15946 matches found
Premier League's Return: A Hat Trick of Cyberthreats?
England’s Premier League is returning this week, with millions of soccer fans around the world looking to stream matches using their online video accounts. Unfortunately, the U.K.’s National Cyber Security Centre NCSC is warning on phishing, fraud and brute-forcing attempts by attackers looking t...
Knoxville Ransomware Attack Leads to IT Network Shutdown
The city of Knoxville, Tenn. is reeling from a ransomware attack that knocked the city’s network offline and prevented police officers from responding to non-life-threatening traffic crashes. The incident occurred Wednesday and shuttered systems until Thursday. Also impacted was the city’s intern...
GoDaddy Hack Breaches Hosting Account Credentials
UPDATE GoDaddy, the world’s largest domain name registrar, is warning customers that attackers may have obtained their web hosting account credentials. An “unauthorized individual” was able to access users’ login details in an intrusion that the company said took place back in October — the compa...
More Than Half of IoT Devices Vulnerable to Severe Attacks
More than half of all internet of things IoT devices are vulnerable to medium- or high-severity attacks, meaning that enterprises are sitting on a “ticking IoT time bomb,” according to Palo Alto Networks Unit 42 research team. In new research released Tuesday, researchers said that several...
Gnip Banking Trojan Shows Ongoing, Aggressive Development
A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene, and its authors have taken an aggressive development track: Gnip appears to have been cobbled together in under five months, with four different variants already circulating — including a sample released in...
Marriott Hit With $123M Fine For Massive 2018 Data Breach
The U.K.’s privacy watchdog is hitting Marriott International with a $123 million £99 million penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office ICO and comes only a day after the organization...
Help Keep Data and Systems Safe with Access Rights Manager (ARM)
Built to provision, deprovision, audit, and manage user access rights to data, files, and other systems, SolarWinds® Access Rights Manager ARM is designed to help security admins and IT pros protect their companies from potential risks like data loss and breaches. Visualize who has access to what...
Mozilla Firefox 65 Ups the Ante on Privacy with Anti-Tracking Efforts
Mozilla has unveiled new anti-tracking policies and redesigned privacy controls in tandem with the release of Firefox 65 on Tuesday. The company announced a new set of redesigned controls for the Content Blocking section, where users can choose their desired level of privacy protection. These are...
Android OS API-Breaking Flaw Offers Useful WiFi Data to Bad Actors
An “API-breaking” vulnerability has been uncovered that potentially exposes Android device systems data to rogue apps — information that could be very useful to bad actors. Researchers from Nightwatch Cybersecurity System said that certain all-points-bulletins sent out by the Android OS expose...
Fresh Approach to WiFi Cracking Uses Packet-Sniffing
Legacy WiFi just became a little less safe, according to Jens Steube, the developer of the password-cracking tool known as Hashcat. He has found a faster, easier way to crack some WPA/WPA2-protected WiFi networks. Hackers have compromised the WPA/WPA2 encryption protocols in the past, but it’s an...
Malicious Docker Containers Earn Cryptomining Criminals $90K
UPDATE Seventeen malicious Docker containers earned cryptomining criminals $90,000 in 30 days in what could be a harbinger of things to come. The figure may seem tame compared to some of the larger paydays that cryptojackers have earned. But, researchers at Kromtech Security Center warn container...
Schneider Electric Patches Critical RCE Vulnerability
Researchers discovered a critical remote code execution vulnerability in two Schneider Electric industrial control related products that could give attackers the ability to disrupt or shut down plant operations. Tenable Research, who discovered the vulnerability CVE-2018-8840 and created a...
Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions
Siemens has made an update available for some of its SIMATIC PCS 7 distributed control systems that are impacted by a remotely exploitable input validation vulnerability. Siemens said version 8.2 and V8.1 prior to 8.1 SP1 with WinCC v7.3 Update 13 are affected. “Successful exploitation of this...
WordPress Delivers Second Patch For SQL Injection Bug
A bug exploitable in WordPress 4.8.2 and earlier creates unexpected and unsafe conditions ripe for a SQL injection attack, exposing sites created on the content management system to takeover. WordPress released WordPress 4.8.3 Tuesday, which mitigates the vulnerability. “This is a security releas...
iOS 11 Update includes Patches for Eight Vulnerabilities
iOS 11 is out today and along with a new look and feel on the iPad especially comes a handful of patches for the Apple mobile OS. Apple addressed eight CVEs in today’s iOS update, and 15 overall as it also updated Safari and the Xcode development framework. Two Webkit bugs, CVE-2017-7106 and...
