Security News
Researchers have demonstrated an ability to compromise an IoT smart bulb, and then use malware from the internet-connected bulb to infiltrate the rest of a network - regardless of whether that is a home or office. In 2016, earlier researchers were able to compromise Philips Hue lightbulbs with malicious firmware, and then propagate to other adjacent lightbulbs.
Citrix has released a new set of patches for the recently disclosed CVE-2019-19781 vulnerability and partnered with FireEye for a tool that tells users if their systems have been compromised via the security flaw. The vulnerability, disclosed in December 2019, impacts Citrix Application Delivery Controller and Gateway, and two older versions of SD-WAN WANOP. Following the public release of PoC exploits earlier this month, attackers started targeting vulnerable deployments - there are tens of thousands of vulnerable systems out there.
Citrix Systems and FireEye announced the launch of a new tool for detection of compromise in connection with the previously announced CVE-2019-19781 vulnerability, which affects certain versions of Citrix Application Delivery Controller, Citrix Gateway, and two older versions of Citrix SD-WAN WANOP. This tool is freely accessible in both the Citrix and FireEye GitHub repositories. The free tool is designed to allow customers to run it locally against their Citrix instances and receive a rapid assessment of potential indications of compromise in their systems based on known attacks and exploits.
Portland, Oregon-based children's clothing maker Hanna Andersson has quietly disclosed a breach to affected customers. According to the breach notification letter, the "Incident potentially involved information submitted during the final purchase process on our website, www.hannaandersson.com, including name, shipping address, billing address, payment card number, CVV code, and expiration date." These details are often known on the dark web as 'fullz'; that is, the data contains all the information necessary for a criminal to make fraudulent purchases via the internet.
Nearly three quarters of consumers expect manufacturers of connected IoT devices to protect their devices from hacks, according to Karamba Security. Consumers take IoT security seriously This view...
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).
Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).
Ultra-Lucrative Campaigns Continue, Warns David Stubley of 7 ElementsMany businesses don't seem to be able to block the ongoing scourge of sophisticated business email compromise schemes....
Identity deception attacks continue to grow, but the type of attack seems to be changing. During Q3, 2019, phishing campaigns impersonating brands dropped by 6% over the previous quarter. Attacks...
A group of Chinese hackers carrying out political espionage for Beijing has been found targeting telecommunications companies with a new piece of malware designed to spy on text messages sent or...