Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of seconds by plugging-in a malicious hot plug ...
Read More »Cyber Security News
Hackers Favorite CoinHive Cryptocurrency Mining Service Shutting Down
Coinhive, a notorious in-browser cryptocurrency mining service popular among cybercriminals, has announced that it will discontinue its services on March 8, 2019.Regular readers of The Hacker News already know how Coinhive’s service helped cyber criminals earn hundreds of thousands of dollars by using computers of millions of people visiting hacked websites. For a brief recap: In recent years, cybercriminals leveraged every ...
Read More »Legislation Introduced in California to Strengthen Data Breach Notification Law
California Attorney General Xavier Becerra and Assemblymember Marc Levine (D-San Rafael) unveiled AB 1130, legislation to strengthen California’s data breach notification law to protect consumers. The bill closes a loophole in the state’s existing data breach notification law by requiring businesses to notify consumers of compromised passport numbers and biometric information. “Knowledge is power, and all Californians deserve the power to take ...
Read More »Microsoft Edge secretly whitelisted sites running Flash Player for Facebook
Facebook has found itself involved in another controversy, this time a cybersecurity researcher has revealed Microsoft Edge allows Flash Player content to be played on Facebook without notifying the user. Google Project Zero’s Ivan Fratric came across what is essentially a secret whitelist and reported it on November 26, 2018 and waited the usual 90 days before making his discovery public. ...
Read More »An unprotected server exposed almost 2.7 million call recording for six years
Of the 2.7 million exposed call recordings, almost 57,000 call recordings have filenames containing the telephone numbers of those who called the helpline. Researchers noted that the unprotected server available at nas.applion.se might have been impacted by almost 23 vulnerabilities with CVEs assigned between 2013 and 2018. A storage server containing real-time call recordings made to the 1177 Swedish Healthcare ...
Read More »Russian cyberattackers are in and gone in less than 20 minutes
Russian threat actors are almost eight-times faster at taking advantage of a compromised system compared to other nation-state actors, a tribute to their operational tradecraft, according to Crowdstrike’s 2019 Global Threat report. An analysis of what Crowdstrike calls “breakout time” shows the Russians are quicker, by a factor of eight, at moving laterally through a system and accomplishing their primary objectives then ...
Read More »Lockheed Martin, UCF Open $1.5 Million Cyber Lab in Orlando
Lockheed Martin and the University of Central Florida (UCF) celebrated the grand opening of a Cyber Innovation Lab on UCF’s campus that will help meet the growing local and national need for cybersecurity talent. “This lab will serve as the campus’ primary hub for students to develop and expand their information security skills, preparing them to enter this high demand field and ...
Read More »RUSSIA PLANS TO BRIEFLY DISCONNECT FROM THE INTERNET TO SEE WHAT HAPPENS
Russia is planning to disconnect itself from the internet as part of a planned experiment designed to protect the country from state-backed cyber attacks. Internet service providers in the country are working with the Russian government in preparation for the test, which comes in response to a proposed new law that will see all internet traffic pass through Russian servers. When it is ...
Read More »Google Play announces 2019 malicious app crackdown
Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying and stopping bad apps from entering ...
Read More »8 Cybersecurity Risks That May Impact Organizations in 2019
Aon’s 2019 Cyber Security Risk Report features eight risks that may impact organizations in the next 12 months, no matter where they are on their digital journey. “In 2018 we witnessed that a proactive approach to cyber preparation and planning paid off for the companies that invested in it, and in 2019, we anticipate the need for advanced planning will only further ...
Read More »