News & Commentary
Content posted in February 2018
|
The State of Application Penetration Testing
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
FTC Settles with Venmo on Security Allegations
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Grey’s Anatomy, hacking themes now run deep in today’s TV shows.
Why Cryptocurrencies Are Dangerous for Enterprises
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
Virtual Private Networks: Why Their Days Are Numbered
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
Nation-State Hackers Adopt Russian 'Maskirovka' Strategy
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.
Memcached Servers Being Exploited in Huge DDoS Attacks
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
NSA's Rogers: No White House Request for Action Against Russian Hacking
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
Splunk to Acquire Phantom
$350 million deal scheduled to close Q1 2018.
Misleading Cyber Foes with Deception Technology
Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.
Threats from Mobile Ransomware & Banking Malware Are Growing
The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
Adobe Flash Vulnerability Reappears in Malicious Word Files
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
PhishMe Acquired, Rebranded as Cofense in $400M Deal
Cofense is the new name for PhishMe, which was purchased by a private equity consortium.
7 Key Stats that Size Up the Cybercrime Deluge
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
6 Cybersecurity Trends to Watch
Expect more as the year goes on: more breaches, more IoT attacks, more fines…
93% of Cloud Applications Aren't Enterprise-Ready
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
The new malware also can turn bots into DDoS attack machines, says Fortinet.
10 Can't-Miss Talks at Black Hat Asia
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Visa: EMV Cards Drove 70% Decline in Fraud
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
Leveraging Security to Enable Your Business
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Enabling Better Risk Mitigation with Threat Intelligence
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
Best Practices for Recruiting & Retaining Women in Security
Gender diversity can help fill the security talent gap, new Forrester Research report says.
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
IRS Warns of Spike in W-2 Phishing Emails
The IRS reports an increase in reports of phishing emails asking for W-2 information.
Anatomy of an Attack on the Industrial IoT
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Security Liability in an 'Assume Breach' World
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Global Cybercrime Costs Top $600 Billion
More than 50% of attacks result in damages of over $500K, two reports show.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Trucking Industry Launches Info Sharing, Cybercrime Reporting Service
American Trucking Associations developed new Fleet CyWatch threat reporting, information sharing service in conjunction with FBI.
Takeaways from the Russia-Linked US Senate Phishing Attacks
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
C-Suite Divided Over Security Concerns
Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.
Getting Started with IoT Security in Healthcare
There’s a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.
Researcher to Release Free Attack Obfuscation Tool
Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.
Facebook Aims to Make Security More Social
Facebook's massive user base creates an opportunity to educate billions on security.
SWIFT Network Used in $2 Million Heist at Indian Bank
The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Vulnerabilities Broke Records Yet Again in 2017
Meanwhile, organizations still struggle to manage remediation.
Proactive Threat Hunting: Taking the Fight to the Enemy
Pulling together everything your security team needs to be effective at threat hunting is not easy but it's definitely worthwhile. Here's why.
13 Russians Indicted for Massive Operation to Sway US Election
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
|
White Papers
Video
3 Comments
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-9071
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
PUBLISHED: 2018-11-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-9071
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVE-2018-9073PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVE-2018-9085PUBLISHED: 2018-11-16
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVE-2018-9086PUBLISHED: 2018-11-16
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVE-2018-19296PUBLISHED: 2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This