Entries by Monique LaPlante

WordPress, Apache Struts Attract the Most Bug Exploits

An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting (XSS) as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed 1,622 vulnerabilities […]

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

An out-of-band Adobe security update addressed critical flaws in Photoshop, Acrobat Reader and other products. Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical […]

Convincing Google Impersonation Opens Door to MiTM, Phishing

Using homographic characters is an easy way to execute a convincing fake site. An attack that uses homographic characters to impersonate domain names and launch convincing but malicious websites takes minutes and a bare modicum of skill — while reaping high rates of success in luring victims, according to an independent researcher. Researcher Avi Lumelsky […]

Working from Home: COVID-19’s Constellation of Security Challenges

Organizations are sending employees and students home to work and learn — but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges. As the threat of coronavirus continues to spread, businesses are sending employees home to work remotely, and students are moving to online classes. But with the social […]

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla

Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data. A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Colorado-based Visser […]

Walgreens Mobile App Leaks Prescription Data

A security error in the Walgreens mobile app may have leaked customers’ full names, prescriptions and shipping addresses. Popular pharmacy chain Walgreens is warning that a bug in its official mobile app may have exposed sensitive data, including customers’ full names and information on prescriptions for medications they are taking. The security issue stemmed from […]

$1M grant kick-starts cyber research at Texas A&M-San Antonio

Texas A&M University-San Antonio will advance cyber research through a newly established Cyber Engineering Technology/Cyber Security Research Center with a $1 million grant from The Texas A&M University System Chancellor’s Research Initiative (CRI). The center will be housed in the Department of Computing and Cyber Security within the College of Business. Some of the major […]

RSAC 2020 Keynote: Changing the World’s False Perception of Cybersecurity

The reality of the cybersecurity industry is starkly different than what’s perceived by the rest of the world. SAN FRANCISCO – Today, cybersecurity is portrayed in the media and by businesses as an ongoing complex conflict between defenders and cybercriminals, with heightened noise around hyper-technical proof-of-concept attacks, or nation state threats. But, the reality is […]

Data Breach Occurs at Agency in Charge of Secure White House Communications

A leak at the Defense Information Systems Agency exposed personal information of government employees, including social security numbers. Hackers have compromised the Department of Defense (DoD) agency in charge of securing and managing communications for the White House, leaking personally identifiable information (PII) of employees and leading to concerns over the safety of the communications […]

Burning Man Tickets for $225? Yep, Too Good to Be True

Scammers are posing as event organizers in a sophisticated fraud effort. Burning Man aficionados anxious to get their tickets squared away for the 2020 “experience” should beware: Fake concert organizers are offering passes in what researchers say is a very convincing and sophisticated scam effort. Burning Man, which bills itself as a “vibrant participatory metropolis […]