-
Superyacht-Maker Hit by Easter Ransomware Attack
PRIVACY PRIVACY Bremen shipbuilder Lürssen tight-lipped on details Read More
-
Dissecting threat intelligence lifecycle problems
PRIVACY PRIVACY In my last CSO article, I looked at a few challenges related to enterprise threat intelligence programs. Security pros pointed to issues like dealing with too many manual processes, sorting through noisy threat intelligence feeds, establishing clear ROI benefits, and managing threat intelligence programs that are little more than an academic exercise for…
-
4 strategies to help reduce the risk of DNS tunneling
PRIVACY PRIVACY Domain name system (DNS) tunneling is a pervasive threat that enables hackers to get any data in and out of a company’s internal network while bypassing most firewalls. The domain name system translates numeric internet protocol addresses that browsers can then use to load web pages — threat actors use tunneling to exploit…
-
Rapid7 Has Good News for UK Security Posture
PRIVACY PRIVACY FTSE 350 firms on a par with global peers Read More
-
Smashing Security podcast #317: Another Uber SNAFU, an AI chatbot quiz, and is juice-jacking genuine?
PRIVACY PRIVACY Everyone’s talking juice-jacking – but has anyone ever been juice-jacked? Uber suffers yet another data breach, but it hasn’t been hacked. And Carole hosts the “AI-a-go-go or a no-no?” quiz for Dave and Graham. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer…
-
Goldoson: Privacy-invasive and Clicker Android Adware found in popular apps in South Korea
PRIVACY PRIVACY Authored by SangRyol Ryu McAfee’s Mobile Research Team discovered a software library we’ve named Goldoson, which collects lists of applications installed, and a history of Wi-Fi and Bluetooth devices information, including nearby GPS locations. Moreover, the library is armed with the functionality to perform ad fraud by clicking advertisements in the background without the…
-
Why you should patch the Windows QueueJumper vulnerability immediately
PRIVACY PRIVACY Microsoft patched over 100 vulnerabilities this week in its products, including a zero-day privilege escalation flaw used in the wild by a ransomware gang. However, another critical vulnerability that can be easily exploited to take over Windows systems remotely over local networks and the internet is likely to be of more interest to…
-
Google launches dependency API and curated package repository with security metadata
PRIVACY PRIVACY This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming languages. Today, the company also announced the general availability of its Assured Open Source Software (Assured OSS) service, which provides development teams with a Google-curated repository…
-
CISA Updates Zero Trust Maturity Model With Public Feedback
PRIVACY PRIVACY The guidelines aim to further the US federal government’s progress toward a zero trust approach Read More
-
Lazarus Group’s DeathNote Campaign Reveals Shift in Targets
PRIVACY PRIVACY Kaspersky uncovered a shift in the attack’s targets and updated infection vectors in 2020 Read More