Flaw in Cyberoam firewalls exposed corporate networks to hackers

Sophos said it is fixing a vulnerability in its Cyberoam firewall appliances, which a security researcher says can allow an attacker to gain access to a company’s internal network without needing a password. The vulnerability allows an attacker to remotely gain “root” permissions on a vulnerable device, giving them the highest level of access, by […]

Continue Reading →

No one could prevent another ‘WannaCry-style’ attack, says DHS official

The U.S. government may not be able to prevent another global cyberattack like WannaCry, a senior cybersecurity official has said. Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said on stage at TechCrunch Disrupt SF that the 2017 WannaCry cyberattack, which saw hundreds of thousands of computers […]

Continue Reading →

Microsoft says Iranian hackers targeted 2020 presidential candidate

Microsoft said it has found evidence that hackers associated with Iran have targeted a 2020 presidential candidate. The tech giant’s security and trust chief confirmed the attack in a blog post, but the company would not say which candidate was the target. The threat group, which Microsoft calls Phosphorous — also known as APT 35 […]

Continue Reading →

The lack of cybersecurity talent is “a national security threat,” says DHS official

One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cyber security. Speaking at TechCrunch Disrupt SF, Jeannette Manfra, the assistant director for cybersecurity for the Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said […]

Continue Reading →

Cybersecurity giant Comodo can’t even keep its own website secure

Comodo, which bills itself as a “global leader in cybersecurity solutions,” said its forum was hacked. The admission came in no less than a forum post, which confirmed a hacker exploited a recently disclosed vulnerability in vBulletin, a popular forum software and used by Comodo. The flaw, which requires little skill to exploit, allows an […]

Continue Reading →

Passbase grabs $3.6M to power privacy-preserving online ID checks

Digital identity startup Passbase has closed a $3.6 million seed round, led by Cowboy Ventures and Eniac Ventures, with participation from Seedcamp and other European investors. The 2018 founded startup bagged a $600k pre-seed round earlier this year for its full-stack identity engine with a privacy twist. The latest tranche of funding will go on growing […]

Continue Reading →

Thinkful confirms data breach days after Chegg’s $80M acquisition

Thinkful, an online education site for developers, has confirmed a data breach, just days after it confirmed it would be acquired. “We recently discovered that an unauthorized party may have gained access to certain Thinkful company credentials so, out of an abundance of caution, we are notifying all of our users,” said Erin Rosenblatt, the […]

Continue Reading →

Facebook’s lead EU regulator is asking questions about its latest security fail

Facebook’s lead data protection regulator in Europe has confirmed it’s put questions to the company about a major security breach that we reported on yesterday. “The DPC became aware of this issue through the recent media coverage and we immediately made contact with Facebook and we have asked them a series of questions. We are […]

Continue Reading →

Reps from DHS, the FBI and the ODNI met with tech companies at Facebook to talk election security

Representatives from the Federal Bureau of Investigation, the Office of the Director of National Intelligence and the Department of Homeland Security met with counterparts at tech companies including Facebook, Google, Microsoft and Twitter to discuss election security, Facebook confirmed. “The purpose was to build on previous discussions and further strengthen strategic collaboration regarding the security […]

Continue Reading →

What you missed in cybersecurity this week

There’s not a week that goes by where cybersecurity doesn’t dominates the headlines. This week was no different. Struggling to keep up? We’ve collected some of the biggest cybersecurity stories from the week to keep you in the know and up to speed. Malicious websites were used to secretly hack into iPhones for years, says […]

Continue Reading →