Security Newswire

RSS

Rapid 7 has disclosed a set of address bar spoofing vulnerabilities that affect a number of mobile browsers, ranging from the more common browsers, like Apple Safari and Opera Touch, to the less common, like Bolt Browser and RITS Browser. The announcement is a coordinated vulnerability disclosure publication with security researcher, Rafay Baloch. 

The National Security Agency (NSA) has released a cybersecurity advisory on Chinese state-sponsored malicious cyber activity. This advisory provides 25 Common Vulnerabilities and Exposures (CVEs) known to be recently leveraged, or scanned-for, by Chinese state-sponsored cyber actors to enable successful hacking operations against a multitude of victim networks.

Now that Heathrow has facilities that allow for passengers to be tested either on arrival or prior to departure, the aviation industry is urging the Government’s new Global Travel Taskforce to launch a testing regime that provides a safe alternative to the existing 14-day quarantine.

The Department of Justice announced grant awards totaling more than $341 million to help fight America’s addiction crisis. Office of Justice Programs (OJP) Principal Deputy Assistant Attorney General Katharine T. Sullivan discussed this year's grant awards during a roundtable discussion of mental health and addiction issues led by Second Lady Karen Pence.

The U.S. Department of Justice (DOJ) has charged six computer hackers, all of whom were residents and nationals of the Russian Federation (Russia) and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces. The group is believed to be part of one of Russia's most elite and secretive hacking groups, known as Sandworm.

The restaurant group that owns more than 80 locations was dealing outdated legacy hardware and changing regulations, which posed a challenge for a 45-year-old company like Thrive. Unreliable CCTV equipment left the restaurants vulnerable to security risks. Constantly evolving PCI-compliance rules meant the company had to devote hours of his limited bandwidth to keeping up with the latest changes and updates so Thrive could avoid major penalties and security threats.

This study looked at the most desired certifications, skills and positions right now that organizations are looking for with cybersecurity positions.

AppOmni released findings of their latest survey highlighting the security concerns of cloud SaaS applications as they become more essential for enabling remote workers.

The National Security Agency (NSA) announced the release of SkillTree, an internally-developed open source solution for gamifying user training. SkillTree provides a systematic and interactive way to promote user proficiency of an existing application. The service is based on industry best practices using gamification to provide awareness of tool features, promote best practices, and document user progression and expertise. By reducing an application’s training curve, SkillTree reduces traditional comprehensive training costs while providing a more enjoyable experience for the user.

The responses reveal deep divisions in how differently security execs are responding in the face of real business continuity challenges posed by the pandemic. For example, 26% of CISOs surveyed have introduced more stringent endpoint security and corporate access measures since the arrival of the pandemic, while 35% have relaxed their security policies in order to foster greater productivity among remote workers; 39% have left their security policies the same, according to a new study.