Waterbug APT Hackers used hijacked infrastructure to attack governments and international organizations through various campaigns using new and publically available malware. The group also use living off the land for executing process on the systems. Symantec observed the targeted attack

An email phishing scam tries to dupe its victims by appearing to be from the Department of Homeland Security (DHS). According to a June 18 US CERT alert, the email lures users into downloading malware through a malicious attachment. “The

The vast majority of mobile apps store data insecurely, according to Positive Technologies researchers who discovered high-risk security vulnerabilities in 38% of iOS apps and 43% of Android apps. “But this difference is not significant, and the overall security level

Over the past decade, California has had the highest number of data breaches and the greatest number of records exposed, according to new research from Comparitech. In the new report, Protected: Which States Have the Most Data Breaches?, researchers analyzed

Proactive Controls for Software developers describing the more critical areas that software developers must focus to develop a secure application. The OWASP Top 10 Proactive Controls 2018 contains a list of security techniques that every developer should consider for every

Samba released security updates for a couple of vulnerabilities that could cause Denial of Service in dnsserver and LDAP server crash. Denial of Service in DNS Server The vulnerability allows an authenticated user to crash the RPC server via a

A Florida city has agreed to pay cyber-criminals $600,000 to regain access to computer systems encrypted with ransomware, highlighting the continued threat to organizations from extortion-based attacks. The Riviera Beach City Council voted unanimously to pay off the hackers, after

Identity fraud rose by 8% in the UK last year to hit an all-time high, with both the very young and old experiencing the biggest increases, according to Cifas. The anti-fraud non-profit’s latest Fraudscape report for 2018 was compiled as

Organizations are struggling to gain real-time visibility into their security technologies and suffering from an excessive number of tools running across the enterprise, according to new research from Panaseer. The security monitoring firm polled 200 enterprise CISOs to better understand

WINSpect is the PowerShell based windows auditing tool to enumerate and identify security weaknesses with windows platform and results of this audit can be useful for further hardening. Download the WINSpect Tool Here. Installation Open the Powershell with admin privileges

Oracle released an emergency security update for another critical remote code execution vulnerability that can be exploited by the remote attacker to gain control over the system. The vulnerability can be tracked as CVE-2019-2729 and has a CVSS Base Score

Researchers at Netflix have discovered new denial-of-service (DoS) vulnerabilities in Linux and FreeBSD kernels, including a severe vulnerability called SACK Panic that could allow malicious actors to remotely crash servers and disrupt communications, according to an advisory published at its

A security assurance program that focuses on business needs can help organizations meet the needs of business stakeholders, according to a new report released by Information Security Forum (ISF). The report, Establishing a Business-Focused Security Assurance Program, offers organizations ways

Most global organizations benefit from better security in the cloud than on-premise, with some key exceptions, including data loss prevention and configuration settings, according to McAfee. The security giant polled 1000 enterprises around the world and combined its findings with

Eatstreet, the online food ordering service, disclosed a security breach that exposed customer payment card data and details of partners EatStreet, an online and mobile food ordering service, disclosed a security breach that exposed customer payment card data and details