2577 matches found
FTC Announces Enhancements to IdentityTheft.gov
The Federal Trade Commission FTC has upgraded its IdentityTheft.gov site to provide improved help to victims of identity theft. Enhancements include more personalized response plans for consumers, automatic generation of documents to aid in recovery, and better integration of the site with the...
Samsung Get Sued for Failing to Update its Smartphones
One of the world's largest smartphone makers is being sued by the Dutch Consumers' Association DCA for its lack in providing timely software updates to its Android smartphones. This doesn't surprise me, though. The majority of manufacturers fail to deliver software updates for old devices for...
BSIMM6 Data Shows Poor Health Care Software Security
The folks behind the Building Security in Maturity Model BSIMM, its sixth iteration available today, tout the project as an intersection between science and computer security. “It’s more like a science experiment that escaped the test tube,” said Gary McGraw, chief technology officer of Citigal,...
IOT Security Pits Regulators Against Market
CAMBRIDGE, Mass. – Listening to today’s privacy panel at the Security of Things Forum, you might have thought you were beamed back to the early 2000s: government people hinting that legislation might be the ultimate solution for security and privacy concerns when it comes to embedded computers an...
Court Rules FTC Has Authority to Punish Wyndham Over Breaches
In the latest installment of a long and winding court case related to multiple data beaches at Wyndham Worldwide several years ago, an appellate court has upheld the authority of the Federal Trade Commission to punish the hotel chain for lax security practices that allegedly led to the breaches...
EFF, AdBlock and Others Launch New Do Not Track Standard
After years of discussions, disagreements, and digressions, the Do Not Track header is supported by all of the major browsers. But because there’s no real requirement for sites or advertisers to respect it, DNT is not as effective as it could be. Now, the EFF, Disconnect, and several other...
Proposed Change to ICANN Domain Anonymity Rule Worries Privacy Advocates
A proposed change to the way that registrars treat the private contact details for domain owners could make it easier for anyone to get information on people who use proxy services. The potential change comes in the form of a document from a working group of the Generic Names Supporting...
Android Factory Reset Improper Sanitization Exposes Data
The churn of Android devices, whether older smartphones being traded in or sold online, makes device sanitization imperative. The native feature in the OS, however, may not be doing as thorough a job as advertised. A paper, “Security Analysis of Android Factory Resets” pdf, published by Ross...
Debian Security Advisory DSA 3265-1 (zendframework - security update)
Multiple vulnerabilities were discovered in Zend Framework, a PHP framework. Except for CVE-2015-3154 , all these issues were already fixed in the version initially shipped with Jessie. CVE-2014-2681Lukas Reschke reported a lack of protection against XML External Entity injection attacks in some...
Multicast DNS Vulnerability Could Lead to DDOS Amplification
The Department of Homeland Security sponsored CERT at Carnegie Mellon University on Tuesday released an advisory warning infrastructure providers of a vulnerability in Multicast DNS, or mDNS, that could leak device information that could be leveraged in high volume DDoS amplification attacks. “I...
BMW security vulnerability details: the ancient Bole to identify a good horse, today there are hackers escapement BMW-vulnerability warning-the black bar safety net
ADAC whole German automobile club want to in-depth understanding of embedded mobile network modem of the car to the manufacturer to send data. C't German computer technology magazine for the ADAC introduced a security expert. The expert in-depth analysis of the BMW ConnectedDrive system the data...
Markey Car Security Report Just the Start for Automakers
This may come as a surprise to one of you, but it turns out that computers and, by extension, things that contain computers, are vulnerable to attackers. That includes cars, something that the United States government has now discovered, and Sen. Edward Markey is now warning consumers that...
Malwarebytes Anti-Malware / Anti-Exploit Update Remote Code Execution Exploit
This Metasploit module exploits a vulnerability in the update functionality of Malwarebytes Anti-Malware consumer before 2.0.3 and Malwarebytes Anti-Exploit consumer 1.03.1.1220. Due to the lack of proper update package validation a man-in-the-middle attacker could execute arbitrary code by...
White House Creates Cyber Governance Unit Within OMB
With the framework explained for a number of government cybersecurity-related initiatives, now it’s time to talk money. The White House anted up strong in 2015 with proposals for a new data breach notification standard, as well as plans to facilitate information-sharing between the public and...
VulnCheck KEV: CVE-2012-0159
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before...
House Takes First Steps on Federal Data Breach Law
The House Subcommittee on Commerce, Manufacturing and Trade today held its first hearing of the 114th Congress in order to begin work on developing federal data breach legislation. Pre-hearing memos suggested that any data breach notification law would be primarily concerned with protecting...
President Proposes National Breach Notification Standard
Lacking precious detail, President Obama today proposed a national data breach notification standard, legislation that would mandate breached companies notify affected consumers inside of 30 days. The national law would supersede the current collection of state laws that govern notification...
FTC Urges IoT Privacy, Security at Consumer Electronics Show
In her keynote address yesterday at the Consumer Electronics Show in Las Vegas, Federal Trade Commission Chairwoman Edith Ramirez imagined the dystopic convergence of big data conglomerates and a ceaseless information gathering machine fueled by the constant connectivity ushered in by the so-call...
Misfortune Cookie Home Router Vulnerability Discovered
More than 12 million devices running an embedded webserver called RomPager are vulnerable to a simple attack that could give a hacker man-in-the-middle position on traffic going to and from home routers from just about every leading manufacturer. Mostly ISP-owned residential gateways manufactured...
CVE-2014-4936
The upgrade functionality in Malwarebytes Anti-Malware MBAM consumer before 2.0.3 and Malwarebytes Anti-Exploit MBAE consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute arbitrary code by spoofing the update server and uploading an executable...