Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for highlights of the goings-on each week!
Our researchers have now disclosed additional details about one of the vulnerabilities (CVE-2015-3824) in the so-called “Stagefright” cluster affecting Android users. The “Stagefright” vulnerability is actually a marketing label for a cluster seven individual vulnerabilities.
Our research paper offers a look into a mature ecosystem with an increasingly professional underground infrastructure for the sale and trade of malicious goods and services. It also discusses the growing competition, process automation, the introduction of new attack avenues, and its community’s underground activities.
A recent campaign compromised Taiwan and Hong Kong sites to deliver Flash exploits related to Hacking Team and eventually download PoisonIvy and other payloads in user systems. This campaign started on July 9, a few days after the Hacking Team announced it was hacked.
We have discovered a vulnerability in Android that can render a phone apparently dead – silent, unable to make calls, with a lifeless screen. This vulnerability is present from Android 4.3 (Jelly Bean) up to the current version, Android 5.1.1 (Lollipop).
Last week we discussed how Microsoft Edge, the new browser in Windows 10, represented a significant increase in the security over Internet Explorer. However, there are also new potential threat vectors that aren’t present in older versions.
The cybersecurity industry and the government have been struggling over proposed export rules that researchers say could end up making the Internet less safe. And now the government says it will try again and give the public another chance to weigh in.
A shockingly high 91% of respondents reported falling victim to at least one data breach in the last 2 years. The majority of respondents had suffered 11 or more incidents. Healthcare IT teams understand that these percentages are unacceptable, but until now have largely failed to effectively mitigate data breach threats.
A government watchdog has discovered several roadblocks preventing the FBI from fully implementing a cybersecurity initiative aimed at thwarting threats to the United States.
Of the executives surveyed from U.S. companies, law enforcement, government agencies, other organizations and other security experts, 75% said they were more concerned about cybersecurity threats this year than in the past 12 months.
The Defense Department announced Monday that it has renewed its contract with the Software Engineering Institute at Carnegie Mellon University, a federally funded research and development center chartered to study cybersecurity and software engineering.
Please add your thoughts in the comments below or follow me on Twitter; @GavinDonovan.