Researchers Disclose 2 Critical Vulnerabilities in SAP ASE

Doug Olenick • June 3, 2020

Researchers at the security firm Trustwave have disclosed six vulnerabilities in SAP Adaptive Server Enterprise 16.0 (ASE) database software, with two rated as critical. These two vulnerabilities could enable attackers to perform arbitrary code execution and tamper with a system's data.

►

Digital Identity

ZLoader Banking Malware Resurfaces

Latest

Application Security

Survey: Security Concerns Slow Down IoT Deployments

Jeremy Kirk • June 3, 2020

Worries over ransomware and malware are slowing down enterprise IoT deployments, which is a reflection of the reputational and customer relationship risks at stake, according to a new survey. Here's what enterprises need to keep in mind when selecting security technology for IoT.

Fraud Management & Cybercrime

REvil Ransomware Gang Auctioning Off Stolen Data

Ishita Chigilli Palli • June 3, 2020

The REvil ransomware gang has created a darknet auction site for stolen data, according to the security firm Emsisoft. Will other gangs follow suit?

Cyberwarfare / Nation-State Attacks

Thousands of Exim Servers Vulnerable to Critical Flaw: Report

Akshaya Asokan • June 3, 2020

Thousands of unpatched Exim email servers are potentially vulnerable to a critical flaw that the NSA says Russian-backed hackers are attempting to exploit, according to the security firm RiskIQ, which also warns of two other Exim vulnerabilities that should be patched.

Next-Generation Technologies & Secure Development

Confidential Computing: The Use Cases

Information Security Media Group • June 3, 2020

It's not just the latest marketing buzz. Confidential computing is an actual initiative focused on helping to secure data in use. But what are the uses cases? In part two of a two-part podcast, Richard Curran of Intel leads an expert panel discussion on the practice of confidential computing.

Next-Generation Technologies & Secure Development

Confidential Computing: Beyond the Hype

Information Security Media Group • June 3, 2020

Confidential computing is an emerging industry initiative focused on helping to secure data in use. But how does one separate hype from reality? In part one of a two-part podcast, Richard Curran of Intel leads an expert panel discussion on the concept of confidential computing.

Cybercrime

'Anonymous' Leak of Minneapolis Police Data Is a Hoax

Mathew J. Schwartz • June 3, 2020

Not all data breaches are what they might seem, and not all leakers are who they might claim to be. Take the doxing of the Minneapolis Police Department, supposedly by Anonymous hacktivists: The leaked employee information was almost certainly culled from old breaches. So who did it, and why?

Breach Notification

Federal Agencies Reported Fewer Security Incidents in 2019

Ishita Chigilli Palli • June 2, 2020

U.S. federal agencies reported 8% fewer cybersecurity incidents in 2019 compared to the previous year, according to the White House's Office of Management and Budget. But 71 audits of agencies' "high-value assets" showed many remain susceptible to attacks because of a lack of security measures.

Identity & Access Management

Study: Breach Victims Rarely Change Passwords

Akshaya Asokan • June 2, 2020

Even after being notified that their personal data has been compromised in a breach, only about a third of users change their passwords - and most are not strong or unique, according to a study by researchers at Carnegie Mellon University, who call for changes in breach notification procedures.

Cybercrime

TrickBot Update Makes Malware Harder to Detect: Report

Ishita Chigilli Palli • June 1, 2020

The developers behind TrickBot have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Network's Unit 42. The use of this malware has increased during the COVID-19 pandemic.

Application Security

Researcher Discloses 'Sign in with Apple' Zero-Day Flaw

Doug Olenick • June 1, 2020

An independent security researcher disclosed a zero-day vulnerability contained in the "Sign in with Apple" feature that, if exploited, could have resulted in a full account takeover. The vulnerability has been patched, and Apple says it found no account misuse tied to it.

Cybercrime

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing

Mathew J. Schwartz • May 29, 2020

Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.

Cybercrime

NSA: Russian Hackers Targeting Vulnerable Email Servers

Akshaya Asokan • May 29, 2020

A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.