Category Archives: NEWS & INDUSTRY

DHS Cyber Leader Says 2020 Security Preparations Underway

The director of Homeland Security's cybersecurity agency says officials are working to secure the 2020 presidential election.

Christopher Krebs says he's trying to shift focus from what happened in 2016 with Russian interference to what could happen next. He's trying to get election security officials to think ahead and prepare for possibilities.

read more

Indictment: Hackers Charged With Making Threats to Schools

Two computer hackers were charged with sending false shooting and bomb threats to hundreds of schools and other institutions in the U.S. and Britain, federal prosecutors said Tuesday.

The men are members of Apophis Squad, a worldwide collective of hackers intent on using the internet to “sow chaos,” the Department of Justice said in Los Angeles.

read more

Intel SGX Can Be Abused to Hide Advanced Malware: Researchers

A team of researchers has demonstrated that Intel’s SGX technology can be abused to hide an advanced and stealthy piece of malware that could allow attackers to steal data and conduct activities on the victim’s behalf. Intel says its technology works as intended and it’s not designed to block these types of attacks.

read more

Application Security Firm ShiftLeft Raises $20 Million

Application security firm ShiftLeft on Tuesday announced that it raised $20 million in a Series B funding round, which brings the total raised by the company to nearly $30 million.

The funding round was led by Thomvest Ventures, with participation from new investor SineWave Ventures and existing investors Bain Capital Ventures and Mayfield.

read more

SecurityWeek RSS Feed: China Police Get Power to Remotely ‘Inspect’ Company Networks in China

In June 2017, China's new cybersecurity law gave its Ministry of State Security (basically, China's spy agency) new powers over foreign technology. Now, new provisions announced in November 2018 under the title 'Internet Safety Supervision and Inspection Regulations' have expanded the intrusive capabilities of the Ministry of Public Security (MPS) -- China's internal police authority.

read more



SecurityWeek RSS Feed

China Police Get Power to Remotely ‘Inspect’ Company Networks in China

In June 2017, China's new cybersecurity law gave its Ministry of State Security (basically, China's spy agency) new powers over foreign technology. Now, new provisions announced in November 2018 under the title 'Internet Safety Supervision and Inspection Regulations' have expanded the intrusive capabilities of the Ministry of Public Security (MPS) -- China's internal police authority.

read more

Study Analyzes Challenges, Concerns for IT/OT Convergence

A survey conducted by the Ponemon Institute on behalf of security solutions provider TUV Rheinland OpenSky analyzes the security, safety and privacy challenges and concerns related to the convergence between information technology (IT), operational technology (OT), and industrial internet of things (IIoT).

read more

NATO Opens Defense Innovation Challenge Seeking C4ISR Solutions

The NATO Communications and Information Agency (NCI) has opened its fourth annual Defense Innovation Challenge. It is open to start-ups, SMEs and academia; and invites proposals on solutions to support NATO's command, control, communications, computers, intelligence, surveillance and reconnaissance (C4ISR) and cyber capabilities.

read more

Zero-day Vulnerability Highlights the Responsible Disclosure Dilemma

A zero-day vulnerability found in a video-conferencing system and responsibly disclosed led to the response, "Our developers are aware of some known vulnerabilities with the systems, development for these devices has slowed significantly as they are End of Life. For devices that are still under support, we may target future releases."

read more

SecurityWeek RSS Feed: UK Data Watchdog Fines Leave.EU, Eldon Insurance

The UK data protection regulator (the Information Commissioner's Office – ICO) launched a wide-ranging investigation into the use of personal information for political purposes following the Facebook/Cambridge Analytica affair. It resulted in the publication of a lengthy report titled 'Democracy disrupted? Personal information and political influence' in July 2018, and a fine on Facebook set at the maximum amount possible – £500,000 ($645,000).

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: New York Investigating Apple’s Response to FaceTime Spying Bug

New York authorities have announced the launch of an investigation into the recently disclosed FaceTime vulnerability that can be exploited to spy on users. The probe focuses on Apple’s failure to warn customers and the company’s slow response.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Facebook Takes Down Vast Iran-led Manipulation Campaign

Facebook said Thursday it took down hundreds of "inauthentic" accounts from Iran that were part of a vast manipulation campaign operating in more than 20 countries.