Windows Search Bug Worth Watching, and Squashing
Between Conficker and WannaCry, there was a nearly a decade when network worms went dark. WannaCry changed that, riding into enterprises globally on the coattails of a leaked nation-state exploit. In the months since the May 12 ransomware attack, vendors, researchers and network admins have been ...
Patched Flash Player Sandbox Escape Leaked Windows Credentials
One of the patches included in Tuesday’s Adobe Flash Player update was a do-over after the researcher who privately reported the problem earlier this year discovered the original patch incompletely resolved the issue. Dutch researcher Bjorn Ruytenberg disclosed details after Adobe updated the...
Stack Clash Vulnerability in Linux, BSD Systems Enables Root Access
Linux, BSD, Solaris and other open source systems are vulnerable to a local privilege escalation vulnerability known as Stack Clash that allows an attacker to execute code at root. Major Linux and open source distributors have made patches available today, and systems running Linux, OpenBSD,...
Unpatched Western Digital Bugs Leave NAS Boxes Open to Attack
Western Digital Corporation network-attached storage owners were warned of critical flaws in the company’s My Cloud line of hardware that exposed data stored on the devices to attack. The flaws impact a dozen Western Digital drives that could allow remote adversaries to bypass logins, insert...
Firefox 51 Begins Warning Users of Insecure HTTP Connections
Mozilla Foundation took steps with the release of Firefox 51 on Tuesday to communicate more clearly to users when they land on a HTTP website collecting personal information such as passwords that the site may not be secure. Going forward, Firefox will display a gray lock icon with a red...
Google Plugs 21 Security Holes in Chrome Browser
Google on Wednesday patched 21 security vulnerabilities in Chrome, including a half dozen rated high severity that were reported by external researchers and were eligible for a bounty. Bug hunters earned a total of $30,000 in bounties, with a top payout of $7,500 to an unnamed researcher for a...
ISC Patches Critical Error Condition in BIND
The Internet Systems Consortium patched the BIND domain name system this week, addressing what it calls a critical error condition in the software. A security advisory on ISC’s Knowledge Base on Tuesday acknowledges an attacker can exploit the vulnerability remotely and likely for that reason,...
Chrome 53 Fixes Address Spoofing Vulnerability, 32 Other Bugs
Google continued its onslaught of summer Chrome patches Wednesday when it pushed out version 53 of the browser, fixing 33 bugs, half of which were rated “high” severity by the company. Google paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time...
Adobe Patches Experience Manager; No Flash Update
Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t. For the first time since January, Adobe did not release a security update for Flash Player. Given Flash’s legacy of being a target-rich environment for cybercriminals and advanced...
Android Qualcomm Vulnerability Impacts 60 Percent of Devices
A flaw in mobile chip maker Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with...
Microsoft Wins Widespread Support in Privacy Clash With Govt.
Microsoft’s lawsuit against the U.S. government for the right to tell its customers when a federal agency is looking at their emails is getting widespread support by privacy advocates. For many, Microsoft’s stance lends an important and powerful voice to ongoing efforts to reform the Electronic...
June 2015 Microsoft Patch Tuesday Security Bulletins
IT administrators today were granted a relatively light month of security bulletins from Microsoft, which is likely to be welcomed given that Windows Server 2003 security support ends in little more than a month. Microsoft today released eight bulletins, two of them rated critical, including a...
Oracle Patch Update Delivers 98 Fixes
Released alongside patches from Microsoft and Adobe yesterday, Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products, including Oracle’s Database, Fusion Middleware, Java SE, and MySQL, to name a few. One of the most pressing issues the update resolves is...
Google Fixes Dozens of Bugs in Chrome 42
Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous...
Chinese Hackers Compromised Forbes.com Using IE, Flash Zero Days
A Chinese APT group was able to chain together two zero day vulnerabilities, one against Adobe’s Flash Player and one against Microsoft’s Internet Explorer 9, to compromise a popular news site late last year. The group’s aim was to gain access to computers at several U.S. defense and financial...
Two Cisco Products Vulnerable to POODLE Attack on TLS
Two of Cisco’s products are vulnerable to the POODLE attack via the TLS implementation in those products. The vulnerability affects Cisco’s Adaptive Security Appliance software and its Application Control Engine module. The POODLE attack was disclosed in October by researchers from Google, who...
Bitcoin Transaction Malleability Flaw Resolved
The so-called transaction malleability software issue blamed for the dissolution of Bitcoin exchange Mt. Gox has been patched. Also, the Bitcoin-QT reference client was also rebranded to Bitcoin Core, in order to clear confusion users might have had between the Bitcoin network and software. Bitco...
Researcher Warns of Critical Flaws in Oracle Servers
There are two vulnerabilities in some of Oracle’s older database packages that allow an attacker to access a remote server without a password and even view the server’s filesystem and dump arbitrary files. Oracle has not released a patch for one of the flaws, even though it was reported by a...
