MonthOctober 2019

32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant

Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.

Slow Retreat from Python 2 Threatens Code Security

The end of life is near for Python 2, and there will be no rising from the grave this time. So why are some companies and developers risking a lack of security patches to stay with the old version of the programming language?

Chinese Cyber Espionage Group Steals SMS Messages via Telco Networks

APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says.

Coalfire CEO Wants Criminal Charges Against His Employees Dropped

Felony charges against two employees tasked with testing the physical security of the Dallas County, Iowa, courthouse have been lessened, but that's not enough, CEO says.

Quantifying Security Results to Justify Costs

The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.

Quantifying Security Results to Justify Costs

The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.

New Office 365 Phishing Scam Leaves A Voicemail

A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.

9 Ways Data Vampires Are Bleeding Your Sensitive Information

Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.

Google strengthens Chrome’s site isolation to protect browser against its own vulnerabilities

Google is telling Chrome users that it has extended an advanced defensive technology to protect against attacks exploiting vulnerabilities in the browser's Blink rendering engine.

Chrome 77, which launched in September but was supplanted by Chrome 78 on Oct. 22, received the beefed-up site isolation, wrote Alex Moshchuk and Łukasz Anforowicz, two Google software engineers, in an Oct. 17 post to a company blog. "Site Isolation in Chrome 77 now helps defend against significantly stronger attacks," the two said. "Site Isolation can now handle even severe attacks where the renderer process is fully compromised via a security bug, such as memory corruption bugs or Universal Cross-Site Scripting (UXSS) logic errors."

To read this article in full, please click here

As Phishing Kits Evolve, Their Lifespans Shorten

Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime.