News & Commentary
Content posted in December 2017
|
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
China Shuts Down 13,000 Websites for Breaking Internet Laws
The government says its rules are to protect security and stability, but some say they are repressive.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Jailed Hacker Claims Proof He Breached DNC on Russia's Orders
A Russian national in jail for hacking the Democratic National Committee says a data signature proves he acted on the Kremlin's orders.
Mozilla Issues Critical Security Patch for Thunderbird Flaw
Mozilla released five patches for Thunderbird security vulnerabilities, including one critical buffer overflow bug affecting Windows machines.
The Disconnect Between Cybersecurity & the C-Suite
Most corporate boards are not taking tangible actions to shape their companies' security strategies or investment plans, a PwC study shows.
Rapid Growth in Security Market Raises Question: How to Pick a Startup
VCs weigh in with their advice on how to select a startup with staying power when purchasing security solutions and services.
Nissan Canada Finance Alerts 1.13 Million Customers of Data Breach
Attackers gain access to personal information of Nissan Canada Finance and Infiniti Financial Services Canada customers.
Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.
The Financial Impact of Cyber Threats
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
The Coolest Hacks of 2017
Robots, voting machines, machine learning, and the wind were among the hacks security researchers pulled off this year.
6 Tips to Protect Against Technical Support Fraud
Just when you’re having fun over the holidays and not paying attention, you can be hit with a tech support scam. Here's how to stay safe into the new year.
2017 Security Predictions through the Rear Window
If you're going to forecast the future, go big.
CISOs Play Rising Role In Business
CISO hiring trends show more external hires, longer tenures, and an increase in MBAs as tech pros are required to understand the business.
EtherDelta Hack Begins Rocky Weekend for Crypto
Popular cryptocurrency exchange EtherDelta announces a potential DNS attack and suspends service just days before Bitcoin hit a five-day drop.
Exposed File From Ancestry's RootsWeb.com Contains Data on 300,000 Users
A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.
Hit the Cyber Underground for the Hottest Travel Deals
You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.
Network Printer & Scanner Spoofing Campaign Targets Millions
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
Block Threats Faster: Pattern Recognition in Exploit Kits
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
CISO Holiday Miracle Wish List
If CISOs could make a wish to solve a problem, these would be among the top choices.
Businesses Go on Pre-Holiday Cloud Acquisition Spree
VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.
Russia's Fancy Bear APT Group Gets More Dangerous
Encryption and code refreshes to group's main attack tool have made it stealthier and harder to stop, ESET says.
Digital Forensics & the Illusion of Privacy
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
US Census Bureau: Data Exposed in Alteryx Leak Already Public
The US Census Bureau says no personally identifiable information it collected was compromised in this week's Alteryx leak.
Fileless Malware Attacks Hit Milestone in 2017
Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows.
Facebook Helps Users Detect Phishing Emails
A new Facebook tool shares recent security-related emails so users can verify whether messages are legitimate.
Why Network Visibility Is Critical to Removing Security Blind Spots
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Small,Targeted Ransomware Attacks Emerge
Cybercriminals narrow their focus on specific industries, geographies, or size for a better return on investment, security experts say.
Be a More Effective CISO by Aligning Security to the Business
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
9 Banking Trojans & Trends Costing Businesses in 2017
New Trojans appeared, old ones resurfaced, and delivery methods evolved as cybercriminals set their sights on financial data.
Attack Attribution Tricky Say Some as US Blames North Korea for WannaCry
There's not enough evidence to conclusively tie the rogue regime to the ransomware attacks, some security experts say.
Five Arrested for Cerber, CTB-Locker Ransomware Spread
Authorities arrest three Romanian suspects for spreading CTB-Locker malware and two for a ransomware case linked to the United States.
Security Worries? Let Policies Automate the Right Thing
By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.
Another Cyberattack Spotted Targeting Mideast Critical Infrastructure Organizations
Operation Copperfield appears focused on data theft and reconnaissance, Nyotron says.
Microsoft Office Docs New Vessel for Loki Malware
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
New Database Botnet Leveraged for Bitcoin Mining
Attackers are quietly building an attack infrastructure using very sensitive machines.
Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data
A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.
Trump Adviser: North Korea Waged WannaCry Attack
White House declares the North Korean government as perpetrators of the epic ransomware attack that spread around the globe in early May.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
'Starwars' Debuts on List of Worst Passwords of 2017
Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.
Telegram RAT Escapes Detection via Cloud Apps
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
Kaspersky Lab Files Lawsuit Over DHS Ban of its Products
Security firm petitions US District Court to rescind decision to prohibit its products on US federal government systems.
Businesses Fail in Risk Modeling and Management: Report
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event
The bounty, split between two researchers, is the largest single reward by any government bug bounty program to date.
Top 8 Cybersecurity Skills IT Pros Need in 2018
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Advanced Deception: How It Works & Why Attackers Hate It
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
19 M California Voter Records Held for Ransom in MongoDB Attack
The records were first exposed in an unsecured MongoDB database, continuing a cyber-extortion trend.
Lazarus Group Targets Bitcoin Company
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-12184
PUBLISHED: 2019-05-19
PUBLISHED: 2019-05-18
PUBLISHED: 2019-05-17
PUBLISHED: 2019-05-17
PUBLISHED: 2019-05-17
From DHS/US-CERT's National Vulnerability Database CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This