Google Blocks Malicious File Downloads Automatically in Chome
Google has fixed five vulnerabilities in its Chrome browser and also has activated a feature that will block malicious file downloads automatically. The change is a major security upgrade for Chrome and will help prevent users from unwittingly downloading harmful files, an attack vector that...
Microsoft Readies Eight Patches, IE Zero Day Fix
Microsoft has announced that it plans to release eight patches next week as part of its October Patch Tuesday release, addressing flaws in its Windows, the .NET Framework, Office, Server, Silverlight and most importantly its Internet Explorer browser. Four of the patches are marked critical,...
Researchers Ponder When to Notify Users of Public Vulnerability Exploits
BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point...
SharePoint Fixes Priority for September 2013 Patch Tuesday
It’s no secret that putting SharePoint installations online and making them accessible without authentication is standard practice in many organizations. Those SharePoint administrators, however, may want to rethink their policies after today’s Microsoft Patch Tuesday security bulletins release...
BlackBerry Z10 Privilege Escalation Security Vulnerability
BlackBerry has released a security update resolving an escalation of privilege vulnerability that existed in “BlackBerry Protect” enabled devices running version 10.0.10.261 and earlier operating systems. The company says that version 10.0.9.2743 is not affected and that they have found no eviden...
Spyware Campaign Originating in India Targeting Pakistanis
A new malware campaign has been hitting Pakistan hard over the last few months and after a little e-sleuthing, it appears the not-so-stealthy attacks have been originating from nearby India and exploiting a certificate to run its binaries. Security firm Eset has a full rundown of the campaign tod...
Oracle Releases 86 Patches in its January Critical Patch Update
This week’s relentless onslaught of security patches continued late Tuesday afternoon when Oracle released its quarterly Critical Patch Update, a healthy dose of 86 security updates across all major product lines including Oracle Database and MySQL Server. The most serious may be a critical...
Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices
Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service DoS attacks. According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer...
Apple Patches Java Flaws
Apple has released a patch that fixes a laundry list of vulnerabilities in Java after Oracle pushed out a fix for the technology for users of Windows and other platforms. The patch from Apple also completely disables the Java plugin in users’ browsers in order to prevent users from falling victim...
Another IE Exploit Targeting Defense Industry Discovered
Another malicious website has been discovered hosting an exploit for the zero-day vulnerability Internet Explorer patched by Microsoft last week. This site, like the other exploits discovered, targets the defense and space industries, and is dropping an unknown payload, according to Barracuda Lab...
Cross-Platform Flaws a Boon For Attackers
Attackers and malware writers, like many other people, tend to specialize, honing their skills in one particular discipline in order to maximize their chances for success. But Microsoft researchers have come across a series of malware samples and exploits that show that some attackers are beginni...
Google Patches 14 Chrome Bugs Ahead of Pwn2Own, Pays $30k in Special Rewards
Just two days before the annual Pwn2Own contest is set to begin at CanSecWest, Google has patched a huge set of serious vulnerabilities in its Chrome browser. In addition to the 14 high-risk flaws fixed in Chrome, the company also handed out rewards of $10,000 each to three researchers who...
Ubuntu Fixes Kerberos Bug With New Packages
There’s a vulnerability in the Kerberos implementation in several versions of Ubuntu, which could allow an attacker to cause a denial-of-service on vulnerable servers. The bug is in Ubuntu 8.04, Ubuntu 9.10, Ubuntu 10.04 and Ubuntu 10.10. The bug is in the Ubuntu implementation of the Kerberos...
Rob Cheyne on Security Education and the Problem of People in Security
Dennis Fisher talks with Rob Cheyne of Safelight Security Advisors about the classical problem of user education, how much of an obstacle to security people are and the ways in which technology has made security more difficult. Podcast audio courtesy of sykboy65 Subscribe to the Digital Undergrou...
PostgreSQL Vulnerabilities Fixed
PostgreSQL 7 and 8 users are advised to update their installations as the development team has released new versions which fix a vulnerability classed as moderately severe in PL/perl and PL/tcl. CVE-2010-1169, CVE-2010-1447 and CVE-2010-1170 reports detail the vulnerabilities involved. Read the...
Apple Plugs Critical iPhone Security Holes
Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files. Here’s the skinny on the vulnerabilities being...
MS Confirms Windows 7 DoS Flaw
On the heels of last week’s release of exploit code for a crippling denial-of-service vulnerability in Windows 7 and Windows Server 2008 R2, Microsoft has issued a security advisory to confirm the issue and offer pre-patch mitigations. The flaw, in the Microsoft Server Message Block SMB Protocol...