We have created this cybersecurity news feed just for you, from a handful of popular, trusted sources - it updates frequently so bookmark the page and check back often. Scanning this type of information is a great way to learn or keep up on issues that affect businesses like yours. We suggest that if you find an article that is particularly relevant to your business, share it with your colleagues for cyber-awareness training. Humans are typically the weakest link in every security chain and your business will benefit from keeping employees informed about key cybersecurity issues.
Clicking on a news article below will cause another browser window to open. Your browser window on the LCG website will also remain open.
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Google has released an urgent software update for its Chrome web browser and is urging Windows, Mac, and Linux users to upgrade the application to the latest available version immediately. Started […]
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
I previously blogged about a Black Hat talk that disclosed security vulnerabilities in the Boeing 787 software. Ben Rothke concludes that the vulnerabilities are real, but not practical....
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: it […]
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
I am in search of a strategic thought partner: a person who can work closely with me over the next 9 to 12 months in assessing what's needed to advance the practice, integration, and adoption of […]
Insecure Internet-connected devices have aided different types of cybercrime for years, most common being DDoS and spam campaigns. But cybercriminals have now shifted toward a profitable scheme where […]
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what […]
Managed service providers are the latest pawns in ransomware's game of chess.
Expandpass is a string expansion program. It's "useful for cracking passwords you kinda-remember." You tell the program what you remember about the password and it tries related passwords. […]
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and […]
Advanced Persistent Threats groups were once considered a problem that concerns Fortune 100 companies only. However, the threat landscape of the recent years tells otherwise—in fact, every […]
The United States government today filed a lawsuit against Edward Snowden, a former contractor for the CIA and NSA government agencies who made headlines worldwide in 2013 when he fled the country […]
"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your […]
An Ohio teen who recruited a convicted serial swatter to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison.
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to […]
The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but […]
Mistakenly sent a picture to someone via WhatsApp that you shouldn't have? Well, we've all been there, but what's more unfortunate is that the 'Delete for Everyone' feature WhatsApp introduced two […]
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. […]
Not that serious, but interesting: In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a […]
This is a current list of where and when I am scheduled to speak: I'm speaking at University College London on September 23, 2019. I'm speaking at World's Top 50 Innovators 2019 at the Royal Society […]
The United States Treasury Department on Friday announced sanctions against three state-sponsored North Korean hacking groups for conducting several destructive cyberattacks on US critical […]
In June, I blogged about a video of a live juvenile giant squid. Here's how that video was captured. As usual, you can also use this squid post to talk about the security stories in the news that I […]
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system. Yes, we're excited about, but here comes the bad news... iOS 13 contains a […]
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms. Genes and genomes are based on […]
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from […]
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones […]
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com, has a big […]
This seems to be an identity theft first: Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 ($243,000) in […]
CISOs and CIOs need to know better than anyone the security pulse of their organizations. On the other hand, they cannot be flooded with every changing detail. Finding the right balance that enables […]
Hello Ladies, let's talk about periods, privacy, and Facebook. Are you using an app on your smartphone to keep tracks on your periods? Well, it's worrying, because it might be sharing your […]
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.
MyPayrollHR, a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing […]
An ElasticSearch DB belonging to Dealer Leads exposed a raft of information collected by "research" websites aimed at prospective car buyers.
Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have […]
WHY CHOOSE LCG?