Category Archives: NEWS & INDUSTRY

SecurityWeek RSS Feed: ‘No Evidence’ of Huawei Spying, Says German IT Watchdog

Germany's IT watchdog has expressed scepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported Friday.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: AP Exclusive: Iran Hackers Hunt Nuke Workers, US Officials

LONDON — As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Rhode Island Sues Alphabet Over Google+ Security Incidents

A government organization in Rhode Island announced on Wednesday that it has filed a lawsuit against Google’s parent company, Alphabet Inc., over the recent security incidents involving the Google+ social network.

read more



SecurityWeek RSS Feed

Personal Details of 120 Million Brazilians Exposed

Misconfigured databases with poor or absent access controls on both cloud and in-house servers is a known and common problem. Where these databases are exposed to the internet, anybody -- with or without cyber expertise -- can access the database and its content. While there is no 'hack' involved, such instances should still be called a breach since there is often no way of knowing whether the data contained has been accessed by malicious actors.

read more

SecurityWeek RSS Feed: Hertz, Clear Partner to Speed Rentals With Biometric Scans

Biometric screening is expanding to the rental car industry.

Hertz said Tuesday it is teaming up with Clear, the maker of biometric screening kiosks found at many airports, in an effort to slash the time it takes to pick up a rental car. Clear hopes it will lead more travelers to its platform, which has 3 million members in the U.S.

read more



SecurityWeek RSS Feed

Hertz, Clear Partner to Speed Rentals With Biometric Scans

Biometric screening is expanding to the rental car industry.

Hertz said Tuesday it is teaming up with Clear, the maker of biometric screening kiosks found at many airports, in an effort to slash the time it takes to pick up a rental car. Clear hopes it will lead more travelers to its platform, which has 3 million members in the U.S.

read more

SecurityWeek RSS Feed: Tor Project Releases Financial Documents

The Tor Project, the organization behind the Tor anonymity network, has published financial documents for the past two years, and while they show that its revenue has increased significantly, it’s still small compared to the budgets of potential adversaries.

read more



SecurityWeek RSS Feed

DeepPhish Project Shows Malicious AI is Not as Dangerous as Feared

Artificial intelligence (AI) is increasingly becoming a de facto necessity for cybersecurity. The asymmetric nature of cyberattacks simply overwhelms traditional manual analyst defenses, and organizations must increasingly use AI and machine learning (ML)-enhanced technologies to detect known attacks and predict (determine the probability) of new and unknown attacks at machine speed.

read more

Russian Hospital Targeted With Flash Zero-Day After Kerch Incident

Security updates released by Adobe on Wednesday for Flash Player patch two vulnerabilities, including a critical flaw exploited by a sophisticated threat actor in attacks aimed at a healthcare organization associated with the Russian presidential administration. The attack may be related to the recent Kerch Strait incident involving Russia and Ukraine.

read more

House GOP Campaign Arm Targeted by ‘Unknown Entity’ in 2018

Thousands of emails were stolen from aides to the National Republican Congressional Committee during the 2018 midterm campaign, a major breach exposing vulnerabilities that have kept cybersecurity experts on edge since the 2016 presidential race.

read more

SecurityWeek RSS Feed: M2M Protocols Expose Industrial Systems to Attacks

Some machine-to-machine (M2M) protocols can be abused by malicious actors in attacks aimed at Internet of Things (IoT) and industrial Internet of Things (IIoT) systems, according to research conducted by Trend Micro and the Polytechnic University of Milan.

read more



SecurityWeek RSS Feed

Kaspersky’s U.S. Government Ban Upheld by Appeals Court

The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.

The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.

read more

SecurityWeek RSS Feed: Kaspersky’s U.S. Government Ban Upheld by Appeals Court

The U.S. government’s ban on software made by Russia-based cybersecurity firm Kaspersky Lab remains in place, a federal appeals court in Washington, DC, ruled on Friday.

The court said Kaspersky had failed to demonstrate that the ban was an unconstitutional legislative punishment.

read more



SecurityWeek RSS Feed

Facebook Mulled Charging for Access to User Data

Facebook on Wednesday said it considered charging application makers to access data at the social network.

Such a move would have been a major shift away from the policy of not selling Facebook members' information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.

read more

SecurityWeek RSS Feed: Facebook Mulled Charging for Access to User Data

Facebook on Wednesday said it considered charging application makers to access data at the social network.

