Security Drift – The Silent Killer

Global spending on cybersecurity products and services is predicted to exceed $1 trillion during the period of five years, between 2017 to 2021, with different analysts predicting the Compound Annual Growth Rate (CAGR) at anywhere between 8 to 15%. It is not surprising to see this growth in spending, which is primarily driven by the…

Health Secretary unaware of breach at controversial GP app he endorsed

British Health Secretary Matt Hancock admitted this morning that he was unaware of a data breach at the virtual doctor app he controversially endorsed in 2018. The breach at Babylon Health this week allowed users of the app to see confidential video recordings of other patients’ consultations with their doctors. Hancock had notoriously praised the company in a newspaper supplement…

Intel CPUs Vulnerable to New ‘SGAxe’ and ‘CrossTalk’ Side-Channel Attacks

Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE). Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from…

A New Critical Vulnerability Affects Windows SMB Protocol

Cybersecurity researchers today uncovered a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks. Dubbed “SMBleed” (CVE-2020-1206) by cybersecurity firm ZecOps, the flaw resides in…

Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide

A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform. Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years. Hack-for-hire services do not operate as a…