Remote job: Former Uber Security Chief Charged Over Covering Up 2016 Data Breach The federal prosecutors in the United States have charged Uber’s former chief security officer, Joe Sullivan, for covering up a massive data breach that the ride-hailing company suffered in 2016. According to the press release published by the U.S. Department of Justice, Sullivan “took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach” that also Source: Hackernews Link: Former Uber Security Chief Charged Over Covering Up 2016 Data Breach Continue reading Former Uber Security Chief Charged Over Covering Up 2016 Data Breach

Remote job: Hackers Target Defence Contractors' Employees By Posing as Recruiters The United States Cybersecurity and Infrastructure Security Agency (CISA) has published a new report warning companies about a new in-the-wild malware that North Korean hackers are reportedly using to spy on key employees at government contracting companies. Dubbed ‘BLINDINGCAN,’ the advanced remote access trojan acts as a backdoor when installed on compromised computers. According to the FBI Source: Hackernews Link: Hackers Target Defence Contractors' Employees By Posing as Recruiters Continue reading Hackers Target Defence Contractors' Employees By Posing as Recruiters

Remote job: Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified The South African arm of one of the world’s largest credit check companies Experian yesterday announced a data breach incident that exposed personal information of millions of its customers. While Experian itself didn’t mention the number of affect customers, in a report, the South African Banking Risk Information Centre—an anti-fraud and banking non-profit organization who worked with Source: Hackernews Link: Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified Continue reading Experian South Africa Suffers Data Breach Affecting Millions; Attacker Identified

Remote job: Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2 Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities. Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges Source: Hackernews Link: Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2 Continue reading Microsoft Issues Emergency Security Updates for Windows 8.1 and Server 2012 R2

Remote job: Experts Reported Security Bug in IBM's Db2 Data Management Software Cybersecurity researchers today disclosed details of a memory vulnerability in IBM’s Db2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks. The flaw (CVE-2020-4414), which impacts IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on all platforms, is caused by improper usage shared memory, Source: Hackernews Link: Experts Reported Security Bug in IBM's Db2 Data Management Software Continue reading Experts Reported Security Bug in IBM's Db2 Data Management Software

Remote job: XDR: The Next Level of Prevention, Detection and Response [New Guide] One new security technology we keep hearing about is Extended Detection and Response (XDR). This new technology merges multiple prevention and detection technologies on a single platform to better understand threat signals so that you don’t need to purchase, integrate, and manage various control and integration technologies. Think of XDR as prepackaged EDR, NTA, UEBA (and perhaps other Source: Hackernews Link: XDR: The Next Level of Prevention, Detection and Response [New Guide] Continue reading XDR: The Next Level of Prevention, Detection and Response [New Guide]

Remote job: A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide Cybersecurity researchers today took the wraps off a sophisticated, multi-functional peer-to-peer (P2P) botnet written in Golang that has been actively targeting SSH servers since January 2020. Called “FritzFrog,” the modular, multi-threaded and file-less botnet has breached more than 500 servers to date, infecting well-known universities in the US and Europe, and a railway company, according Source: Hackernews Link: A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide Continue reading A New Fileless P2P Botnet Malware Targeting SSH Servers Worldwide

Remote job: Critical Jenkins Server Vulnerability Could Leak Sensitive Information Jenkins—a popular open-source automation server software—published an advisory on Monday concerning a critical vulnerability in the Jetty web server that could result in memory corruption and cause confidential information to be disclosed. Tracked as CVE-2019-17638, the flaw has a CVSS rating of 9.4 and impacts Eclipse Jetty versions 9.4.27.v20200227 to 9.4.29.v20200521—a full-featured tool Source: Hackernews Link: Critical Jenkins Server Vulnerability Could Leak Sensitive Information Continue reading Critical Jenkins Server Vulnerability Could Leak Sensitive Information