projects Table
Dawn Kawamoto  
9/17/2018   Post a comment
Only 38% of CISOs and IT security professionals are asked for their input when IoT projects are launched, despite frequent attacks against IoT devices, according to a recent Trend Micro report.
Iran Targeting ISIS Supporters, Kurds With Spyware
Jeffrey Burt  
9/14/2018   Post a comment
Check Point researchers found that victims of Iran's campaign were enticed to download mobile apps that were packed with spyware.
OpenSSL 1.1.1 Released With TLS 1.3 Support
Larry Loeb  
9/14/2018   Post a comment
The 1.1.1 version of OpenSSL, the popular cryptography library for encrypted communications, has been released with support for TLS 1.3, as well as other improvements.
Lock Up Your Laptops: Cold Boot Attacks Are Back
Joe Stanganelli  
9/14/2018   Post a comment
Researchers at F-Secure have developed a workaround to nullify the popular ten-year-old patch that was thought to have solved the problem of cold-boot attacks. Encryption keys and other sensitive data on millions of laptops could be affected.
Cobalt Group Returns With Downloader Malware
Jeffrey Burt  
9/13/2018   Post a comment
Proofpoint found new campaigns by the notorious cybercrime gang using its CobInt modular downloader.
Unsecured Veeam Database Reportedly Exposed Millions of Records
News Analysis  
9/13/2018   Post a comment
Another day, another database exposed to the public Internet. In this case, a security researcher found a server belonging to Veeam and hosted on AWS left millions of records exposed.
NordVPN & ProtonVPN Offerings Vulnerable to Code Execution Attack
Larry Loeb  
9/12/2018   4 comments
A report from Cisco Talos found that VPNs developed by NordVPN and ProtonVPN were each vulnerable to the same code execution attack.
Verizon Offers Look Inside Data Breach Investigations
News Analysis  
9/12/2018   Post a comment
Verizon's new Data Breach Digest tracks investigators through four different breach scenarios for lessons learned.
Tor Browser Flaw Could Allow Governments to Bypass Security Settings
News Analysis  
9/12/2018   1 comment
A report from Zerodium found a flaw in the Tor browser that could allow government agencies to bypass security settings within the software. However, the latest version eliminates this security risk.
Will Charges Against WannaCry & Sony Cybercrimes Suspect Temper Future Attacks?
Dawn Kawamoto  
9/11/2018   Post a comment
The Justice Department has charged North Korean national Park Jin Hyok with conspiracy to commit wire fraud and computer-related fraud in several high-profile cases, including the WannaCry ransomware virus attack and Sony Pictures Entertainment hack. Will cases like this temper future cyber attacks?
British Airways Already Facing Lawsuits Following Data Breach
News Analysis  
9/11/2018   1 comment
With more than 380,000 customer records compromised following this month's data breach, British Airways is already facing lawsuits.
Cryptominers Rush to Exploit Apache Struts 2 Vulnerability
Larry Loeb  
9/10/2018   2 comments
The Apache Struts 2 vulnerability was revealed about two weeks ago. Now F5 Labs has found that it's being used in a Monero cryptomining exploit.
US Is No. 1 in Malicious Web Addresses
Larry Loeb  
9/7/2018   4 comments
Palo Alto Network's Unit 42 has found that from April to June 2018 the US was numero uno in hosting malicious domains and exploit kits.
Trend Micro: Cryptomining, Data Breaches Highlight Busy 1H 2018
Jeffrey Burt  
9/7/2018   Post a comment
The rise of design flaws in processors from Intel and other chip-makers and the slowing down of ransomware were key trends in cybersecurity in the first six months of the year.
Attackers Snoop on MikroTik Router Traffic
Larry Loeb  
9/6/2018   3 comments
Researchers at Qihoo 360 Netlab report that unknown attackers have eavesdropped on the traffic of thousands of MikroTik routers.
Leaders & Employees Confess Cybersecurity Mistakes – Switchfast Report
Larry Loeb  
9/5/2018   6 comments
Leaders of small and midsized business are making common cybersecurity goofs and failing to model the right behaviors.
Android Spyware BusyGasper: Small With Unusual Capabilities
Jeffrey Burt  
9/5/2018   4 comments
Kaspersky researchers said the malware is not sophisticated, but it comes packed with a broad array of interesting features and capabilities.
Get Ready for Realistic Attacks on the Internet of Things
Alan Zeichick  
9/4/2018   4 comments
Good news: We haven't seen a widespread action against IoT devices. Bad news: IoT devices are shockingly vulnerable.
European Union Braces for Liability Shift for Data Breaches
News Analysis  
9/3/2018   2 comments
There are moves in the EU to introduce a change in liability for consumers who fall victim to data breaches, and other initiatives may follow. These would correct a longstanding cybersecurity moral hazard: that companies do not necessarily suffer directly from a data breach involving customer data.

Latest Articles
Palo Alto Network's Unit 42 has found the first cryptocurrency miner malware that spreads like a worm through the use of Docker containers.
Artificial intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Just like humans, they will be imperfect, but also capable of achieving great things.
Palo Alto Networks' Unit 42 researchers have discovered a new and previously undocumented Remote Access Tool (RAT).
Researcher finds Sophos firewalls can allow net-based RCE without authentication.
The rise of DevSecOps may be the reason that 70% of respondents to Radware's survey stated that the CISO was not the top influencer in deciding on security software policy.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with