SecurityWeek

Uber Hacked: Information of 57 Million Users Accessed in Covered-Up Breach

Security Week - Tue, 11/21/2017 - 7:46pm

Uber Covered Up Massive Hack in 2016 for More Than a Year

read more

Categories: SecurityWeek

Symantec Patches Vulnerability in Management Console

Security Week - Tue, 11/21/2017 - 4:26pm

Symantec has released an update to address a directory traversal vulnerability in the Symantec Management Console.

read more

Categories: SecurityWeek

House Committees Get Serious in New Letter to Equifax

Security Week - Tue, 11/21/2017 - 2:49pm

The chairpersons of the House Science, Space, and Technology Committee and the House Oversight and Government Reform Committee on Monday sent a new letter (PDF) to Paulino Barros, the interim CEO of Equifax.

read more

Categories: SecurityWeek

Code Execution Flaw Found in HP Enterprise Printers

Security Week - Tue, 11/21/2017 - 2:14pm

Researchers have found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers. The vendor claims to have already developed a patch that will be made available to customers sometime this week.

read more

Categories: SecurityWeek

macOS Malware Spread Via Fake Symantec Blog

Security Week - Tue, 11/21/2017 - 1:25pm

A newly observed variant of the macOS-targeting Proton malware is spreading through a blog spoofing that of legitimate security company Symantec.

read more

Categories: SecurityWeek

Has Everyone Really Been Hacked?

Security Week - Tue, 11/21/2017 - 12:54pm

There is little doubt that fear sells security products, hikes law enforcements agency (LEA) budgets and sells newspapers. Both the security industry and government agencies benefit from sensational headlines; leaving people wondering what the real truth may be. So when UK newspaper The Times ran a headline, 'Everyone has been hacked, say police', it leaves the question, is this just more scaremongering or a true reflection on the state of security?

read more

Categories: SecurityWeek

Cobalt Hackers Now Targeting Banks Directly

Security Week - Tue, 11/21/2017 - 12:04pm

The notorious Cobalt hackers have shown a change in tactics recently, switching their attacks to targeting banks themselves, instead of bank customers, Trend Micro reports.

read more

Categories: SecurityWeek

U.S. Charges Iranian Over 'Game of Thrones' HBO Hack

Security Week - Tue, 11/21/2017 - 11:09am

The United States on Tuesday charged an Iranian computer whiz with hacking into HBO, stealing scripts and plot summaries for "Games of Thrones," and trying to extort $6 million in Bitcoin out of the network.

read more

Categories: SecurityWeek

Final Version of 2017 OWASP Top 10 Released

Security Week - Tue, 11/21/2017 - 10:05am

The final version of the 2017 OWASP Top 10 was released on Monday and some types of vulnerabilities that don’t longer represent a serious risk have been replaced with issues that are more likely to pose a significant threat.

read more

Categories: SecurityWeek

Intel Chip Flaws Expose Millions of Devices to Attacks

Security Week - Tue, 11/21/2017 - 8:41am

Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.

read more

Categories: SecurityWeek

North Korean Hackers Target Android Users in South

Security Week - Tue, 11/21/2017 - 4:59am

At least two cybersecurity firms have noticed that the notorious Lazarus threat group, which many experts have linked to North Korea, has been using a new piece of Android malware to target smartphone users in South Korea.

read more

Categories: SecurityWeek

Windows 8 and Later Fail to Properly Apply ASLR

Security Week - Mon, 11/20/2017 - 2:42pm

Address Space Layout Randomization (ASLR) isn’t properly applied on versions of Microsoft Windows 8 and newer, an alert from Carnegie Mellon University-run CERT Coordination Center (CERT/CC) warns.

read more

Categories: SecurityWeek

Secureworks Releases Open Source IDS Tools

Security Week - Mon, 11/20/2017 - 2:31pm

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and Suricata.

read more

Categories: SecurityWeek

Dealing With Data Loss Your Firewall Can't Stop

Security Week - Mon, 11/20/2017 - 2:12pm

Information security is built on the pillars of confidentiality, integrity, and availability. Confidentiality is about making sure your secrets stay secret.

read more

Categories: SecurityWeek

Flaw in F5 Products Allows Recovery of Encrypted Data

Security Week - Mon, 11/20/2017 - 12:01pm

A crypto vulnerability affecting some F5 Networks products can be exploited by a remote attacker for recovering encrypted data and launching man-in-the-middle (MitM) attacks, the company told customers on Friday.

read more

Categories: SecurityWeek

Microsoft Manually Patched Office Component: Researchers

Security Week - Mon, 11/20/2017 - 10:25am

Microsoft engineers appear to have manually patched a 17 year-old vulnerability in Office, instead of altering the source code of the vulnerable component, ACROS Security researchers say.

read more

Categories: SecurityWeek

Ongoing Adwind Phishing Campaign Discovered

Security Week - Mon, 11/20/2017 - 10:14am

A new phishing campaign delivering the Jsocket variant of Adwind (also known as AlienSpy) was detected in October, and is ongoing. Adwind and its variants have been around since at least 2012. It is a cross-platform backdoor able to install additional malware, steal information, log keystrokes, capture screenshots, take video and audio recordings, and update its own configuration.

read more

Categories: SecurityWeek

Screen/Audio Capture Vulnerability Impacts Lion's Share of Android Devices

Security Week - Mon, 11/20/2017 - 10:07am

A vulnerability that allows malicious applications to capture screen contents and record audio without a user’s knowledge impacts over 78% of Android devices, researchers claim.

read more

Categories: SecurityWeek

Five Ways to Overcome the Cultural Barriers to IT/OT Security Convergence

Security Week - Mon, 11/20/2017 - 9:22am

Working Together, IT and OT Must Mitigate Risk and Address the Inevitable Mandates that Follow Successful Attacks

read more

Categories: SecurityWeek

StartCom CA to Shut Down After Ban by Browser Vendors

Security Week - Mon, 11/20/2017 - 9:11am

The board of directors of China-based certificate authority StartCom announced on Friday that it has decided to shut down the company following the decision of major browser vendors to ban its certificates.

read more

Categories: SecurityWeek

Pages