Joomla vulnerability can be exploited to hijack sites, so patch now!
If you’re running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible – or risk your site being hijacked. The newest version of the popular CMS has been released on Tuesday (December 13), and it fixes three vulnerabilities, several bugs, and includes a number of new security…
Corporate Office 365 users hit with clever phishing attack
Corporate Office 365 users are being targeted by phishers using a clever new trick to bypass email filters and the default security protections of the Microsoft service. The attack comes in the form of fake emails, and the trick makes the user to see one URL in the link, anti-phishing filters another, and the actual…
DDoS attacks via WordPress now come with encryption
Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via…
Zcash mining software covertly installed on victims’ machines
Software “mining” the recently established Zcash (ZEC) cryptocurrency is being foisted upon unsuspecting users, Kaspersky Lab warns. The actual software is not illegal, and not technically malware – it is meant to be used by individuals who are willing to dedicate their machine(s) and pay for the increased electricity usage that accompanies cryptocurrency mining.
93% of SOC managers unable to triage all potential threats
In mid-2016, Intel Security commissioned a primary research study to gain a deeper understanding of the ways in which enterprises use SOCs, how they have changed over time, and what they will look like in the future. Interviews with nearly 400 security practitioners across several countries, industries and company sizes yielded valuable information on the…
12 tips for implementing secure business practices
Optiv Security shared a list of a dozen tips for implementing secure business practices during the 2016 holiday season. Security experts developed these recommendations to help security and IT teams better prepare their companies and employees to address the increase in cyber threats that occur during this time of year.
CISOs must assess risks and identify the real security budget
Organizations spend an average of 5.6 percent of the overall IT budget on IT security and risk management, according to Gartner. However, IT security spending ranges from approximately 1 percent to 13 percent of the IT budget and is potentially a misleading indicator of program success, analysts said. “Clients want to know if what they…
Top 4 global security threats businesses will face in 2017
While the political, social and economic implications are not fully clear, gigabit connectivity represents a significant overnight leap forward. This will enable the IoT and a new class of applications to emerge that will “exploit the combination of big data, GPS location, weather, personal-health monitoring devices, industrial production and much more. Connectivity is now so…
Governments are behind on data encryption in the public cloud
A HyTrust survey of 59 government and military organizations found that nearly 20 percent of those respondents do not implement data security or encryption solutions in the public cloud. Government agencies today are facing budget constraints and increasingly strict regulations. The latest cloud first policy now requires these organizations to consider cloud-based technology options, which…
Dailymotion urges users to reset passwords in wake of possible breach
Breach notification service LeakedSource has added information about over 87 million Dailymotion users to its search index. The information includes 87+ million email addresses, user IDs, and over 18 million associated passwords. It was apparently stolen in a breach that happened around October 20, 2016.