News

Radiflow, a leading provider of industrial cybersecurity solutions for industrial automation networks, today announced that the company has added dynamic vulnerability assessment scoring capabilities in the new release of its iSID industrial threat detection solution. The current practices for risk assessments and security remediations employed by industrial enterprises and critical infrastructure operators generally rely on manual evaluations and follow unstructured processes. These processes are often time consuming and are not sufficiently responsive to changes in...

State-sponsored attackers continued to be extremely active in 2018 with major groups from at least a dozen countries involved in operations targeting government, business, and civilian targets throughout the year, according to analyses by two security firms. While advanced persistent threat (APT) groups have, in the past, often used custom frameworks to help compromise systems and exfiltrate data, current groups are just as likely to use open-source malware and legitimate administration tools as a way...

Last week, the sports trading card and collectible company Topps issued a data breach notification stating that it was affected by an attack, which possibly exposed the payment and address information of its customers. This type of attack is called a MageCart attack, which is when attackers hack a site to inject a malicious script into a site's checkout or cart pages. When a visitor enters their payment and address information, this script will copy the submitted data...

A Russian media outlet said it was the target of an alleged cyberattack by the U.S. military that “failed completely” to disrupt operations. The Federal News Agency, or FAN, which the U.S. says is linked to indicted Russian oligarch Yevgeny Prigozhin, said in a website statement that the “unprofessional” attack was focused on its English-language media project called USA Really. Source: Bloomberg

A US judge this week sentenced website hacker Billy Anderson to three months behind bars, refusing his lawyer's request not to put him in jail, in order to "send a message" to others. Anderson, 42, of Torrance, California, targeted thousands of websites under the hacker name AlfabetoVirtual, and boasted about his efforts on a hacking forum. But it was when he brought down the website of New York City's comptroller for nearly two days in...

Short-form video sharing app TikTok has been handed the largest ever fine for a US case involving children's data privacy. The company has agreed to pay $5.7m (£4.3m) and implement new measures to handle users who say they are under 13. The Federal Trade Commission (FTC) said the Musical.ly app, which was later acquired and incorporated into TikTok, knowingly hosted content published by underage users. Source: BBC

Children's charity the NSPCC has accused YouTube of failing to tackle dangerous content on its youth channel. YouTube Kids, dubbed as a safer, child-friendly version of the video-sharing site, has been criticised by parents for failing to remove cartoons that contain clips depicting suicide methods on its platform. The clips show a YouTuber demonstrating a suicide method. Google told the BBC it works hard to remove such content. Source: BBC

Spectre – the security vulnerabilities in modern CPUs' speculative execution engines that can be exploited to steal sensitive data – just won't quietly die in the IT world. Its unwelcome persistence isn't merely a consequence of the long lead time required to implement mitigations in chip architecture; it's also sustained by its ability to inspire novel attack techniques. The latest of these appeared in a paper presented at the Network and Distributed Systems Security (NDSS) Symposium 2019...

Social media platforms are a major conduit for malware and a highly effective marketplace for black hat resources, generating cybercrime worth over $3.2bn every year, according to Bromium. The security vendor’s latest report, Social Media Platforms and the Cybercrime Economy, is the result of a six-month study by Mike McGuire, senior lecturer in criminology at the University of Surrey. It follows a previous Into the Web of Profit report written by McGuire which estimated annual global cybercrime revenues at $1.5tr. The...

Facebook Inc will introduce a tool allowing users to clear their browsing history this year, which will affect the  company’s ability to target advertisements, Chief Financial Officer David Wehner told an investment conference on Tuesday. Facebook announced plans for a “Clear History” product last year, but technical challenges have delayed its implementation. Source: Reuters