News
-
"Knowing What the Enemy Knows Is Key to Proper Defense"Etay Maor, the Chief Security Officer (CSO) at the threat intelligence firm IntSights gave a presentation at the Black Hat Europe 2020 virtual event in which they emphasized the importance of knowing what the enemy knows when defending an organization… -
"Total Published CVEs Hits Record High for Fourth Year"Researchers at K2 cybersecurity have found that the past 12 months have seen a record number of CVEs published by the US authorities, which is the fourth year in a row the number of CVEs published has risen. Last year, 17,306 CVEs were published,… -
"RAM-Generated Wi-Fi Signals Allow Data Exfiltration From Air-Gapped Systems"Mordechai Guri, the head of R&D at the Ben-Gurion University of the Negev in Israel, recently published a paper detailing a new technique to exfiltrate data from an air-gapped system. Air gapping is a security measure in which a computer or network…
-
"Millions of Medical Imaging Files Freely Accessible on Unprotected Servers"Researchers at CyberAngel discovered that more than 45 million medical imaging files, including X-rays and CT scans, can be accessed on over 2,140 unprotected servers across the US, UK, Germany, and 64 other countries. These files include personally… -
"New, Free Tool Adds Layer of Security for the Software Supply Chain"Researchers at the NYU Tandon School of Engineering developed an open-source tool called "in-toto" to bolster software supply chain security against cyberattacks. In-toto is a free and easy-to-use framework that cryptographically ensures the integrity of…
-
"Apple's App 'Privacy Labels' Are Here—and They're a Big Step Forward"Apple has launched new privacy labels for iOS and macOS App Stores to increase the transparency of apps' data collection. The labels are considered nutrition facts for apps in that they provide details to users about what data is collected and accessed…
-
"Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure"Researchers at Armis found that thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology (OT) gear and the internet of things (IoT). Even though there are patches out…
-
"DHS CISA Alerts to Medtronic MyCareLink Medical Device Flaws"The U.S. Homeland Security Department's Cybersecurity & Infrastructure Security Agency (CISA) released an alert about vulnerabilities found in Medtronic MyCareLink (MCL) medical devices. The vulnerabilities were discovered by the Internet of Things (… -
"HackerOne, Verizon Weigh Pros and Cons of Making Live Hacking Contests Virtual"One of the effects of the COVID-19 pandemic is the change of live hacking events from being hosted in-person to being held virtually. Due to the pandemic, Verizon Media, in collaboration with HackerOne, had to hold two hacking events online. They both…
-
"New Windows Trojan Steals Browser Credentials, Outlook Files"Researchers with Palo Alto's Unit 42 research team have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities. The trojan is called PyMicropsia (due to it being built… -
"Phishing Campaign Uses Outlook Migration Message"Researchers at Abnormal Security have released details about an ongoing phishing campaign aimed at harvesting users' Office 365 credentials. The phishing emails in the campaign are designed to appear as if they were sent from the IT department… -
