Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Adobe Patch Tuesday tackles Reader, Acrobat flaws

Adobe’s eight Patch Tuesday updates addressed a multitude of flaws – including 76 in Acrobat and Acrobat Reader that were rated important as well as several in Creative Cloud and Experience Manager rated critical. Successful exploitation of the Acrobat and Acrobat Reader vulnerabilities “could lead to arbitrary code execution in the context of the current…

Cyberattacks hit NCH Healthcare System and Grays Harbor Community Hospital

Two hospital systems began notifying patients and employees of cyber incidents, one ransomware and another a data breach, that took place in June. Grays Harbor Community Hospital (GHCH) and Harbor Medical Group, in Aberdeen, Wash., just began informing patients of a ransomware attack that took place on June 15. At that time hospital databases containing…

Cracked.to hacking forum user data breached and leaked by rivals

Hacking online forum Cracked.to last July suffered a data breach at the hands of one of its rival communities, resulting in the compromise of roughly 321,000 members, breach reference website site “Have I Been Pwned?” reported this week. The breach resulted in a public doxxing that exposed a database containing 749,161 email accounts, as well…

Cyber leaders must take ownership of cyber skills gap

We’ve all heard about the cyber skills gap by now. As cyber adversaries grow more advanced and organizations struggle to manage these evolving threats, cybersecurity jobs are getting harder to fill. There are an estimated 2.9 million unfilled openings worldwide, with half a million in North America alone. Meanwhile, 60% of organizations say it takes…

Researcher details decades-old design flaws in Microsoft’s CTF protocol

Google Project Zero researcher Tavis Ormandy yesterday disclosed a series of 20-year-old flaws in Microsoft’s CTF protocol that could allow unauthorized parties to take over applications that use said protocol. According to Ormandy’s blog post and technical analysis, the flaw is specifically found in the msctf subsystem, which is a component of the Text Services…

Varenyky malware records porn on screen, distributes sextortion spam

A cybercriminal operation that’s been targeting France since May is attempting to distribute malware capable of recording the screens of victims who visit pornographic websites. In other cases, the malware sends out spam emails that merely intend to trick victims into believing their web sessions were recorded while they watched porn, even though they were…

Intel rolls out security updates for seven products

Intel has released a series of security updates crossing seven product lines with three rated high and four carrying a medium severity rating. The three high-rated issues cover Intel’s NUC (CVE-2019-11140), Processor Identification Utility for Windows (CVE-2019-11163) and Computing Improvement Program (CVE-2019-11162). The NUC vulnerability is due to an insufficient session validation in system firmware…

Fidelis Cybersecurity Deception 9.2.1

Fidelis Deception is one component of the Fidelis Elevate platform,  which combats the spectrum of cyberattacks by providing full visibility across hybrid, cloud and on-premises environments. Elevate automates threat and data theft detection to empower threat hunting and optimize incident response by providing context, speed and accuracy. By integrating bidirectional network traffic analysis with detection,…

Acalvio Technologies ShadowPlex 3.3

Acalvio Technology’s ShadowPlex aims to detect advanced attackers with precision and speed. It addresses the limitations of hard-to-install, difficult-to-maintain solutions otherwise not suited for enterprise-scale environments and allows organizations to deploy enterprise-wide deception solutions for accurate, timely and cost-effective detection. The company includes a rich palette of deception including decoys, breadcrumbs, baits and lures that…

Attivo Networks ThreatDefend Deception and Response Platform version 5.0

Attivo Networks’ ThreatDefend Deception and Response Platform arms the defender with no-nonsense threat detection and faster incident response that empowers organizations of all sizes and industries with visibility, high efficacy detection and intelligence-gathering to gain the upper hand against attackers. The platform supplies high-interaction traps, baits and lures developed for today’s evolving attack surface and…

Next hm-product-review in Security News