News & Commentary
Content posted in August 2015
|
Sights & Sounds Of Black Hat USA And DEF CON
Some hackers call the week of Black Hat USA and DEF CON 'security summer camp' -- a look at some of the highlights of the two shows.
Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices
KeyRaider stole 225,000 legitimate Apple accounts and slammed devices with ransomware and phony purchases, but only jailbroken gear, mostly in China, is affected.
10 Best Practices For BYOD Policy
Bring-your-own device doesn't have to mean bring your own security problems.
Top Infosec Execs Will Eventually Report To CEOs, CISOs Say
But becoming a trusted resource to the executive suite will demand major changes in the traditional chief information security officer role.
Ashley Madison CEO Resigns
Once again, a security breach claims an executive's job, but the business plans to continue operating.
FBI Sounds Alarm Again On Business Email Compromise Threat
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
The 7 ‘Most Common’ RATS In Use Today
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
Valasek Not Done With Car Hacking Just Yet
Security Pro File: Chris Valasek chats up the daunting challenge of topping the Jeep Cherokee hack, '80s Adidas tracksuits, his loathing of coding, and his love for Windows -- and Hall & Oates.
Thousands Of Potentially Malicious Android Apps Unearthed In Google Play
Indiana University researchers develop a new scanning technique dubbed 'MassVet' for vetting mobile app stores at scale.
Cybersecurity Under FTC Authority: What Does it Mean?
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
Flash: Web Browser Plugins Are Vulnerable
Maybe it’s time to uninstall Flash for those that don’t need it and continuously monitor those that do.
Consumers Want Password Alternatives
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
A Tale Of Two IoT Security Outcomes
Commandeered Jeep gets fixed but a 'hijacked' satellite network does not? Why Internet of Things security remains a work in progress.
Getting To Yes, Cooperatively
As security advocates, determining what “beneficial” means to a particular audience should be our first step in developing recommendations.
From Vicious To Virtuous: A Plan Of Attack For Incident Response
How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency.
IBM Advises Businesses To Block Tor
With Tor-based attacks on the rise, IBM says it's time to stop Tor in the enterprise.
What Would You Do Differently If You Knew You Were Going To Be Robbed?
Neither prevention nor detection alone is sufficient in today’s cybercrime environment.
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
Security Stands As Top Factor In Digital Brand Confidence
Security ranked alongside marketing and IT ops concerns as important indicators of trust in online sites.
What Drives A Developer To Use Security Tools -- Or Not
National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs.
Ruling: FTC Can Hold Wyndham Liable For Data Breach
Appeals Court ruling solidifies Federal Trade Commission's authority to take action against companies whose data breaches expose customer information.
Survey Says: Incident Response Is Fighting Back
Companies appear to be recognizing the need for increased incident-response spending.
Keyless Cars: A New Frontier For Bug Bounties?
With up to 100 million lines of code in the average car today -- and growing -- security vulnerabilities are bound to become the new normal.
University Of Virginia BreachTargeted Two Individuals With China Links
Latest example of threat actors seeking to exfiltrate data by going after individuals.
With Great IoT Comes Great Insecurity
In the brave new world of 'things' and the services they connect to, built-in security has never been more critical. Here's what's getting in the way.
AlienSpy RAT Resurfaces In Case Of Real-Life Political Intrigue
Mysterious death of Argentinian politician potentially tied to his phone's infection with popular remote access tool.
The Month Of Android Vulnerabilities Rolls On
Multi-media handling takes the most hits, and there are no easy fixes.
Spiderbot, Spiderbot, Does Whatever A Hacker Thought
Virtual machine, she ignores, owns the bot, then controls yours.
Law Firms Form Their Own Threat Intel-Sharing Group
The Legal Services Information Sharing and Analysis Organization (LS-ISAO) Services is launched with the help of the financial services industry.
How Much Threat Intelligence Is Too Much?
Turn your threat data into actionable intelligence by focusing on what is relevant to you and your organization.
Beware The Hidden Risk Of Business Partners In The Cloud
Enterprises vastly underestimate the cyber risk from digital connections to vendors, suppliers, agencies, consultants -- and any company with which employees do business.
ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach
Breach highlights need for greater anonymity controls in identity and payment mechanisms.
Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware
Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks.
Applying the 80/20 Rule to Cyber Security Practices
How to look holistically across technology and processes and focus resources on threats that create the greatest damage.
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
IRS Get Transcript Breach Triples In Scope
Breach reported in May much larger than initially thought
Hackers Dump Ashley Madison User Database... Where Most People Won't Find It
Attackers make good on doxing threat, but post database to dark web.
Unpatched 'Tpwn' Mac OS X Bug Could Grant Root Privileges
Researchers beginning to find more cracks in Mac operating systems.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
PUBLISHED: 2018-10-16
From DHS/US-CERT's National Vulnerability Database CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This