Security News
The percentage of companies admitting to suffering a mobile-related compromise has grown despite a higher percentage of organizations deciding not to sacrifice the security of mobile and IoT devices to meet business targets, Verizon has revealed in its third annual Mobile Security Index report, which is based on a survey of 876 professionals responsible for the buying, managing and security of mobile and IoT devices, as well as input from security and management companies such as Lookout, VMWare and Wandera. The report also shows that attackers hit businesses big and small, and operating in diverse industries, and that those that had sacrificed mobile security in the past year were 2x as likely to suffer a compromise.
Unisys announced that the company is offering $10,000 to participants who can capture data and credentials protected by the Unisys Stealth cybersecurity solution at RSA Conference 2020 in San Francisco. The "Unisys Stealth Capture the Flag" contest will take place on February 26 at the Moscone Center in San Francisco.
Over 20,000 web servers have been compromised via trojanized WordPress themes to deliver malware through malicious ads, Prevailion researchers have discovered. They are taking advantage of the widespread use of the WordPress content management system, an increased demand for premium themes and victims' lack of security awareness to get them to unknowingly compromise their own web servers.
Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network - regardless of whether that is a home or office. In 2016, earlier researchers were able to compromise Philips Hue lightbulbs with malicious firmware, and then propagate to other adjacent lightbulbs.
Citrix has released a new set of patches for the recently disclosed CVE-2019-19781 vulnerability and partnered with FireEye for a tool that tells users if their systems have been compromised via the security flaw. The vulnerability, disclosed in December 2019, impacts Citrix Application Delivery Controller and Gateway, and two older versions of SD-WAN WANOP. Following the public release of PoC exploits earlier this month, attackers started targeting vulnerable deployments - there are tens of thousands of vulnerable systems out there.
Citrix Systems and FireEye announced the launch of a new tool for detection of compromise in connection with the previously announced CVE-2019-19781 vulnerability, which affects certain versions of Citrix Application Delivery Controller, Citrix Gateway, and two older versions of Citrix SD-WAN WANOP. This tool is freely accessible in both the Citrix and FireEye GitHub repositories. The free tool is designed to allow customers to run it locally against their Citrix instances and receive a rapid assessment of potential indications of compromise in their systems based on known attacks and exploits.
Portland, Oregon-based children's clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. According to the breach notification letter, the "Incident potentially involved information submitted during the final purchase process on our website, www.hannaandersson.com, including name, shipping address, billing address, payment card number, CVV code, and expiration date." These details are often known on the dark web as 'fullz'; that is, the data contains all the information necessary for a criminal to make fraudulent purchases via the internet.
Nearly three quarters of consumers expect manufacturers of connected IoT devices to protect their devices from hacks, according to Karamba Security. Consumers take IoT security seriously This view...
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).