Security News

Mozilla announced on Thursday that it has expanded its bug bounty program with a new category that focuses on bypass methods for the exploit mitigations, security features and defense-in-depth measures in Firefox. Mozilla says mitigation bypasses have until now been classified as low- or moderate-severity issues, but they are now eligible for a reward associated with a high-severity flaw as part of the new Exploit Mitigation Bug Bounty.

How do I select a SIEM solution for my business?To select an appropriate SIEM solution for your business, you need to think about a variety of factors. New EvilQuest macOS ransomware is a smokescreen for other threatsA new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned.

Over half of security leaders still rely on spreadsheetsSenior security leaders within financial services companies are being challenged with a lack of trusted data to make effective security decisions and reduce their risk from cyber incidents, according to Panaseer. Security threats associated with shadow ITAs cyber threats and remote working challenges linked to COVID-19 continue to rise, IT teams are increasingly pressured to keep organizations' security posture intact.

Cisco has conducted a research project on bypassing fingerprint authentication systems and it achieved a success rate of roughly 80 percent, but the company's experts were unsuccessful against Windows devices. In the case of mobile phones, the researchers bypassed fingerprint authentication on a majority of devices.

Police Scotland to roll out encryption bypass technology, as one publication reported this week, causing some Register readers to silently mouth: what the hell? "The technology allows specially trained officers to triage mobile devices to determine if they contain information which may be of value to a police investigation or incident," the Scottish cops say of the program.

A pair of widely used WordPress plugins need to be patched on more than 320,000 websites to close down vulnerabilities that can be exploited to gain admin control of the web publishing software. The team at WebArx, a security firm specializing in WordPress and other CRM and publishing platforms, took credit for discovering and reporting the flaws in WP Time Capsule and InfiniteWP. Both plugins were patched earlier this month by the developer, and updates should be applied.

Interesting story of how a Chinese state-sponsored hacking group is bypassing the RSA SecurID two-factor authentication system. How they did it remains unclear; although, the Fox-IT team has their...

Some types of 2FA security can no longer be guaranteed to keep the bad guys out, the FBI warned US companies.

Threat Actors Using Social Engineering, Other Technical Techniques to Circumvent MFA ProtectionsThe FBI is warning banks, businesses and other organizations that cybercriminals are using social...

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked:...