Sephora has notified customers in the Asia-Pacific region who have online accounts that the cosmetics and beauty products retailer suffered a data breach, according to Malay Mail. Customers reportedly received an email in which the company explained that an unauthorized

The most common configuration problems found in the majority of penetration tests can be easily resolved with straightforward fixes. Analysis from more than 50 engagements in the first half of 2019 by Lares, shared exclusively with Infosecurity, found that the

Personal information on thousands of Los Angeles Police Department (LAPD) officers and applicants appears to have been stolen in a breach of local government security. The suspected hacker claims they have their hands on the data of 2500 LAPD officers,

Total losses of data and devices by the UK’s Ministry of Defence (MoD) have risen by nearly 300% over the past two years, according to official figures. The figure jumped from 117 incidents in 2017-18 to 463 in 2018-19, according

Capital One has announced a major breach of customers’ personal data, affecting over 100 million Americans and a further six million in Canada. The financial institution blamed “unauthorized access by an outside individual” who has been arrested by the FBI

Researchers discovered 11 zero-day vulnerabilities dubbed “URGENT/11” in the most widely used operating system VxWorks, a Real-Time Operating System (RTOS) family. VxWorks is Developed as proprietary software by Wind River Systems used in 2 billion devices including Firewalls, MRI machines,

A new family of Android Ransomware dubbed Android/Filecoder.C distributed various online forums and further uses the victim’s contact list to SMS with a malicious link. ESET detected the ransomware activity since July 12th, 2019, “Due to narrow targeting and flaws

Capital one hacked, the hack exposed more than 100 million customers data across the US and Canada. The breach was learned by Capital One Financial Corporation on July 19, 2019. Following are the personal information affected with the breach that

CASB definition Think of cloud access security brokers (CASBs) as central data authentication and encryption hubs for everything your enterprise uses, both cloud and on-premises and accessed by all endpoints, including private smartphones and tablets. Before the CASB era, enterprise

New vulnerabilities give hackers the ability to bypass the payment limits on Visa contactless cards regardless of the card terminal, according to new research from Positive Technologies. In a July 29 press release, Positive Technologies said that researchers tested the

Working in the security operations center (SOC) is growing increasingly more painful because of an increasing workload and alert fatigue, according to new research, Improving the Effectiveness of the Security Operations Center, published by the Ponemon Institute and sponsored by

A new scam is impersonating WhatsApp and using the fraudulent claim that its victims will receive “free internet,” according to ESET researchers. “Researchers in Latin America received a message on WhatsApp stating that the app was giving away 1,000 GB

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 billion attacks. The situation is better in the

Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0. Playing a specially-crafted video on devices with the Android’s native video player

Researchers discovered a new campaign with Zegost info stealer malware that believed to be originated from Chinese based threat actors who is targeting government networks in China. Zegost uncovered back to 2011 since then attackers updated with various new functionalities

A new multistage attack exploiting Elasticsearch servers using the old unpatched vulnerability to invoke a shell with a crafted query and encoded Java commands. The attack aims to deliver BillGates/Setag Backdoor against vulnerable Elasticsearch servers. The attack targets the already