Palo Alto Networks Unit 42 researchers have announced the details on a new high-severity vulnerability affecting the Google Android platform. Patches for this vulnerability are available as part of the September 2017 Android Security Bulletin. This new vulnerability does NOT affect Android 8.0 Oreo, the latest version; but it does affect all prior versions of…

On September 7, credit reporting agency Equifax announced “a cybersecurity incident potentially impacting approximately 143 million US consumers.” To put this in context, at this time, this incident is almost seven times larger than the Office of Personnel Management breach of 2015. Equifax discovered the unauthorized access on July 29 and determined that the intrusion…

Mimecast Limited, a leading email and data security company, has announced the results of its third quarterly Email Security Risk Assessment (ESRA), a report of the results of tests which measure the effectiveness of incumbent email security systems. This quarter’s assessment noted a continued challenge of securing organizations from malicious attachments, dangerous files types, impersonation…

Late on June 27, the New York Times reported that a number of Ukrainian banks and Ukrenergo, the Ukrainian state power distributor, had been affected by unidentified malware, which caused significant operational disruption. Multiple security vendors and independent researchers subsequently identified the malware as a wormable ransomware variant with functional and technical similarities to Petya….

Cybercriminals are increasingly turning to credential stuffing tools to automate attempts at account takeover. This is a type of brute force attack whereby large sets of credentials are automatically inserted into login pages until a match with an existing account is found. Based on configurations, the most common targets for these attacks are the gaming,…