ML tool identifies domains created to promote fake news
Academics at UCL and other institutions have collaborated to develop a machine learning tool that identifies new domains created to promote false information so that they can be stopped before fake news can be spread through social media and online channels. To counter the proliferation of false information it is important to move fast, before…
Palo Alto Networks to Acquire Attack Surface Management Firm Expanse in $800 Million Deal
As its largest acquisition to date, Palo Alto will pay $670 million in cash and stock and approximately $130 million in equity awards. Expanse’s platform provides customers with a vulnerability map of externally exposed and untracked assets and helps evaluate and mitigate risk. Following the acquisition, Expanse’s attack surface management capabilities will be integrated into…
Holiday gifts getting smarter, but creepier when it comes to privacy and security
A Hamilton Beach Smart Coffee Maker that could eavesdrop, an Amazon Halo fitness tracker that measures the tone of your voice, and a robot-building kit that puts your kid’s privacy at risk are among the 37 creepiest holiday gifts of 2020 according to Mozilla. Researchers reviewed 136 popular connected gifts available for purchase in the…
Vulnerabilities Exploited at Chinese Hacking Contest Patched in Firefox, Chrome
The Firefox vulnerability, tracked as CVE-2020-26950, has been described as an issue related to write side effects in MCallGetProperty opcode not being accounted for. “In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition,” Mozilla said in an advisory published on Monday. The flaw was fixed with…
4 top deception tools and how they ensnare attackers
A few years ago, many deception technology companies were in the process of adding advanced features like cloud integration, artificial intelligence (AI) and automation to their platforms to combat increasingly advanced threats. The upgraded defenses were necessary because skilled attackers were starting to unmask and circumvent classic deception tricks like dropping breadcrumbs pointing at fictitious,…
How fake news detectors can be manipulated
Fake news detectors, which have been deployed by social media platforms like Twitter and Facebook to add warnings to misleading posts, have traditionally flagged online articles as false based on the story’s headline or content. However, recent approaches have considered other signals, such as network features and user engagements, in addition to the story’s content…
Quantum computers: How to prepare for this great threat to information security
The race is on to build the world’s first reliable and truly useful quantum computer, and the finish line is closer than you might think – we might even reach it this decade. It’s an exciting prospect, particularly as these super-powerful machines offer huge potential to almost every industry, from drug development to electric-vehicle battery…
Cisco Working on Patch for Code Execution Vulnerability in VPN Product
The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers. According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script. The vulnerability is related to…
How to buy Bitcoin for ransomware payment (if you must)
Law enforcement agencies across the world advise companies that are victims of ransomware attacks not to pay the ransom. Aside from the risk of criminals taking the money and running, paying encouraging further attacks and potentially could be illegal depending on where the money is being sent. The US Treasury Department’s Office of Foreign Assets…
How do I select a compliance solution for my business?
A recent survey revealed that, on average, organizations must comply with 13 different IT security and/or privacy regulations and spend $3.5 million annually on compliance activities, with compliance audits consuming 58 working days each quarter. As more regulations come into existence and more organizations migrate their critical systems, applications and infrastructure to the cloud, the…
