Intel CPUs Vulnerable to New ‘BranchScope’ Attack
Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks. The new attack, dubbed BranchScope, has been identified and demonstrated by a team of researchers from the College of […] more…Why Does Data Exfiltration Remain an Almost Unsolvable Challenge?
From hacked IoT devices to corporate infrastructures hijacked for crypto-mining to automated ransomware, novel and sophisticated cyber-attacks are notoriously hard to catch. It is no wonder that defending against these silent and never-seen-before threats dominates our security agendas. But while we grapple with the challenge of detecting the unknown, data exfiltration – an old and […] more…Is Your SOC Caught in the Slow Lane?
Everybody’s got a device. And the data on that device is moving into the public cloud. Massive amounts of data. In a world of massive amounts of data, who’s the traffic cop? The Security Operation Center (SOC). But these days the daily flow of data traffic resembles a Formula One race car going full out, […] more…McAfee Safe Connect, Two Gold Award Winners of 2018 Info Security PG’s Global Excellence Awards®
On February 28th, Info Security Products Guide Global Excellence Awards presented their 2018 award winners. We are humbled to have received two golds in the Product or Service Excellence of the Year — Security Information and Website & Web Application Security for McAfee Safe Connect. Product Overview: McAfee Safe Connect is a VPN (Virtual Private Network) that helps users […] more…Don’t Get Duped: How to Spot 2018’s Top Tax Scams
It’s the most vulnerable time of the year. Tax time is when cyber criminals pull out their best scams and manage to swindle consumers — smart consumers — out of millions of dollars. According to the Internal Revenue Service (IRS), crooks are getting creative and putting new twists on old scams using email, phishing and malware, […] more…Android Trojan Leverages Telegram for Data Exfiltration
A newly discovered Android Trojan is abusing Telegram’s Bot API to communicate with the command and control (C&C) server and to exfiltrate data, Palo Alto Networks security researchers warn. Dubbed TeleRAT, the malware appears to be originating from and/or to be targeting individuals in Iran. The threat is similar to the previously observed IRRAT Trojan, […] more…18.5 Million Websites Infected With Malware at Any Time
There are more than 1.86 billion websites on the internet. Around 1% of these — something like 18,500,000 — are infected with malware at a given time each week; while the average website is attacked 44 times every day. Sitelock has published its Q4 2017 Website Security Insider analysis of malware and websites based on […] more…Virsec Raises $24 Million in Series B Funding
Virsec, a cybersecurity company that protects applications from various attacks, today announced that it has closed a $24 million Series B funding round led by tech investment firm BlueIO. This latest funding round brings the total amount raised to-date by the company to $32 million. The company previously raised $1 million in seed funding and […] more…7 Digital Safety Tips for Teens Filing Their First Tax Returns
Landing that first part-time job in high school and filing your first tax return is a rite of passage for a young person. So why am I so anxious about my daughter becoming a taxpayer and sharing her pristine personal data with the U.S. government? Where do I begin? The fact is, the more widely […] more…What’s New in the World of Ransomware?
Ransomware, the type of malware that can infect your computers and devices, lock you out of your own files, and demand a ransom to unlock them, is growing rapidly in both incidents and sophistication. In some cases, ransomware is even used as a cover to distract from more serious attacks, so it’s important for everyone […] more…CTS Labs Provides Clarifications on AMD Chip Flaws
As a result of massive backlash from the industry, Israel-based security firm CTS Labs has provided some clarifications about the recently disclosed AMD processor vulnerabilities and its disclosure method. CTS Labs this week published a report providing a brief description of 13 critical vulnerabilities and backdoors found in EPYC and Ryzen processors from AMD. The […] more…New Vulnerabilities in Smart TVs Could Allow Hackers to Spy on Users
As recent events like CES and MWC have proved, the popularity of connected devices is showing no signs of slowing. Everything has been transformed into smart: lightbulbs, ovens, sprinkler systems – with one of the first trailblazers being the smart TV. And now, it’s been discovered that smart TVs may be vulnerable to cyberattacks, as […] more…A Brief History of Cloud Computing and Security
According to recent research1, 50% of organizations use more than one public cloud infrastructure vendor, choosing between Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform and a series of others. 85% of those using more than one cloud infrastructure provider are managing up to four1, seeking the best fit for their applications and hedging […] more…Combatting the Transformation of Cybercrime
The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows […] more…Microsoft Releases More Patches for Meltdown, Spectre
Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10. Meltdown and Spectre allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to CVE-2017-5754, while Spectre attacks are possible due to […] more…March Patch Tuesday Fixes 75 Security Issues, Drops Registry Key Requirement in Windows 10
Microsoft’s Patch Tuesday for March is an eventful one, with updates that comprise fixes for 75 security issues and a change of tack in its patch deployment process for Windows 10. Of the vulnerabilities Microsoft patched for this month, 14 were rated as Critical and 61 Important. Six of these were disclosed through Trend Micro’s […] more…More information
- Macro Malware Has Returned: Intel Security
- Microsoft Windows DirectX Graphics Kernel CVE-2018-8484 Local Privilege Escalation Vulnerability
- Steam tightens security to stem tide of 77,000 monthly hijackings
- US Homeland Security must disclose ‘internet kill switch’, court rules
- FTC warns app developers against using audio monitoring software
- The Art of Ruthless Prioritization and Why it Matters for SecOps
- IBM Watson, FDA to explore blockchain for secure patient data exchange
- Password Minder: The blank notebook that got laughed out of production
- Cracking passwords from the Philips hack – an important lesson
- Trump Signs Bill Banning Kaspersky Products