News & Commentary
Content posted in January 2018
|
Google Cloud Least-Privilege Function Goes Live
Custom Roles for Cloud IAM now available in production from Google.
Lazarus Group, Fancy Bear Most Active Threat Groups in 2017
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
IoT Botnets by the Numbers
IoT devices are a botherder's dream attack-vector.
700,000 Bad Apps Deleted from Google Play in 2017
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
5 Questions to Ask about Machine Learning
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Data Encryption: 4 Common Pitfalls
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.
Digital Extortion to Expand Beyond Ransomware
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Here are six key measures for enterprises to prioritize over the next few months.
Hack Costs Coincheck Cryptocurrency Exchange $530 Million
Losses at Japanese exchange Coincheck surpass those of the Mt. Gox Bitcoin exchange hack in 2014, and may be largest-ever cryptocurrency theft.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Thieves Target ATMs In First US 'Jackpotting' Attacks
Attackers have been getting ATMs to illegally dispense cash by tampering with their internal electronics, US Secret Service warns.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
RELX Group Agrees to Buy ThreatMetrix for £580M Cash
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Strava Fitness App Shares Secret Army Base Locations
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
An Action Plan to Fill the Information Security Workforce Gap
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
Dutch Intel Agency Reportedly Helped US Attribute DNC Hack to Russia
The General Intelligence and Security Service of the Netherlands broke into Cozy Bear's network in 2014 and spotted the group launching attacks, de Volkskrant says.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
6 Tips for Building a Data Privacy Culture
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Selling Cloud-Based Cybersecurity to a Skeptic
When it comes to security, organizations don’t need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
This Year's Pwn2Own Hackfest Will Offer Up to $2 Million in Rewards
Microsoft is a partner at annual contest for the first time.
Industrial Safety Systems in the Bullseye
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.
Ransomware Detections Up 90% for Businesses in 2017
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
How Containers & Serverless Computing Transform Attacker Methodologies
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
New Voice MFA Tool Uses Machine Learning
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Avoiding the Epidemic of Hospital Hacks
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Ransomware Actors Cut Loose on Health Care Organizations
An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.
DDoS Attacks Become More Complex and Costly
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
PCI DSS Adds Standard for Software-based PIN Entry
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
Meet Chronicle: Alphabet's New Cybersecurity Business
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
Security Automation: Time to Start Thinking More Strategically
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Bell Canada Hit with 2nd Breach in 8 Months
Less than 100,000 customers affected in latest incident.
Financial Impact of Cloud Failure Could Hit $2.8B in Insured Loss
A new report highlights the potential financial damage of downtime at top cloud services providers.
GDPR: Ready or Not, Here It Comes
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
10 Costs Your Cyber Insurance Policy May Not Cover
All the things you might think are covered but that don't actually fall under most policies.
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
Fallout from Rushed Patching for Meltdown, Spectre
Not all systems require full patching for the flaws right now, anyway, experts say.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
Less than 10% of Gmail Users Employ Two-Factor Authentication
Google software engineer reveals lack of user adoption for stronger authentication.
45% of Businesses Say Employees Are Biggest Security Risk
The most common cloud security worries remain the same, with unauthorized access and malware infiltrations topping concerns.
5 Steps to Better Security in Hybrid Clouds
Following these tips can improve your security visibility and standardize management across hybrid environments.
Satori Botnet Malware Now Can Infect Even More IoT Devices
Latest version targets systems running ARC processors.
Intel Says to Stop Applying Problematic Spectre, Meltdown Patch
Cause of reboot problems with its Broadwell and Haswell microprocessor patching now identified, the chipmaker said.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
PUBLISHED: 2018-11-17
From DHS/US-CERT's National Vulnerability Database CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This