15946 matches found
Hackers Leak Biopharmaceutical Firm's Data Stolen in Ransomware Attack
The Clop ransomware group attacked biopharmaceutical company ExecuPharm and reportedly leaked some of the company’s compromised data on underground forums. ExecuPharm, a Pennsylvania-based subsidiary of the U.S. biopharmaceutical giant Parexel, provides clinical trial management tools for...
Cynet Empowers IT Resellers and Service Providers to Become Fully Qualified MSSPs
As cyber incidents increase in scope and impact, more and more organizations come to realize that outsourcing their defenses is the best practice—significantly increasing the Managed Security Service Provider MSSP market opportunities. Until recently, IT integrators, VARs, and MSPs haven’t...
A Practical Guide to Zero-Trust Security
Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A company’s device and application mix are increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering traditional security approaches obsolete, and...
Apple Updates Privacy Policies After Siri Audio Recording Backlash
Apple is taking steps to improve the privacy of audio collected by its Siri voice assistant, on the heels of backlash around a program that let contractors listen into Siri conversations. On Wednesday, the phone giant apologized for violating users’ privacy through the program, which was...
For $8.6M, Cisco Settles Suit Over Bug-Riddled Video Surveillance Software
Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that alleged it sold video security software with known security vulnerabilities to U.S. federal and state governments. The litigation, originally brought in 2011, was filed under the False Claims Act, claiming that the software...
ThreatList: Bad Bots Account for a Fifth of All Web Traffic, FinServ Hit the Worst
About a fifth of all web traffic 20.4 percent comes from bad bots, which continue to attack daily in automated offensives on websites, mobile apps and APIs. That’s worse for some verticals, like the banking and finance sector, which was hit the hardest last year. That’s according to the Distil...
Microsoft Launches Azure DevOps Bug Bounty Program
Microsoft lifted the curtain on a new Azure DevOps bug bounty program, designed to sniff out flaws in its Azure DevOps online services and servers. Azure DevOps is a cloud service launched in 2018 that enables collaboration on code development across the breadth of a development lifecycle...
How Shared Pools of Cloud Computing Power Are Changing the Way Attackers Operate
The transformation from racks of physical hardware hosting sites and services to cloud computing has provided organizations with better flexibility and reduced costs. Attackers have seen the benefits to this model and are also taking advantage of cloud computing to make more money, evade detectio...
Google Patches Critical Vulnerabilities in Android OS
Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...
Cisco Patches High-Severity Bug in VoIP Phones
A range of business customers could be impacted by a high-severity security flaw discovered in Cisco VoIP phones. The vendor issued a patch on Wednesday. Cisco also patched two medium-security flaws today in its FireSIGHT management platform for network security; and one medium-severity issue in...
Year-Old Critical Vulnerabilities Patched in ISP Broadband Gear
Patches for three critical vulnerabilities impacting broadband gateways made by Advanced Digital Broadcast ADB have been released to the public, nearly two years after the bugs were first found. Issues range from a privilege escalation flaw, an authorization bypass vulnerability and a local...
Google Patches 11 Critical Android Bugs in June Update
Google patched 57 vulnerabilities Monday affecting the Android operating system and kernel and chipset components tied to third-party firms MediaTek, NVIDIA and Qualcomm. Eleven of the bugs are rated critical and 46 are rated high. Google said the most severe of the vulnerabilities are remote cod...
Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support
Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...
ASUS Patches Root Command Execution Flaws Haunting Over a Dozen Router Models
ASUS released patches for over a dozen router models on Tuesday that are each vulnerable to multiple firmware flaws that when combined give a local unauthenticated attacker the ability to execute commands as root on targeted devices. Routers models patched by ASUS are RT-AC88U, RT-AC3100, RT-AC86...
Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code
Among the four dozen vulnerabilities Google patched this week was a fix for a bug that allowed attackers to inject malicious code into Android apps without affecting an app’s signature verification certificate. The technique allows an attacker to circumvent device anti-malware protection and...
Microsoft Patches Critical Windows DNS Client Vulnerabilities
Three critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. The flaws were...
Macs Not Receiving EFI Firmware Security Updates as Expected
Since the Thunderstrike bootkit attacks targeting Apple firmware were disclosed in 2015, Apple has bundled subsequent EFI updates with its regular macOS security and software updates in an attempt to improve protection around its hardware. Researchers at Duo Security, however, have uncovered that...
