Fraud Prevention Firm Sift Science Raises $53 Million
Fraud prevention and risk management solutions provider Sift Science today announced that it has closed a $53 million Series D funding round, bringing the total raised to date by the company to $107 million. The latest funding round was led by New York-based growth equity firm Stripes Group, with participation from SPINS, Remitly, Flatiron Health, […] more…The Security Spending Paradox
A Zero Trust Security Model Allows Organizations to Align Their Security Investments With What Works Best In a few weeks, security professionals from all around the world will descend on San Francisco for RSA Conference 2018 to discuss new approaches to information security and how to prevent being victimized by cyber-attacks. As always, the expo […] more…XM Cyber Unveils Automated Purple-Teaming at Speed and Scale
Israeli Cybersecurity Startup Launches Automated Advanced Persistent Threat (APT) Simulation Platform Penetration testing is the most effective method of testing whether existing security policy stands up against advanced attackers, but it doesn’t scale well to large, dynamic networks, and only provides a single conclusion at a specific point in time. The solution is clearly automation. XM […] more…F-Secure Looks to Address Cyber Security Risks in Aviation Industry
Aviation, as part of the transportation sector, falls within the critical infrastructure. While it may not have the same security issues as ICS/SCADA-based manufacturing and utilities, it has certain conceptual similarities; including, for example, a vital operational technology infrastructure with increasing internet connectivity, and the associated cyber risks. It also has one major difference — […] more…Combatting the Transformation of Cybercrime
The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows […] more…Cyber-Attack Prevention Firm Solebit Raises $11 Million
Tel Aviv-based cyber-attack prevention firm Solebit Labs, currently establishing new global headquarters in Silicon Valley, has announced completion of an $11 million Series A funding round led by ClearSky Security. Solebit was founded in 2014 by Boris Vaynberg, Meni Farjon, and Yossi Sara — all of whom graduated from Israel’s IDF technology units. The funding […] more…Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
We discovered a new campaign targeting organizations in Turkey, Pakistan and Tajikistan that has some similarities with an earlier campaign named MuddyWater, which hit various industries in several countries, primarily in the Middle East and Central Asia. Third party security researchers named the MuddyWater campaign as such because of the difficulties in attributing the attacks. […] more…Untangling the Patchwork Cyberespionage Group
by Daniel Lunghi, Jaromir Horejsi, and Cedric Pernet Patchwork (also known as Dropping Elephant) is a cyberespionage group known for targeting diplomatic and government agencies that has since added businesses to their list of targets. Patchwork’s moniker is from its notoriety for rehashing off-the-rack tools and malware for its own campaigns. The attack vectors they […] more…CONFICKER/ DOWNAD 9 Years After: Examining its Impact on Legacy Systems
The banking trojan known as DOWNAD (Detected by Trend Micro as DOWNAD family) first appeared back in 2008, where it managed to be one of the most destructive malware at the time, infecting up to 9 million computers and gaining worldwide notoriety. Despite being nearly a decade old, and years past its peak, DOWNAD, also […] more…qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
by Jaromir Horejsi (Threat Researcher) We encountered a few interesting samples of a file-encoding ransomware variant implemented entirely in VBA macros called qkG (detected by Trend Micro as RANSOM_CRYPTOQKG.A). It’s a classic macro malware infecting Microsoft Word’s Normal template (normal.dot template) upon which all new, blank Word documents are based. Further scrutiny into qkG also […] more…The Clock Is Ticking: Can You Find and Kill Advanced Malware Before it Kills Your Endpoints?
Your company’s computer system has been compromised by disguised malware. There is no greater feeling of dread for a security professional. This may put your mind at ease: Through automation, McAfee’s endpoint and sandbox tools can round up the malware, detonate it in a safe place, identify any compromised areas, and prepare them for you […] more…10 Ways to Bring your Incident Response Back from the Grave
It’s Día de Los Muertos—but that’s no excuse for your security threat processes to move like the walking dead. As hundreds of thousands of people around the globe take time to remember their ancestors today, we urge you to look back through your incident history. But don’t stop there, think about how you can improve […] more…Expiro Malware Is Back and Even Harder to Remove
File infector malware adds malicious code to current files. This makes removal tricky because deleting infections results in the loss of legitimate files. Although file infectors were more popular in the 1990s and early 2000s, they still pose a significant threat. The complex disinfection process is usually leveraged by malware authors to ensure systems stay […] more…Stefan’s Tale: A 17-Year Journey to McAfee
By Stefan, Senior Security Consultant in Melbourne, Australia. When I was younger, I wanted to be a policeman and help stop bad guys. As I got older, my dream career evolved into wearing a different kind of shield to stop a different type of bad guy. And in a 17-year tale spanning continents, I finally […] more…Do I Even Need to Secure the Cloud?
You share responsibility for securing your data in the cloud. What does that mean? More than anything else, that you understand where the layers of protection from your cloud provider ends, and your responsibility begins. A storm awaits many companies as they move infrastructure, applications, and entire portfolios to cloud services. Yet, the pace […] more…The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
In many instances, researchers and engineers have found ways to hack into modern, internet-capable cars, as has been documented and reported several times. One famous example is the Chrysler Jeep hack that researchers Charlie Miller and Chris Valasek discovered. This hack and those that have come before it have mostly been reliant on specific vulnerabilities […] more…More information
- HITB Publishes Full Videos of All #HITB2013AMS Talks
- Microsoft NAT Driver CVE-2013-3182 Denial of Service Vulnerability
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- Secusmart puts its BlackBerry encryption chip to work on the desktop
- MPAA says you can infringe copyright just by embedding a video
- Many WordPress Sites Affected by Vulnerabilities in ‘Popup Builder’ Plugin
- ‘HighRise’ Android Malware Used by CIA to Intercept SMS Messages
- Vulnerability & Patch Roundup — November 2025
- Resolved: Voice service degradation – Problems with inbound audio on calls outside the University phone system
- Attackers Use New NSIS Installers to Hide Ransomware