Category: Threats & Malware

September 16, 2019

The U.S. has slapped sanctions on three well-known North Korean state-sponsored hacker groups – including the group that was tied to the 2017 WannaCry ransomware attacks and the 2014 cyberattack on Sony Pictures Entertainment. The three that were sanctioned are […]

September 16, 2019

Researchers have identified a new threat actor that is using impersonation fraud to purchase digital certificates that are then used for the spread of malware. Security firm ReversingLabs identified a bad actor that deceives certificate authorities into selling them legitimate […]

September 16, 2019

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) last week published several advisories describing vulnerabilities in CODESYS products, many of which can be exploited remotely for arbitrary code execution, denial-of-service (DoS) attacks, and other purposes. 3S-Smart […]

September 13, 2019

The cyber security industry needs to embark on a charm offensive and address its image problem if it is to successfully recruit more diverse teams in terms of gender, race, sexuality and neurodiversity, according to a panel of sector experts […]

September 12, 2019

SAP released the September 2019 Security Patch that addressed four Security Notes rated as Hot News by the company, but only one of them is new. SAP released 16 new or updated Security Notes, the overall number of Security Notes […]

September 11, 2019

Thirty-six of all security fixes are for vulnerabilities reported by external researchers. These include one Critical bug, eight High severity issues, 17 Medium risk flaws, and 10 Low severity vulnerabilities. The most important of the patches addresses a Critical use-after-free […]

September 10, 2019

The first half of 2019 saw a 13 percent increase in fraudulent activity compared to the previous six months, with a spike in June representing the highest-volume bot attack that’s been recorded since 2016, according to an analysis from LexisNexis. […]

September 10, 2019

The zero-day vulnerabilities are CVE-2019-1214 and CVE-2019-1215. The first affects the Windows Common Log File System (CLFS) and it allows an authenticated attacker with regular user privileges to escalate permissions to administrator. The security hole was reported to Microsoft by […]

September 10, 2019

The North American Electric Reliability Corporation (NERC) reports that a cyberattack on the US power grid earlier this year was caused by a target entity’s network perimeter firewall flaw. On March 5, 2019, an incident targeted a “low-impact” grid control […]

September 9, 2019

A quarterly report published last spring by the National Energy Technology Laboratory revealed that a cyber event caused “interruptions of electrical system operations” at an unnamed utility in the western part of the United States. The incident, which occurred on […]