The digital entropy of death: what happens to your online accounts when you die

Unless you're planning on having your mind jammed inside some sort of computer chip, eventually mortality will catch up and you're going to have to work out what you'll do with all of your online accounts. When it's time to shuffle off this mortal coil, you might, theoretically, be slightly annoy...

Welcome to the Cyber-Regulatory Market of 2018 and Beyond

In the past few years, we’ve seen an increase in the number of companies facing legal consequences for ineffectively meeting deadlines requiring them to measure the effectiveness of their security solutions. Combined with these deadlines, companies also have to prove they have awareness and contr...

Securing Healthcare Data and Applications

The healthcare industry is quickly growing as a sweet spot for hackers to steal large amounts of patient records for profit. The US Department of Health and Human Services breach tool reports over 340 data breaches in 2017 impacting more than 3 million individuals, and 176.5 million individuals...

bv.ac-creteil.fr XSS vulnerability

Open Bug Bounty ID: OBB-570868 Description| Value ---|--- Affected Website:| bv.ac-creteil.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

data.unhcr.org XSS vulnerability

Open Bug Bounty ID: OBB-570466 Description| Value ---|--- Affected Website:| data.unhcr.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure base...

Tax refund, or How to lose your remaining cash

Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are moving online, it's no surprise to find cybercriminals hard on their heels. By spoofing trusted governme...

CVE-2018-2374

CVE-2018-2374 affects SAP HANA Extended Application Services (EAS) 1.0. A controller user with SpaceAuditor authorization in a specific space could retrieve sensitive data (e.g., service bindings) within that space. Root cause is insufficient access restrictions for SpaceAuditor scoped users. Imp...

Thousands of Government Websites Hacked to Mine Cryptocurrencies

There was a time when hackers simply defaced websites to get attention, then they started hijacking them to spread banking trojan and ransomware, and now the trend has shifted towards injecting scripts into sites to mine cryptocurrencies. Thousands of government websites around the world have bee...

U.K. and U.S. Government Websites Among Thousands Infected by Cryptocurrency Miner

More than 4,200 websites, including many run the U.K. and U.S. governments, were infected on Feb. 11 by a Monero cryptocurrency miner delivered through Browsealoud, a hosted accessibility service that can read website content aloud for people with visual impairments. Browsealoud developer Texthel...

Security Glue Between the Silos of Endpoint, Server, Cloud and Network Security Gets More Critical

Endpoint and Host security techniques have diverged. There used to be considerable similarity between the techniques and tools used to secure desktops, servers, and even networks. Desktops evolved to become Endpoints, as mobile devices proliferated and they were assembled into a collective of bei...

konto.onet.pl XSS vulnerability

Open Bug Bounty ID: OBB-548622 Description| Value ---|--- Affected Website:| konto.onet.pl Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure based...

OWASP Top 10 2017 is Released

The Journey to the New and Improved Ten Most Critical Web Application Security Risks It was not too long ago that protecting your web server infrastructure consisted of simply placing the servers in their own zone behind the firewall and just opening a couple of ports. Outside of endpoint...

OnePlus Confirms Credit Card Breach Impacted Up to 40,000 Customers

OnePlus has confirmed that up to 40,000 customers have been affected by a credit card breach, in the latest embarrassing misstep for the Chinese handset maker. The news comes several days after OnePlus shut down credit card processing following complaints from customers about fraudulent charges...

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post. “We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” sai...

CVE-2018-2644

Vulnerability in the Oracle Argus Safety component of Oracle Health Sciences Applications subcomponent: Worklist. Supported versions that are affected are 7.x, 8.0.x and 8.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Argus...

Unspecified Vulnerability in Oracle Sun Systems Products Suite (CNVD-2018-02527)

Oracle Sun Systems Products Suite is a Sun Systems product package. An unspecified vulnerability exists in the Core Services subcomponent of the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite. An attacker could exploit this vulnerability to compromise...

Meltdown and Spectre fallout: patching problems persist

Last week, the disclosure by multiple teams from Graz and Pennsylvania University, Rambus, Data61, Cyberus Technology, and Google Project Zero of vulnerabilities under the aliases Meltdown and Spectre rocked the security world, sending vendors scurrying to create patches, if at all possible, and...

Yet Another FBI Proposal for Insecure Communications

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext: Law enforcement can also partner with private...

Impact of Meltdown and Spectre on Akamai

Overview On Wednesday, January 3rd, researchers from Google Project Zero, Cyberus Technology, Graz University of Technology, and other organizations released details about a pair of related vulnerabilities, dubbed Meltdown and Spectre. These vulnerabilities appear to affect all modern processors...

Three Reasons Why GDPR Encourages Pseudonymization

The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...