Windows 10 Security Feature Broken, CERT/CC Warns

Windows 10 Security Feature Broken, CERT/CC Warns
Application Security , Endpoint Security , Technology Entropy Alert: Non-Random ASLR Leaves Systems Open To Buffer Overflow Attacks( euroinfosec ) • November 21, 2017    Photo: Andrew Writer via Flickr/CC...
Continue reading
0 Comments

House Committee Urges HHS Action on Medical Device Risks

House Committee Urges HHS Action on Medical Device Risks
Cybersecurity , Endpoint Security , Risk Management But Some Say the Request Doesn't Go Far Enough( HealthInfoSec ) • November 21, 2017    Rep. Greg Walden, R-Oregon, chair of House...
Continue reading
0 Comments

Uber Hacked: Information of 57 Million Users Accessed in Covered-Up Breach

Uber Discloses Massive Hack
Uber Covered Up Massive Hack in 2016 for More Than a Year Uber said Tuesday that hackers accessed the personal data of 57 million of its users in a breach...
Continue reading
0 Comments

Symantec Patches Vulnerability in Management Console

Symantec has released an update to address a directory traversal vulnerability in the Symantec Management Console. Tracked as CVE-2017-15527, the security flaw has a CVSS score of 7.6 and has...
Continue reading
0 Comments

House Committees Get Serious in New Letter to Equifax

The chairpersons of the House Science, Space, and Technology Committee and the House Oversight and Government Reform Committee on Monday sent a new letter ( PDF ) to Paulino Barros,...
Continue reading
0 Comments

Code Execution Flaw Found in HP Enterprise Printers

HP Printer
Researchers have found a potentially serious remote code execution vulnerability in some of HP’s enterprise printers. The vendor claims to have already developed a patch that will be made available...
Continue reading
0 Comments

macOS Malware Spread Via Fake Symantec Blog

A newly observed variant of the macOS-targeting Proton malware is spreading through a blog spoofing that of legitimate security company Symantec. The actor behind this threat created symantecblog[dot]com, a good...
Continue reading
0 Comments

Has Everyone Really Been Hacked?

There is little doubt that fear sells security products, hikes law enforcements agency (LEA) budgets and sells newspapers. Both the security industry and government agencies benefit from sensational headlines; leaving...
Continue reading
0 Comments

Cobalt Hackers Now Targeting Banks Directly

The notorious Cobalt hackers have shown a change in tactics recently, switching their attacks to targeting banks themselves, instead of bank customers, Trend Micro reports. Newly observed attacks appear to...
Continue reading
0 Comments

U.S. Charges Iranian Over 'Game of Thrones' HBO Hack

The United States on Tuesday charged an Iranian computer whiz with hacking into HBO, stealing scripts and plot summaries for "Games of Thrones," and trying to extort $6 million in...
Continue reading
0 Comments

Final Version of 2017 OWASP Top 10 Released

OWASP top 10 2017
The final version of the 2017 OWASP Top 10 was released on Monday and some types of vulnerabilities that don’t longer represent a serious risk have been replaced with issues...
Continue reading
0 Comments

Intel Chip Flaws Expose Millions of Devices to Attacks

Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released...
Continue reading
0 Comments

North Korean Hackers Target Android Users in South

At least two cybersecurity firms have noticed that the notorious Lazarus threat group, which many experts have linked to North Korea, has been using a new piece of Android malware...
Continue reading
0 Comments

Windows 8 and Later Fail to Properly Apply ASLR

Address Space Layout Randomization (ASLR) isn’t properly applied on versions of Microsoft Windows 8 and newer, an alert from Carnegie Mellon University-run CERT Coordination Center (CERT/CC) warns. The issue is...
Continue reading
0 Comments

Secureworks Releases Open Source IDS Tools

Secureworks has released two open source tools, Flowsynth and Dalton, designed to help analysts test rules for intrusion detection systems (IDS) and intrusion prevention systems (IPS) such as Snort and...
Continue reading
0 Comments

Dealing With Data Loss Your Firewall Can't Stop

Information security is built on the pillars of confidentiality, integrity, and availability. Confidentiality is about making sure your secrets stay secret. There are four ways that sensitive information can make...
Continue reading
0 Comments

Top Takeaways From the Healthcare Security Summit

Top Takeaways From the Healthcare Security Summit
Breach Preparedness , Data Breach , Endpoint Security Top Takeaways From the Healthcare Security Summit Urgent Issues That Need to Be Addressed Now( HealthInfoSec ) • November 17, 2017  ...
Continue reading
0 Comments

White House Unveils New Rules on Divulging IT Security Flaws

White House Unveils New Rules on Divulging IT Security Flaws Also, Storing Passcodes in Fabric) • November 17, 2017     10 Minutes    A report on new White House rules...
Continue reading
0 Comments

Researcher: McAfee URL Security Service Gave Pass to Trojan

Researcher: McAfee URL Security Service Gave Pass to Trojan
image
image
Anti-Malware , Technology But ClickProtect Worked as Designed, McAfee Contends( jeremy_kirk ) • November 16, 2017     A security researcher has noticed a snafu involving a McAfee security feature...
Continue reading
0 Comments

Kaspersky Blames NSA Analyst For U.S. Intel Leak

Kaspersky Blames NSA Analyst For U.S. Intel Leak
Anti-Malware , Data Loss , Technology Anti-virus Vendor Says It Collected, Then Deleted Four Classified Documents( jeremy_kirk ) • November 17, 2017    Kaspersky Lab's Moscow headquarters. (Photo: Mikhail Deynekin...
Continue reading
0 Comments