Security researchers are seeing evidence that up to 36 global organizations have been hacked via exploits against a vulnerability in SAP Business Applications that was patched more than five years ago.
The vulnerability, patched by SAP in 2010, exists in the built-in functionality in SAP NetWeaver Application Server Java systems (SAP Java platforms).
read more
Windows Zero-Day Leveraged in Financial Attacks
Some of the attacks launched in March by a financially-motivated threat actor against organizations in North America involved a zero-day privilege escalation vulnerability affecting Windows.
According to FireEye, this sophisticated cybercrime group targeted more than 100 companies — mainly in the retail, hospitality and restaurant sectors.
read more
Microsoft Tells UN More Can be Done to Combat Digital Terror
Microsoft told the United Nations on Wednesday that technology companies can do more to combat digital terror, but warned there was no single solution to prevent terrorists from using the web.
"There is no silver bullet that will stop terrorist use of the Internet," Microsoft's vice president Steven Crown told a special Security Council debate on counter-terrorism.
read more
SAP Patches Critical Vulnerabilities in Enterprise Products
SAP on Tuesday issued a new round of monthly security updates for its products, patching a total of 10 vulnerabilities, including critical flaws in ASE XPServer, Crystal Reports for Enterprise, and Predictive Analytics.
read more
Facebook Open Sources CTF Platform
Facebook announced today that the source code of its capture the flag (CTF) platform has been made available on GitHub.
read more
Minimizing Exposure to Ransomware Attacks
Ransomware is dominating the headlines so far in 2016, having moved from targeting individuals to holding corporate data hostage and extorting payments to decrypt the files. Holding someone or something for ransom is a simple yet effective strategy that has been used by criminals for thousands of years.
read more
Wi-Fi Flaw Exposes Android Devices to Attacks
Serious WPA_Supplicant Vulnerability Allows Privilege Escalation, DoS Attacks
A serious vulnerability affecting a Wi-Fi technology used in the Android operating system and many other products allows malicious actors to escalate privileges and cause a denial-of-service (DoS) condition on affected devices.
read more
Multi-factor Authentication: Waking up to the Elephant in the Room
If the Panama Papers were a wake up call to pay closer attention to insider threats, two recent developments have revealed that we have awakened to an elephant in the room.
read more
Microsoft Patches Flaws Exploited in Targeted Attacks
Microsoft released on Tuesday 16 security bulletins to patch more than 30 vulnerabilities, including JScript and VBScript zero-days exploited in attacks targeting users in South Korea.
read more
Bayshore Networks Raises $6.6 Million to Protect Industrial Networks
Bayshore Networks, a provider of security solutions for the Industrial Internet of Things (IoT), announced on Tuesday that it has raised $6.6 million in Series A funding from Trident Capital Cybersecurity and existing angel investors.
read more