No Fix Planned For LabVIEW Bug, Says National Instruments
Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...
Siemens, Bayer Expected to Patch Medical Devices Hit By WannaCry
It was initially thought just Windows machines were vulnerable but it probably shouldn’t come as a surprise that medical devices and industrial control systems were subjected to the perils of this weekend’s WannaCry ransomware outburst as well. Over the past few days the Department of Homeland...
Google Reveals Windows Kernel Zero Day Under Attack
A Windows zero-day vulnerability is being used in an unknown number of attacks, Google disclosed today, 10 days after it privately reported the issue to Microsoft. Google’s disclosure follows its internal policy, which states that companies should fix or publicly report flaws that are under attac...
Apple Patches Trident Vulnerabilities in OS X, Safari
The disclosure a week ago that three Apple iOS zero days were used to spy on a political dissident from the United Arab Emirates included high-profile exposes of the activities of a cyber arms-dealing outfit in Israel known as the NSO Group and an emergency update for iOS. Last night, Apple...
Range of Mousejack Attack More Than Doubles
The Mousejack vulnerability raised awareness of the potential risks introduced by a wireless mouse or keyboard to the enterprise. From a relatively short distance, a hacker could send packets to the device that generate keystrokes on the host computer rather than mouse clicks. In short order,...
Adobe Auto-Update Flash Player Zero Day Patch
Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...
Adobe Patches 18 Vulnerabilities in Flash
Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a security bulletin posted today. The Patch Tuesday updates,...
Google Fixes 159 Flaws in Chrome
Google updates its Chrome browser on a very aggressive timeline, often a couple of times a month. Usually, each update includes a handful of security fixes, maybe 12 or 15. On Tuesday, the company released Chrome 38, which patched a staggering 159 vulnerabilities. The huge majority of those...
Mozilla Patches Seven Flaws in Firefox 30
Mozilla has fixed seven security vulnerabilities in Firefox 30, including five critical flaws that could enable remote code execution. Firefox 30 is a relatively minor release of the popular browser, with the most notable change being the addition of a sidebar button that allows users to quickly...
Five Year Old Security Vulnerability Patched in Linux Kernel
A serious and reportedly five-year-old bug in the Linux kernel could give attackers the ability to run malicious code or, at the very least, cause crashes on a variety of affected systems. Some, though not necessarily all, Linux distributions would be vulnerable without installing the patch. What...
JBoss AS Attacks Up Since Exploit Code Disclosed
Attackers are exploiting a two-year-old vulnerability in JBoss Application Servers that enables a hacker to remotely get a shell on a vulnerable webserver. The number of infections has surged since exploit code called pwn.jsp was publicly disclosed Oct. 4. Researchers at Imperva said that a numbe...
July 2013 Microsoft Patch Tuesday Security Updates
A critical Windows kernel vulnerability, publicly disclosed in May by a Google security engineer, will be patched tomorrow when Microsoft releases its July Patch Tuesday security updates. Tavis Ormandy, who has controversially disclosed Windows vulnerability details in the past, made a posting to...
Oracle Releases 40 Critical Java Patches in June Update
Oracle pushed out another 40 Java patches Tuesday night bringing the total number of Java security updates for 2013 to well over 100, exceeding already the number of Java patches released in 2012. Attackers have had a field day this year exploiting previously unreported vulnerabilities in Java, i...
Google Fixes More Than a Dozen Flaws in Chrome 27
Google has released Chrome 27, a new version of its browser that includes a long list of security fixes, many of which are for high-risk vulnerabilities. The company handed out more than $14,000 in rewards to researchers who reported bugs fixed in the latest iteration of Chrome. Google’s security...
Microsoft Patches IE Zero Day Used In Watering Hole Attack
Microsoft wasted no time today delivering a patch for the Internet Explorer 8 vulnerability being exploited in watering hole attacks carried out against the U.S. Department of Labor website and nine others worldwide. Today’s Patch Tuesday security updates also include a fix for IE vulnerabilities...
Ruby on Rails Patches DoS, Remote Execution Flaws
Web app framework Ruby on Rails patched two security flaws this week in the open source framework that could have led to denial of service attacks and remote execution vulnerabilities. With builds 3.2.12, 3.1.11 and 2.3.17, the framework fixed a serialized attributes YAML vulnerability...
