News
-
Friday Five: 8/16 Edition
Software developers are a target for phishers, a hotel chain breach, and a bank hit by malware - catch up on the week's news with this recap!
-
European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked
The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the euro and is itself -
Patches for 2 Severe LibreOffice Flaws Bypassed — Update to Patch Again
If you are using LibreOffice, you need to update it once again. LibreOffice has released the latest version 6.2.6/6.3.0 of its open-source office software to address three new vulnerabilities that could allow attackers to bypass patches for two previously addressed vulnerabilities. LibreOffice is one of the most popular and open source alternatives to Microsoft Office suite and is available -
Bluetana App Quickly Detects Hidden Bluetooth Card Skimmers at Gas Pumps
In recent years, gas stations have become one of the favorite targets for thieves who are stealing customers' credit and debit card information by installing a Bluetooth-enabled payment card skimmers at gas stations across the nation. The media has also reported several recent crimes surrounding credit card skimmers, including: Gas pump skimmer found at a 7-Eleven in Pinellas County Credit -
SEC Looking Into First American Breach
May's massive breach at First American Financial Corp. exposed 885 million records. Now the company is drawing the attention of regulators, curious if any laws were broken.
-
Kaspersky Antivirus Flaw Exposed Users to Cross-Site Tracking Online
In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint -
Microsoft Urging Users to Patch New Wormable Vulnerabilities
Microsoft is urging users to patch a series of critical, BlueKeep-like vulnerabilities in Windows that could be used to spread malware and affect as many as 800 million machines.
-
New Bluetooth Vulnerability Lets Attackers Spy On Encrypted Connections
Over a billion Bluetooth-enabled devices, including smartphones, laptops, smart IoT devices, and industrial devices, have been found vulnerable to a high severity vulnerability that could allow attackers to spy on data transmitted between the two devices. The vulnerability, assigned as CVE-2019-9506, resides in the way 'encryption key negotiation protocol' lets two Bluetooth BR/EDR devices -
8 New HTTP/2 Implementation Flaws Expose Websites to DoS Attacks
Various implementations of HTTP/2, the latest version of the HTTP network protocol, have been found vulnerable to multiple security vulnerabilities affecting the most popular web server software, including Apache, Microsoft's IIS, and NGINX. Launched in May 2015, HTTP/2 has been designed for better security and improved online experience by speeding up page loads. Today, over hundreds of -
4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered
If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. It has been disclosed that the Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the previously-fixed 'BlueKeep' vulnerability. Discovered by -
Think Tank: Standard Contractual Clauses for International Transfers Should Mirror GDPR
The Centre for Information Policy Leadership issued a lengthy white paper last week highlighting challenges and recommendations around standard contractual clauses (SCCs) for international data transfers.
-
Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back from Windows XP to the latest Windows 10. The vulnerability, which could allow a low privileged application to read and write data to a higher privileged application, resides in the way MSCTF clients and server communicate with each
- Page 1 of 51
- Next page