ThreatList: Malware Samples Targeting IoT More Than Double in 2018

It’s no secret that connected devices are posing a security threat in the commercial, consumer and industrial worlds. A fresh report on this expanding threat landscape shows that attacks are accelerating, with MikroTik routers, Telnet password-cracking and the Mirai botnet dominating the...

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers...

Default configuration

Users of an SAP Mobile Platform version 3.0 Offline OData application, which uses Offline OData-supplied delta tokens which is on by default, occasionally receive some data values of a different user...

CVE-2018-2459

CVE-2018-2459 affects SAP Mobile Platform 3.0 Offline OData applications using delta tokens by default. The offline OData delta token mechanism may return data values belonging to a different user, causing information disclosure. This is described across multiple sources (NVD/CNVD entries) with a...

In a Few Days, Credit Freezes Will Be Fee-Free

Later this month, all of the three major consumer credit bureaus will be required to offer free credit freezes to all Americans and their dependents. Maybe you've been holding off freezing your credit file because your home state currently charges a fee for placing or thawing a credit freeze, or...

CISSP Certification Course — Become An IT Security Professional

If you dream of making it big in the IT security community, the CISSP certification is a necessary milestone. Certified Information Systems Security Professional CISSP is a globally recognised certification in the field of information security, which has become a gold standard of achievement that...

The 4 Building Blocks of Digital Threat Hunting Every Business Needs to Know

There was a time when no one could predict the weather – the only way you knew if a blizzard or heat wave was coming was by observing the snowflakes start to fall or the heat inch towards the unbearable. That changed when technology was developed to help people anticipate and prepare for extreme...

Report: Nearly Half of Security Professionals Think They Could Execute a Successful Insider Attack on Their Organization

As potential threats and entry points into organizations’ databases keep growing, so does the amount of money folks are throwing at detecting and actioning insider threats. In fact, the ballooning amount of money being spent on cybersecurity overall clearly highlights the seriousness with which...

Static vs Dynamic Data Masking: Why Are We Still Comparing the Two?

Earlier this month a leading analyst released their annual report on the state of Data Masking as a component of the overall Data Security sector; which included commentary on what’s known as ‘static’ data masking and an alternative solution known as ‘dynamic’ data masking. And these two solution...

Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes

Facebook was hit with a double privacy punch regarding data privacy on Wednesday. First, Facebook acknowledged in a public post that one of the apps on its platform, myPersonality, inappropriately shared 4 million users’ data with researchers. Also on Wednesday, The Wall Street Journal reported...

Hardcoded credentials

DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13104 Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption

Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key...

CVE-2017-13102

The CVE-2017-13102 entry concerns the iOS app Asphalt Xtreme: Offroad Rally Racing (Gameloft), version 1.6.0 (2017-08-13). The root cause is the use of a hard-coded encryption key, enabling data encrypted with that key to be decrypted by anyone who has the key. This vulnerability exposes stored d...

CVE-2017-13104

CVE-2017-13104 affects UberEATS: Uber for Food Delivery (iOS) version 1.108.10001; vulnerability stems from a hard-coded encryption key used by the app, enabling data stored with that key to be decrypted by anyone who has the key. Public CVSS metrics in the record show total base score 7.5 (HIGH)...

DEF CON 2018: Telltale URLs Leak PII to Dozens of Third Parties

LAS VEGAS – When we order food online, book a plane ticket or purchase seats for a show, we often get an email confirmation with a handy link that, when clicked, takes us directly to our confirmation, with no need to log back into the site. These pages have our confirmation code, the ability to...

Top iPhone Supplier Battles WannaCry Infection

A top iPhone supplier, Taiwan Semiconductor Manufacturing Co. TSMC, has recovered from a WannaCry ransomware infection that impacted the majority of its fabrication tools. The incident could delay mobile phone shipments during the pre-holiday Fall rush, and reduce revenue for Taiwan’s largest...

cgit 1.2.1 - cgit_clone_objects() Directory Traversal

cgit 1.2.1 - cgitcloneobjects Directory Traversal There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request"; return; ...

GCHQ on Quantum Key Distribution

The UK's GCHQ delivers a brutally blunt assessment of quantum key distribution: QKD protocols address only the problem of agreeing keys for encrypting data. Ubiquitous on-demand modern services such as verifying identities and data integrity, establishing network sessions, providing access contro...

Onwards and Upwards: Our GDPR Journey and Looking Ahead

At Imperva, our world revolves around data security, data protection, and data privacy. From our newest recruits to the most seasoned members of the executive team, we believe that customer privacy is key. For the better part of the last two years, Imperva has laid the foundation for our complian...

Connected Car Apps Open Privacy Hole For Used Car Owners

When we think about hacking connected cars, most of the research has been around difficult-to-exploit vulnerabilities that would allow someone besides the owner to do things such as control the infotainment system, unlock the car remotely or even take control of the steering mechanism. But it tur...