The world's biggest social network said it removed 783 pages, groups and accounts "for engaging in coordinated inauthentic behavior tied to Iran."

read more



SecurityWeek RSS Feed

The Tricky Balance in Declining or Accepting Online Payments

False positives are one of the biggest problems for security controls. In malware detection they interrupt work and divert incident response away from real issues. But in ecommerce and financial fraud detection, false positives can have a direct and serious effect on profitability. In most cases, it is a balance between high detection (more secure but with more false positives), and lower detection (less secure with fewer false positives). 

read more

SecurityWeek RSS Feed: The Tricky Balance in Declining or Accepting Online Payments

False positives are one of the biggest problems for security controls. In malware detection they interrupt work and divert incident response away from real issues. But in ecommerce and financial fraud detection, false positives can have a direct and serious effect on profitability. In most cases, it is a balance between high detection (more secure but with more false positives), and lower detection (less secure with fewer false positives). 

read more



SecurityWeek RSS Feed

Employee Data Compromised in Airbus Breach

Aircraft maker Airbus on Wednesday revealed that information on some of its employees was compromised as a result of a data breach.

According to the company, it detected an intrusion on systems associated with its Commercial Aircraft business, but claims that the incident has not impacted its commercial operations.

read more

SecurityWeek RSS Feed: Employee Data Compromised in Airbus Breach

Aircraft maker Airbus on Wednesday revealed that information on some of its employees was compromised as a result of a data breach.

According to the company, it detected an intrusion on systems associated with its Commercial Aircraft business, but claims that the incident has not impacted its commercial operations.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Yahoo Breach Settlement Rejected by Judge

A U.S. judge has rejected the settlement between Yahoo and users impacted by the massive data breaches suffered by the company, citing, among other things, inadequate disclosure of the settlement fund and high attorney fees.

read more



SecurityWeek RSS Feed

SecurityWeek RSS Feed: Trump Ally Stone Charged With Lying About Hacked Emails

President Donald Trump's confidant Roger Stone has been charged with lying about his pursuit of Russian-hacked emails damaging to Hillary Clinton's 2016 election bid. Prosecutors allege that senior Trump campaign officials sought to leverage the stolen material into a White House victory.

read more



SecurityWeek RSS Feed

Flaws Expose Phoenix Contact Industrial Switches to Attacks

The latest firmware updates released by Phoenix Contact for its FL SWITCH industrial ethernet switches address a total of six vulnerabilities that can be exploited to obtain credentials for the web interface, conduct unauthorized activities, cause a denial-of-service (DoS) condition, and launch man-in-the-middle (MitM) attacks.

read more

AWS Provides Secure Access to Internal Assets With Amazon WorkLink

Amazon Web Services (AWS) on Wednesday announced the launch of Amazon WorkLink, a service that enables organizations to provide employees easy and secure access to internal websites and applications from their mobile devices without the need for a VPN or custom browser.

read more

Recorded Future Adds Third-Party Risk to Threat Intelligence Platform

Over the last few years, the supply chain has emerged as a primary attack vector for both criminal gangs and nation-state groups. Attackers are compromising often smaller and less well-defended suppliers in order to gain access to larger primary targets. This problem is getting worse with the increasing digital transformation of business around the world -- more companies are dealing electronically with each other than ever before.

read more

DHS Warns Federal Agencies of DNS Hijacking Attacks

The U.S. Department of Homeland Security (DHS) on Tuesday issued an emergency directive instructing federal agencies to prevent and respond to DNS hijacking attacks.

read more

GDPR Complaints Filed Against Eight International Streaming Companies

European NGO noyb ('none of your business') filed ten GDPR-related complaints against eight international streaming services on January 18, 2019. The complaints allege that the concerned streaming services have not fully -- and in some cases not at all -- responded to the lawful 'right of access by the data subject' (Article 15 of GDPR) with 'transparent information, communication and modalities' (Article 12); and are therefore in breach of GDPR.

read more