SecurityWeek RSS Feed

Adobe Patches Over 80 Vulnerabilities in Three Products

Updates released by Adobe on Tuesday for its Acrobat and Reader, Experience Manager, and Download Manager products patch 82 vulnerabilities. It's worth noting that this month Adobe did not release any updates on Patch Tuesday, as the company usually does. read more

Fake 'checkra1n' iOS Jailbreak Offered in Click Fraud Scheme

iPhone owners looking to jailbreak their devices have been warned that a fake checkra1n jailbreak is being offered as part of a sophisticated click fraud scheme featuring techniques that could be used for far more malicious actions. read more

Securing All Cloud Deployments With a Single Strategy

Many organizations eager to reap the benefits of cloud networking have adopted a cloud first strategy. As a result, their DevOps teams are actively developing applications that enable them to compete more effectively in today's digital marketplace. Cost savings, agility, responsiveness and scalability are all drivers of this growing transition. read more

Researchers Find New Backdoor Used by Winnti Hackers

ESET security researchers were able to identify a new backdoor associated with the threat actor known as the Winnti Group. read more

Shadow IT Has Benefits Not Yet Fully Utilized by Business

Shadow IT is a well-known and long-standing organizational issue that has never really been solved. The problem is that it is a boon as well as a threat; and an uneasy balance exists between the two aspects.  But with increasing use and familiarity with the cloud and its opportunities, the threat is growing. The threat needs to be tackled, but without destroying the benefit. read more

Microsoft Makes Tamper Protection in Defender ATP Generally Available

Microsoft is now providing all of its Defender ATP (Advanced Threat Protection) customers with tamper protection, which is meant to prevent unauthorized changes to security features. read more

Google's USB-C Titan Security Key Arrives in the U.S.

Starting today, October 15, users in the United States have a new two-factor authentication (2FA) method at their disposal in the form of Google's USB-C Titan Security Key. Manufactured in partnership with Yubico, the USB-C Titan Security Key is compatible with Android, Chrome OS, macOS, and Windows devices. read more

Pitney Bowes Operations Disrupted by Ransomware Attack

Global shipping and ecommerce giant Pitney Bowes on Monday informed customers that some of its services are unavailable due to a piece of ransomware infecting some systems. read more

Click2Mail Informs Users of Data Breach

United States Postal Service (USPS) affiliate has started sending out notices to some of its users about a data breach that impacted their personal information. read more

Mozilla Hardens Firefox Against Injection Attacks

Mozilla this week announced a reduced attack surface for code injection in Firefox through the removal of potentially dangerous artifacts such as occurrences of inline scripts and eval() -like functions. read more

California Attorney General Outlines How State Will Enforce Upcoming Privacy Law

The California Attorney General Xavier Becerra has released the draft proposed regulations on how the state will enforce the California Consumer Protection Act (CCPA) that comes into force on January 1, 2020. read more

Critical Flaw in Sophos Cyberoam Appliances Allows Remote Code Execution

A critical vulnerability patched recently by Sophos in its Cyberoam firewall appliances allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges. read more

Why All Security Disciplines Should Use the Intelligence Cycle

The intelligence cycle is often underutilized in nearly every area of security. This iterative process through which data or information becomes intelligence can streamline, focus, and provide strategic guidance in myriad situations that extend far beyond the realm of traditional intelligence operations. But despite these benefits, in most cases (at least in the commercial sector), usage of the intelligence cycle is limited to threat intelligence programs.  read more

Alleged Hacker Arraigned on $1.4 Million Cryptocurrency Fraud Charges

A Michigan man appeared in federal court on Friday on charges related to his involvement in a scheme aimed at defrauding victims of at least $1.4 million in cryptocurrency. read more

Majority of Simjacker Attacks Aimed at Mobile Phones in Mexico

Researchers believe hundreds of millions of SIM cards may be vulnerable to Simjacker attacks after determining that the targeted technology, despite being very old, is still used by at least 61 mobile operators across 29 countries. read more

Thoma Bravo to Acquire Sophos for $3.9 Billion

Private equity investment firm Thoma Bravo has made an offer to acquire UK-based cybersecurity firm Sophos for $3.9 billion. The announcement was made on Monday and Sophos said its board of directors will "unanimously recommend the offer to the company's shareholders." read more

Compromised AWS API Key Allowed Access to Imperva Customer Data

Imperva has shared more information on how hackers managed to obtain information on Cloud Web Application Firewall (WAF) customers, and revealed that the incident involved a compromised administrative API key. read more

Amazon Calls for Government Regulation of Facial Recognition Tech

Amazon is endorsing the idea of government regulation of facial recognition technology, as part of a wide-ranging statement of its principles on a range of social and political issues. read more

'Attor' Cyber-Espionage Platform Used in Attacks Aimed at Russia

A recently uncovered highly targeted cyber-espionage platform that uses Tor for network communication has remained under the radar for at least six years, ESET reports. read more

Google Patches 8 Vulnerabilities in Chrome 77

Google this week announced an update for Chrome 77 that addresses 8 security vulnerabilities in the application, including 5 reported by external researchers. read more

Distributed by