SecurityWeek RSS Feed

SLUB Backdoor Spreads via Newly Patched Vulnerability

The threat actor behind the SLUB backdoor has started abusing a recently patched Internet Explorer vulnerability for distribution purposes, Trend Micro's security researchers reveal. read more

BMC Firmware Vulnerabilities Affect Lenovo, Gigabyte Servers

Researchers at firmware security company Eclypsium discovered that the baseboard management controller (BMC) shipped with some servers from Lenovo, Gigabyte and other vendors contains some potentially serious vulnerabilities. read more

Endpoint Security Evolving Against Airport Searches, GDPR

Travel pressure around privacy and compliance is forcing mobile endpoint software to evolve. Media coverage of recent airport phone searches has privacy enthusiasts worried, and Europe's General Data Protection Regulation ( GDPR ) has IT security and compliance teams thinking about data-loss policies. read more

Bulgarian IT Specialist Held Over Taxpayer Data Hack

A 20-year-old Bulgarian cybercrime specialist has been arrested over a hack and leak of a trove of taxpayer data , which authorities had initially suspected was a Russia-linked cyberattack, an official said Wednesday. read more

Oracle's July 2019 CPU Includes 319 Fixes

Oracle this week published its July 2019 Critical Patch Update (CPU), which brings a total of 319 security fixes across numerous product families. While fewer than 200 of these vulnerabilities can be exploited remotely without authentication, over 50 of them are rated Critical severity, almost all of them featuring a CVSS score of 9.8. read more

SWEED Hackers Target Manufacturing, Logistics Organizations

A threat actor active since at least 2017 has been mainly targeting victims with information stealers and remote access Trojans (RATs), Cisco's Talos security researchers explain. read more

Hackers Access Sprint Accounts via Samsung Website

US telecoms company Sprint has informed some customers that their Sprint accounts have been accessed by hackers via a Samsung website. read more

Boost Infrastructure Immunity Against the Ransomware Epidemic

Despite the recent incidents at the City of Baltimore , aluminum giant Norsk Hydro , and ASCO Industries , ransomware attacks have declined in both 2018 and 2019. read more

Enterprises Showing Increasing Backing of Zero Trust Authentication

Businesses Are Increasingly Adopting Zero-Trust Principles for Authentication in a Mobile World read more

Cyberattacks Inflict Deep Harm at Technology-Rich Schools

Over six weeks, the vandals kept coming, knocking the school system's network offline several times a day. There was no breach of sensitive data files, but the attacks in which somebody deliberately overwhelmed the Avon Public Schools system in Connecticut still proved costly. Classroom lesson plans built around access to the internet had come to a halt. read more

Extenbro DNS-Changer Used in Adware Campaign

A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals. read more

Bulgaria Probes Russia-Linked Leak of Taxpayer Data

Bulgaria ordered Tuesday a probe into the leak of a trove of taxpayer data in a Russia-linked cyberattack that was disclosed on the same day the former Soviet satellite nation moved to buy US-made F-16 jet fighters. read more

Thousands of Legacy Lenovo Storage Devices Exposed Millions of Files

Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices. read more

Russia-linked Hackers Use New Trojans in Recent Attacks

Russia-linked threat group Turla has released new variants of the KopiLuwak Trojan in attacks detected since the beginning of this year, Kaspersky's security researchers reveal. read more

Security Teams Often Struggle to Get Developers on Board: GitLab Study

A GitLab study based on responses from over 4,000 software professionals shows a disconnect between developer and security teams, and suggests that good DevOps can be the solution to security problems. read more

Why We Shouldn't Ignore The Male Majority When Pursuing an Inclusive Workplace

Cultural Change is Key to Making Hard-Earned Gains Persist Over Time read more

Symantec Shares Plunge After Reports of Broadcom Deal Stall

Shares of cybersecurity giant Symantec plunged on Monday following reports that the company's acquisition talks with Broadcom have stalled due to a disagreement over price. Several major news outlets reported in early July that chipmaker Broadcom had been in advanced talks to acquire Symantec in a deal that could exceed $15 billion. read more

Old Software Makes New Electoral Systems Ripe for Hacking

Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems. read more

Failures in Cybersecurity Fundamentals Still Primary Cause of Compromise: Report

Many Companies Are Still Failing at the Basics of Cyber Security, Analysis of More Than 1,000 Incidents Finds read more

Tesla Awards Researcher $10,000 After Finding XSS Vulnerability

Tesla Model 3 XSS vulnerability A researcher has earned $10,000 from Tesla after discovering a stored cross-site scripting (XSS) vulnerability that could have been exploited to obtain - and possibly modify - vehicle information. read more

Distributed by