German Cybersecurity researchers from Cologne University & the University of Hamburg coined a new class of web cache poisoning attack dubbed CPDoS that let an attacker force a particular website to deliver an error page instead of the legitimate one.

An annual international survey has found the cybersecurity industry to be dominated by Caucasian men for the second year running. The Exabeam Cybersecurity Professionals Salary, Skills and Stress Survey asks security professionals around the world about their job satisfaction, education

Security researchers have discovered close links between a digital skimming group, Dridex phishing campaigns and the notorious Carbanak malware. Malwarebytes researchers Jérôme Segura, William Tsing, and Adam Thomas examined WHOIS data prior to GDPR taking effect to uncover those behind

Mozilla released Firefox 70 with the fixes for security vulnerabilities that affected the previous version of Firefox and added Enhanced Tracking Protection (ETP) by default. Mozilla fixed 9 vulnerabilities including one critical severity bug, 3 high severity bug, and 5

Gustuff banking malware returns with new features, the threat actors behind Gustuff malware made changes with distribution hosts and disabled C2 infrastructure. The malware uses SMS messages for propagation. The Gustuff malware is a fully automated one, the malware is

The National Cyber Security Centre (NCSC) has confirmed that it dealt with 658 incidents in the past year, of which a significant number were “from hostile nation states.” As the NCSC launched its third annual review, in the same month

Two researchers from the Technical University of Cologne (TH Koln) have devised a new web attack that can be used by threat actors to poison content delivery networks (CDNs) into caching and then serving error pages instead of the legitimate

Researchers at Malwarebytes found a link between a scheme associated with the Magecart group and Dridex phishing campaigns and the activities of the Carbanak group. The Magecart group tracked as Magecart Group 5, one of the most active crime gangs

Google released Chrome 78 with the various new feature, improvements such as dark mode and fixes for 37 security vulnerabilities that affected the earlier version of Chrome. Chrome 78.0.3904.70, a stable channel now available for Android, Windows, Mac, and Linux.

American government agencies gathered in Washington, DC, yesterday to describe how they plan to fight interference in next year’s presidential election. In a lengthy hearing titled Securing America’s Elections Part II: Oversight of Government Agencies, high-ranking members of the Departments

Money-saving websites used by over 3.5 million bargain hunters have leaked 2 terabytes of sensitive information onto the dark web. Data exposed by British website PouringPounds.com and Indian sister site CashKaro.com includes bank details, full names, mobile phone numbers, email

A new global alliance has formed with the mission to protect operational technology used in critical and industrial infrastructure from cyber-threats. If disrupted, operational technology (OT)—the hardware and software dedicated to monitoring and controlling physical devices such as valves and

Students at a Pennsylvania high school are being questioned by police after allegedly hacking into a school website to gain a competitive edge in a high-stakes water gun fight. A breach of student college and career resource website Naviance was

The security expert and bug-hunter John “hyp3rlinx” Page discovered an arbitrary code execution vulnerability, tracked as CVE-2019-9491, in the Trend Micro Anti-Threat Toolkit. Trend Micro ATTK allows analyzing malware issues and clean infections. It can be used to perform system

The Home Group – one of the biggest housing associations in the UK – has warned around 4000 customers that their personal details may have been stolen after the company suffered a data breach. As reported by the BBC, Home

Trend Micro has announced the acquisition of Australian start-up Cloud Conformity, in a deal which will see it expand its cloud security portfolio to include mitigations for customer misconfigurations. Following the reported $70m deal, Trend Micro is offering the Cloud