News

Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. Security researchers at Palo Alto Networks reported that Iran-linked APT group OilRig is heavily leveraging on DNS tunneling for its cyber espionage campaigns, Palo Alto Networks reveals. OilRig is an Iran-linked APT group that has been […] The post Analyzing OilRig’s malware that uses DNS Tunneling appeared first on Security Affairs. […]

Most organizations lock down Wi-Fi access but rely on physical security and static segmentation as the primary defensive technique for the wired network. This blog is the first in a 3-part series that explores why this practice is commonplace today, the risks of this approach, and what alternatives exist.Let me start by telling you about a scenario that I often present when talking with customers:“I want to get inside your building. Towards the end of lunchtime, I find a group of employees returning to the office and walk with them. I’m wearing a badge that looks just like your company badge. I’m carrying a package in one hand and talking on a cellphone with my other hand. Will the employees hold the door open for me?”To read this article in full, please click her […]

A privacy foundation found unsecured databases that held LinkedIn data, including email addresses. […]

CyberInt found TA505 is using tactics and a remote administration tool, developed by TektonIT. […]

Following the tragic events in Paris, cyber-criminals have taken advantage of people's goodwill. […]

AI can help make government more efficient – but at what cost? Citizens' lives could be better or worse, based on how the technology is used […]

The developers of the Symfony PHP web application framework released updates that patch five vulnerabilities, three affecting the Drupal CMS. The development team of the Symfony PHP web application framework released security updates for five issues, three of which also affects Drupal 7 and 8. The developers of the Symfony PHP web application framework addressed […] The post Drupal patched security vulnerabilities in Symfony, jQuery appeared first on Security Affairs. […]

Facebook made the headlines once again for alleged violations of the privacy of its users, this time collecting contacts from 1.5 Million email accounts without permission. New problems for Facebook, the company collected contacts from 1.5 Million email accounts without user’permission. We recently read about an embarrassing incident involving the social network giant that asked […] The post Facebook ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission appeared first on Security Affairs. […]

On April 4, 2019, California Assembly Member Wicks proposed sweeping changes to bill AB 1760, effectively repealing the California Consumer Privacy Act of 2018 (CCPA) and replacing it with the Privacy for All Act of 2019 (PAA). The proposed rewrite would increase a business’s compliance obligations as well as its potential exposure to civil and regulatory liability, shifting California even closer to the requirements of the GDPR. If passed, the PAA will go into effect on January 1, 2021, giving businesses one additional year to implement the new requirements.To read this article in full, please click her […]

In mid-March, a suspicious Office document referencing the Ukraine elections appeared in the wild, is it related to APT28 and upcoming elections? Introduction The uncertain attribution of the Ukrainian themed malicious document discussed in our past article “APT28 and Upcoming Elections: Possible Interference Signals”, led us to a review of Sofacy’s phishing techniques to confirm or […] The post APT28 and Upcoming Elections: evidence of possible interference (Part II) appeared first on Security Affairs. […]