Alert! Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious…

Read More

Understanding the security risks of Remote Desktop Protocol over the internet

RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources. Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways. Today, it is very common for businesses to use RDP as a method to access…

Read More

Black Friday/Cyber Monday Ecommerce Security Threats

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December. As consumer behavior changes and online transactions become favored over traditional retail-store purchases, Black Friday and Cyber Monday are…

Read More

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB…

Read More

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to…

Read More

Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information

Majorities think their personal data is less secure now, that data collection poses more risks than benefits, and believe it is not possible to go through daily life without being tracked

Read More

Fraud Attacks Increase 30% in Q3 2019

Fraud increased 30 percent overall in Q3 2019 and bot-driven account registration fraud is up 70 percent as cybercriminals test stolen credentials in advance of the holiday retail season. The Q4 Fraud and Abuse Report by Arkose Labs found that one in five account openings were fraudulent. Arkose Labs examined transactions in the financial services, e-commerce, travel, social media,…

Read More

DHS Warns of Critical Flaws in Medtronic Medical Devices

Critical vulnerabilities impacting Medtronic Valleylab products could allow attackers to overwrite files and achieve remote code execution, the Department of Homeland Security (DHS) warns.

Read More

Understanding the Ripple Effect: Large Enterprise Data Breaches Threaten Everyone

Fallout from giants at the top is one of the largest drivers of cyber-impacts on everyday people and companies. Big businesses are constantly under attack, and that affects everyone from customers and business partners to parties with national security interests. When successful, the initial compromise is only a means to an end — the real…

Read More