SEARCH
All Articles
Off With Their Heads!
Calls for jail time for C-suite executives after a data breach are getting louder, but proposed legislation such as the Corporate Executive Accountability Act would not prevent data breaches. Instead, it would will simply result in organizations lawyering up, CISO Advisor Dave Lewis argues.
Wipro Breach Looks a Case of Gift Card Fraud
The attack on IT outsourcing giant Wipro appears to have been motivated by gift card fraud, not espionage or a supply-chain attack against another company.
Attackers Using Oracle WebLogic Flaw to Install Sodinokibi Ransomware
The Sodinokibi ransomware is being installed on vulnerable Oracle WebLogic servers that haven't been patched against CVE-2019-2725.
Credit Union Sues Fintech Vendor for Security Lapses
Bessemer System Federal Credit Union is suing Fiserv for not fixing the security issues in its banking platform, and says that thousands of small banks and credit union using the same software don’t even know their customer data is also vulnerable.
Privacy Advocates Urge Creation of Data Protection Agency
As Congress considers various privacy bills, advocates are pushing for a federal data protection agency to enforce any new law.
Docker Hub Breach Can Have a Long Reach
Docker revoked tokens linking GitHub and Bitbucket with Docker Hub accounts after discovering "unauthorized access" in its Hub database. Developers should check their code to ensure no unauthorized changes have been made.
New Side-Channel Attack Extracts Private Keys From Some Qualcomm Chips
Researchers from NCC Group developed an attack that can pull private keys from the hardware-backed keystore in some Qualcomm chips.
Criminals Hosting Phishing Kits on GitHub
Criminals Hosting Phishing Kits on GitHub
DNSpionage Attackers Deploying New Karkoff Backdoor
The DNSpionage attack group is now using a new backdoor called Karkoff, which may have ties to the OilRig leaks as well.
Microsoft Will No Longer Recommend Forcing Periodic Password Changes
Users who hate having to change their Windows passwords every 60 days can rejoice: Microsoft now agrees that there is no point to forced password changes and will be removing that recommendation from its security recommendations.
BEC Scams Cost $1.2 Billion in 2018
BEC scams continue to rise and accounted for $1.2 billion in losses in 2018. The good news is that the FBI was able to work with banks to recover some of the funds.
Taking Hype Out of Bug Bounty Programs
“Bug bounty apostate” and Luta Security founder Katie Moussouris said bug bounty programs have veered away from their original mission: help organizations become more secure.
Targeted Phishing Attacks Hit Embassies, Agencies in Several Countries
A series of targeted phishing campaigns have hit victims in government finance agencies and embassies in several European and African countries.
Google Moves Developers to OAuth to Help Prevent Phishing Attacks
Google is planning to block sign-in attempts from embedded browser frameworks soon to help defeat some phishing attacks.
Someone is Leaking an Iranian Hacking Group’s Arsenal
An unknown leaker is publishing hacking tools used by the APT34 attack group that has been linked to Iranian intelligence.