Cybersecurity News and Product Reviews | SC Media

Home

Everything is hackable: The crowd is here to help

The cybersecurity industry at large is facing a massive skills shortage. Coupled with a growing attack surface and economically incentivized adversaries, this skills gap has made it more difficult than ever for organizations to shore up their defenses. Security experts are in high demand, meaning they can command higher paychecks. It also means they have…

High-volume eGobbler malvertising campaign exploits zero-day Chrome bug

By

A malicious actor has been leveraging a Google Chrome browser exploit to deliver malvertisements to iOS users, including a campaign earlier this month during which 500 million user sessions were exposed to a session hijacking attack. Dubbed eGobbler by researchers at Confiant, the threat actor from April 6-10 ran a massive operation consisting of eight…

Ransomware ravages municipalities nationwide this week

By

Municipalities took a beating this week with at least four reporting being shut down from new ransomware attacks or struggling to recover from an older incident. Augusta, Maine; Imperial County, Calif.; Stuart, Fla.; and Greenville, N.C. were all in different stages of recovering from ransomware attacks over the last seven days. Augusta City Center operations…

Drupal releases correct four moderately critical third-party vulnerabilities

By

Drupal this week issued a series of security releases to fix four “moderately critical” vulnerabilities, three related to the content management system’s Symfony PHP web application framework and a fourth involving the jQuery project JavaScript library. The three Symfony issues consist of: A cross-site scripting bug caused by the failure of validation messages in the…

Chucky is a rogue IoT device in latest Child’s Play trailer

By

The most recent iteration of the Child’s Play franchise features the murderous doll Chucky as a rogue IoT device gone mad. The new film’s trailer features Chucky connected to the “Buddi” platform which allows users to control all of their connected home devices including various electronics, toys, and anything else that can be forged into…

Mueller report details Russian interference in 2016 election, interactions with Trump team, WikiLeaks

By

Russian military intelligence apparently successfully penetrated an unnamed Florida county election system and gained “access to the network of at least one Florida county government.” And that’s just one of the findings in Special Counsel Robert Mueller’s much-anticipated report released Thursday. In the sprawling 448-page, partially redacted report, Mueller methodically laid out Russia’s efforts to…

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature

By

Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…

Chipotle

Chipotle customers stewing over payment card hack

By

Chipotle is receiving some negative customer reviews, but not over its food. Instead, some customers are saying on Twitter and Reddit that their payment card information has been hacked and is being used to make fraudulent purchases at the Mexican food chain. Chipotle denies a breach has taken place, although company officials did admit to…

Cisco patches 29 vulnerabilities including one being actively exploited in Sea Turtle campaign

By

Cisco latest round of security updates addresses 29 vulnerabilities in multiple Cisco products that could allow a remote attacker to take control of an affected system and one of which is being actively exploited in Sea Turtle campaign. Admins in charge of Cisco ASR 9000 Series Aggregation Services Routers have been instructed to urgently address…

Next post in Patch Management