Top

Vulnerabilities

Factorization Flaw in TPM Chips Makes Attacks on RSA Private Keys Feasible

October 17, 2017

Via: Threat Post

A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for […]


Network security

Steps to Improve Critical Infrastructure and ICS Network Security

October 17, 2017

Via: Security Week

At this point, I’ve written a number of times about the increasing threat to the security of Industrial Control Systems (ICS) and Critical Infrastructure networks. I’ve pointed to a changing threat landscape and to inherent flaws and systemic security risks […]


Network security

Getting the Most Out of Cyber Threat Intelligence

October 16, 2017

Via: Dark Reading

Today’s security environment is complex, ever changing, and sometimes even political. Many organizations struggle to keep current about the cyber threats they face. This is due to a number of issues, ranging from the failure to adapt security recommendations to […]


Mobile security

DoubleLocker Delivers Unique Two-Punch Hit to Android

October 16, 2017

Via: Dark Reading

Android users downloading a fake Adobe Flash Player from a malicious website may find themselves victimized by a unique strain of Android ransomware called DoubleLocker, ESET researchers disclosed today. DoubleLocker, which was discovered in the wirld in August, will not […]


Network security

Unlimited DDoS protection the new norm after Cloudflare announcement

October 16, 2017

Via: CSO Online

Late last month, global distributed denial of service (DDoS) protection provider Cloudflare announced that it would no longer charge customers extra when they were under attack. The company claims to have nearly 10 million customers and a presence in 117 […]


Vulnerabilities

Linux kernel affected by a local privilege escalation vulnerability

October 16, 2017

Via: Security Affairs

On Friday, Cisco issued a security advisory on a local privilege escalation vulnerability in the Advanced Linux Sound Architecture (ALSA). The vulnerability in the Linux Kernel, tracked as CVE-2017-15265, is due to a use-after-free memory error in the ALSA sequencer […]


Malware, Virus & Malware

Hyatt Hotels Hit by Another Card Breach

October 13, 2017

Via: Security Week

Chicago-based hotel operator Hyatt Hotels Corporation informed customers this week that their credit card information may have been stolen by cybercriminals. This is the second data breach discovered by the company within a period of two years. The incident affects […]


Malware

Legacy Office Feature Used In Novel Document Attacks

October 13, 2017

Via: Threat Post

Recent document-based attacks have leveraged malicious macros that if enabled install malware. But, researchers at SensePost have developed a proof-of-concept attack that does not require macros and instead uses an old Microsoft Office feature called Dynamic Data Exchange to execute […]


Cloud security, Network security

Centralized security in the cloud is the best security model

October 13, 2017

Via: InfoWorld

It’s 6:00 a.m. on a Monday morning. You get an automated text from your security systems that a DDOS attack was attempted, but new security policies downloaded several hours earlier proactively protected the systems from the attacking IP address. All […]


Mobile security

iOS Password Prompts are Ripe for Abuse

October 12, 2017

Via: Threat Post

Apple’s policy to repeatedly ask users for their iTunes password needlessly exposes iOS device owners to possible phishing attacks, according a mobile app developer Felix Krause. Krause’s beef with Apple is that too often and seemingly at random times, popups […]