Adobe Patches Four ColdFusion Flaws Exploited in Wild
Adobe delivered a security hotfix for its ColdFusion application server today, repairing a host of vulnerabilities being exploited in the wild. The company had recommended a series of mitigations in a Jan. 7 advisory as a stopgap until today’s hotfix was released. Two of the vulnerabilities affec...
Exploit Code, Metasploit Module Out for Ruby on Rails Flaws
Just two days after the disclosure of a string of serious vulnerabilities in Ruby on Rails, researchers have released proof-of-concept exploit code for a couple of the flaws and the team at Metasploit have released a module for the penetration testing framework that exploit one of the bugs, as...
Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday
Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle. The year’s last scheduled batch of patches will address 11 vulnerabilities in all currently supported operating...
Experts Downplay MySQL Database Zero-Days
A rash of zero-day exploits and vulnerabilities in the MySQL database were disclosed to the Full Disclosure mailing list over the weekend, but experts are saying they’re much ado about nothing. Of the half-dozen zero-days reported by a researcher known as King Cope, all but one require legitimate...
Security Experts Recommend Long, Hard Look at Disabling Java Browser Plug-In
Is the Java browser plug-in the IT equivalent of the human appendix? Would you miss it if it were gone? Probably not, experts say, especially now that attackers are beating the Java sandbox with a rash of zero-day exploits. “It’s simply safer to have the Java plug-in disabled in the browser knowi...
RuggedCom Devices Have Hard-Coded SSL Keys
Siemens subsidiary RuggedCom’s Rugged Operating System ROS contains a vulnerability that could give an attacker the ability to decrypt SSL traffic between RuggedCom networking equipment and end-users, according to an ICS-CERT alert. Justin W. Clarke, a security researcher at Cylance Inc., disclos...
Phishing for Fanboys with Phony iPhone 5 Images
There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing...
New Gauss Malware, Descended From Flame and Stuxnet, Found On Thousands of PCs in Middle East
A new piece of malware dubbed Gauss, that experts say is a direct descendant of Flame and also related to Stuxnet and Duqu, has been found on thousands of PCs in the Middle East, mostly in Lebanon. Gauss contains some of the same code as Flame, but is markedly different in a number of respects,...
Microsoft Aims to Make Life Harder, More Expensive For Attackers
MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...
Adobe Plans Critical Security Updates for Reader, Acrobat Next Week
Adobe said on Friday that it will issue critical fixes for its popular Reader and Acrobat products on Tuesday, January 10. The company said it is planning to release updates for Adobe Reader and Acrobat versions X and earlier for both the Windows and Macintosh platforms to fix a slew of critical...
APEC Host Committee Spear-Phished by China
An Analysis published earlier this month by Kahu Security raises the possibility that the hack of systems used by the Asia Pacific Economic Cooperation host committee was the result of a spear phishing attack with links back to the Chinese mainland. As Threatpost reported yesterday, computers...
New Adobe Flash Bug Being Exploited
On the same day that it plans to release a patch for a critical flaw in Shockwave, Adobe confirmed on Thursday morning that there is a newly discovered bug in Flash that is being actively exploited already in attacks against Reader. The vulnerability affects Flash on all of the relevant platforms...
Microsoft Releases Huge Patch Tuesday Update For 49 Bugs
Microsoft has released its largest-ever bundle of patches, pushing out 16 updates that fix a total of 49 individual vulnerabilities. The patches include updates for six critical vulnerabilities, most notably a huge fix for some remote code-execution bugs in various versions of Internet Explorer...
Cryptome Outs Identities of Hackers Behind Breach
Less than a week after the Cryptome.org archive was hacked and defaced, the site has posted the names, addresses and phone numbers of two individuals it accuses of being involved in the attack. In an update on Friday, Cryptome founder John Young posted contact information for three individuals he...
Mozilla Patches Firefox DLL Load Hijacking Bug
Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities 11 rated critical, including the publicly known DLL...
Microsoft to Share Vulnerability Details with Governments
Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a Defensive Information Sharing...
Adobe Plugs Critical PDF Code Execution Flaw
Adobe today released an out-of-band security update to patch a pair of gaping holes that expose hundreds of millions of computer users to remote code execution attacks. The vulnerabilities are rated “critical” and affect Adobe Reader and Adobe Acrobat on all platforms — Windows, Mac and Linux. Th...