Vulnerabilities that could allow unauthorized file deletion, unauthorized command execution and authentication bypass impacted WD (Western Digital) MyCloud devices, Trustwave reports. The vulnerabilities were discovered in the MyCloud personal storage device and were reported to Western Digital last year. The company has already released a firmware update to address them. All of the issue were […]

Kaspersky Lab this week released an update for its Secure Mail Gateway to resolve a series of vulnerabilities that could lead to account takeover, code execution, and privilege escalation. The Kaspersky Secure Mail Gateway is an integrated email system and security solution that comes bundled with anti-spam, anti-malware, and anti-phishing and deployed on a virtual […]

Grammarly has fixed a bug with its Chrome browser extension that exposed its authorization tokens to websites, allowing sites to assume the identity of a user and view their account’s documents. “I’m calling this a high severity bug, because it seems like a pretty severe violation of user expectations,” said Tavis Ormandy, a researcher at […]

Researchers have released a proof-of-concept framework for a new covert channel for data exchange using the Transport Layer Security (TLS) protocol. The method exploits the public key certificate standard X.509 and could allow for post-intrusion C2 communication and data exfiltration to go unnoticed despite network perimeter protections. According to Fidelis researchers, the covert data exchange […]

Google set the record straight on Android security Tuesday, announcing that in 2017 it booted 700,000 apps from Google Play for violating marketplace policies. In a blog post titled “How we fought bad apps and malicious developers in 2017,” Google outlined efforts made over the last 12 months to keep users safe. “Last year we’ve […]

About 35% of organizations in a new survey said they’re taking a “cloud-first” approach to their business – meaning that all new projects are done in the cloud. However, 40% of respondents felt that their security solutions aren’t as flexible and scalable as the rest of their cloud initiatives. According to Hurwitz & Associates’ Balancing […]

In today’s complex IT environment, identifying security events fast is critical to minimizing the impact. However, in order to detect and remediate attacks in this environment, security teams need the proper tools to process and correlate massive amounts of real-time and historical security event data. By applying advanced analytics techniques to these huge amounts of […]

Ransomware has been a favorite and time-tested tool for cybercriminals, but the rise of cryptocurrency has given them a broad new target with key strategic advantages, leading to a sharp uptick in crypto mining botnets, researchers at Cisco Talos say. Attackers “are beginning to recognize that they can realize all the financial upside of previous […]

Nearly two-thirds of businesses worldwide have experienced significant delays in sales due to customer data privacy concerns, according to Cisco’s 2018 Privacy Maturity Benchmark Study. The study, based on the responses of roughly 3,000 cybersecurity professionals from 25 countries, shows that 65% of businesses reported sales cycle delays due to concerns over data privacy, with […]