Such a move would have been a major shift away from the policy of not selling Facebook members' information, which the social network has stressed in the face of criticism alleging it is more interested in making money than protecting privacy.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Google Makes Secure LDAP Generally Available

Google this week announced the general availability of secure LDAP, after introducing the capability in October at Next ’18 London.

Allowing customers to manage access to traditional LDAP-based apps and IT infrastructure, it can be used with either G Suite or Cloud Identity, Google’s managed identity and access management (IAM) platform.

read more



SecurityWeek RSS Feed

Brazilian Financial Malware Spreads Beyond National Boundaries

Brazilian Actors Expand Financial Malware Campaigns to Attack Spanish-Speaking Countries

A detailed analysis from security researchers shows how Brazilian financial malware is spreading beyond national boundaries to attack banks in Spanish-speaking countries through South and Latin America, and Portugal and Spain in Europe. 

read more

SecurityWeek RSS Feed: Cryptocurrency-Stealing Code Distributed via Popular Library

The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies.

Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to application developers and malicious actors alike.

read more



SecurityWeek RSS Feed

Cryptocurrency-Stealing Code Distributed via Popular Library

The popular EventStream Node.js library was recently modified to fetch malicious code designed to steal crypto-currencies.

Designed as a toolkit to make creating and working with streams easy, the JavaScript package has around two million downloads a week, which makes it a valuable resource to application developers and malicious actors alike.

read more

Acceptto Emerges from Stealth with Behavioral Biometric Authentication Platform

Portland, Ore-based startup Acceptto has emerged from stealth today to launch its cognitive authentication platform and announce an unspecified Series A funding round from Aetna Ventures, Millennium Venture Partners and Celeres Investments. Aetna is now both an investor and an early adopter. Its CSO, James Routh, joins the Acceptto Board of Directors.

read more

SecurityWeek RSS Feed: Acceptto Emerges from Stealth with Behavioral Biometric Authentication Platform

Portland, Ore-based startup Acceptto has emerged from stealth today to launch its cognitive authentication platform and announce an unspecified Series A funding round from Aetna Ventures, Millennium Venture Partners and Celeres Investments. Aetna is now both an investor and an early adopter. Its CSO, James Routh, joins the Acceptto Board of Directors.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: DoS Vulnerabilities Impact Linux Kernel

Two recently disclosed Linux kernel vulnerabilities that remain unpatched could be exploited for local denial-of-service (DoS).

The flaws, both which were made public last week, impact Linux kernel 4.19.2 and previous versions. Both represent NULL pointer deference bugs that can be exploited by local attackers and are considered Medium severity. 

read more



SecurityWeek RSS Feed

U.S. Postal Service API Flaw Exposes Data of 60 Million Customers

The United States Postal Service (USPS) has fixed an API flaw that potentially exposed data on 60 million customers. A researcher reported the flaw to USPS more than a year ago; but it wasn't until security blogger Brian Krebs contacted the organization this month that it took any action.

read more

SecurityWeek RSS Feed: Gov Committee Raises Concerns Over UK Critical Infrastructure Security

The purpose of a government committee is to be critical. If it did nothing but agree with its subject matter status quo, there would be little point to it. That said, in the latest report published November 12, 2018 by the UK parliament's Joint Committee on the National Security Strategy, this committee is somewhat critical of the UK's National Security Strategy (NCS). 

read more



SecurityWeek RSS Feed

Gov Committee Raises Concerns Over UK Critical Infrastructure Security

The purpose of a government committee is to be critical. If it did nothing but agree with its subject matter status quo, there would be little point to it. That said, in the latest report published November 12, 2018 by the UK parliament's Joint Committee on the National Security Strategy, this committee is somewhat critical of the UK's National Security Strategy (NCS). 

read more

Attackers Target Drupal Web Servers with Chained Vulnerabilities

A recent attack targeted Drupal web servers with a chain of vulnerabilities that included the infamous Drupalgeddon2 and DirtyCOW flaws, Imperva security researchers say.

The attack was short and impacted only some Linux-based systems, but it was noteworthy for attempting to persistently infect vulnerable servers and take over machines.

read more

SecurityWeek RSS Feed: TalkTalk Hackers Sentenced to Prison

Two individuals were sentenced to prison on Monday for their roles in the 2015 hacking of British telecoms company TalkTalk.

Connor Allsopp, 21, and Matthew Hanley, 23, both from Tamworth, Staffordshire, pleaded guilty to hacking-related charges last year. Allsopp has been sentenced to 8 months in jail and Hanley to 12 months.

read more



SecurityWeek RSS Feed