Splunk last week released an update for Splunk Enterprise to address an information theft bug and a persistent Cross Site Scripting (XSS) vulnerability.
read more
UEFI Vulnerabilities Found in Gigabyte Mini PCs
Endpoint security firm Cylance has disclosed the details of two potentially serious UEFI vulnerabilities that can be exploited to install a backdoor on some Gigabyte BRIX mini PCs. The vendor is working on a firmware update that will address the flaws.
read more
APT29 Uses Stealthy Backdoor to Maintain Access to Targets
Researchers at FireEye-owned Mandiant have conducted a detailed analysis of a stealthy backdoor used by the Russia-linked cyberespionage group APT29 to maintain access to targeted systems.
read more
Social Media Passwords Provide Easy Route into Corporate Networks
A combination of 'security fatigue' among users and inadequate password controls among the social media giants is providing a large attack vector for cybercriminals. This is the conclusion of a newly published survey that queried more than 250 security professionals at the RSA Conference in San Francisco in February 2017.
read more
Android Ransomware Employs Advanced Evasion Techniques
A newly discovered Android ransomware family employs heavy obfuscation and delayed activation of malicious functionality to ensure it can evade anti-virus solutions, Zscaler security researchers warn.
read more
Fake Flash Player Ads in Skype Lead to Malware
Skype users appear to have been targeted in a recent malvertising campaign that was aggressively pushing malware hidden behind a fake Flash Player package.
read more
No Prizes Awarded in Google’s Android Hacking Contest
Google reported last week that its Project Zero Prize contest was not as successful as the company hoped it would be – no valid Android exploits were submitted and no prizes were awarded.
read more
Job Seekers’ Data Stolen in Hack of McDonald’s Canada
McDonald's Canada said Friday hackers stole the personal data of about 95,000 job seekers from the fast food chain's recruitment website over the past three years.
The data was from people who had sought work with the company since March 2014, and the company said it has launched an investigation into the hack.
read more
German Military to Launch Cyber Command
Germany's armed forces Saturday launch a cyber command, with a status equal to that of the army, navy and air force, meant to shield its IT and weapons systems from attack.
read more
Schneider Electric Patches Flaws in Modicon, Wonderware Products
Schneider Electric has released software and firmware updates to address several vulnerabilities affecting some of the company’s Wonderware and Modicon products.
read more