News & Commentary
Latest Content
|
7 Non-Computer Hacks That Should Never Happen
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
Symantec Acquires Appthority And Javelin Networks
Both buys bolster the cybersecurity company's endpoint security business.
After the Breach: Tracing the 'Smoking Gun'
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
Worst Malware and Threat Actors of 2018
Two reports call out the most serious malware attacks and attackers of the year (so far).
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
NITTF Releases New Model for Insider Threat Program
The Insider Threat Program Maturity Framework is intended to help government agencies strengthen their programs.
Cisco Reports SIP Inspection Vulnerability
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Tackling Cybersecurity from the Inside Out
New online threats require new solutions.
Speed Up AppSec Improvement With an Adversary-Driven Approach
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
Microsoft, Amazon Top BEC's Favorite Brands
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.
Where Is the Consumer Outrage about Data Breaches?
Facebook, Equifax, Cambridge Analytica … Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
Radisson Rewards Program Targeted in Data Breach
It's the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.
FIFA Reveals Second Hack
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.
Not Every Security Flaw Is Created Equal
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
SamSam Ransomware Goes on a Tear
SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.
Apple Patches Multiple Major Security Flaws
New security updates cross all Apple platforms.
Hardware Cyberattacks: How Worried Should You Be?
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
Qualys Snaps Up Container Firm
Plans to use Layered Insight's technology to add runtime capabilities and automated enforcement to its container security tool.
Pervasive Emotet Botnet Now Steals Emails
Researchers discover new cyber-spying function in the persistent malware operation's arsenal.
How the Power of Quantum Can Be Used Against Us
There has been a palpable shift from volumetric attacks to "quantum attacks," and they look to be one of the biggest cybersecurity challenges on the rise today.
9 Traits of A Strong Infosec Resume
Security experts share insights on which skills and experiences are most helpful to job hunters looking for their next gig.
Spooking the C-Suite: The Ephemeral Specter of Third-Party Cyber-Risk
Halloween movies are the perfect metaphor for breaking down today's scariest supplier breach tropes.
Destructive Cyberattacks Spiked in Q3
Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
Kraken Resurfaces From the Deep Web
Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.
Companies Fall Short on 2FA
New research ranks organizations based on whether they offer two-factor authentication.
The Case for MarDevSecOps
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
Girl Scouts Hacked, 2,800 Members Notified
A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.
10 Steps for Creating Strong Customer Authentication
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
Security Implications of IBM-Red Hat Merger Unclear
But enterprises and open source community likely have little to be concerned about, industry experts say.
New Report: IoT Now Top Internet Attack Target
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec
Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
Windows Defender: First Full Antivirus Tool to Run in a Sandbox
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.
AppSec Is Dead, but Software Security Is Alive & Well
Application security must be re-envisioned to support software security. It's time to shake up your processes.
British Airways: 185K Affected in Second Data Breach
The carrier discovered another breach while investigating its largest-ever data breach, disclosed in September.
DeepPhish: Simulating Malicious AI to Act Like an Adversary
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
FTC Offers Small Businesses Free Cybersecurity Resources
Cybersecurity for Small Businesses campaign kicks off.
3 Keys to Reducing the Threat of Ransomware
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
County Election Websites Can Be Easily Spoofed to Spread Misinformation
Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
New Free Decryption Tool for GandCrab
Tool rescues GandCrab victims from malicious encryption.
Retail Fraud Spikes Ahead of the Holidays
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
Cathay Pacific Suffers Largest Airline Breach
Breach of Hong Kong-based airline compromises personal information of 9.4 million passengers.
Securing Serverless: Attacking an AWS Account via a Lambda Function
It’s not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Securing Severless: Defend or Attack?
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
DevSecOps An Effective Fix for Software Flaws
Organizations seeking to fix flaws faster should look to automation and related methodologies for success, says a new report.
Windows 7 End-of-Life: Are You Ready?
Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
ICS Networks Continue to be Soft Targets For Cyberattacks
CyberX study shows that many industrial control system environments are riddled with vulnerabilities.
Tackling Supply Chain Threats
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19279
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
PUBLISHED: 2018-11-14
From DHS/US-CERT's National Vulnerability Database CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This