Researchers have discovered a code-injection vulnerability in the Windows operating system that cannot, because of the nature of the operating system, be patched. It could be used to bypass current malware protection solutions in place. “Unfortunately,” writes enSilo researcher Tal Liberman in a report published Oct. 27, “this issue cannot be patched since it doesn’t rely…

Less than 24 hours after Joomla released patches for a couple of critical account creation vulnerabilities, researchers noticed that malicious actors had already started exploiting the flaws in the wild. Joomla announced on October 25 the availability of version 3.6.4 to fix two serious vulnerabilities: CVE-2016-8870, which allows attackers to create user accounts even if…

An online hackers’ forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday’s massive internet disruption. HackForums.net will be shutting down the “Server Stress Testing” section, the site’s admin Jesse “Omniscient” LaBrocca said in a Friday posting. “I do need to make sure that we continue to exist and given…

Healthcare is the most cyber attacked industry according to the 2016 IBM X-Force Cyber Security Intelligence Index. In the same report just a year ago — when financial services held the top spot — healthcare wasn’t even in the top six. The IBM report states that more than 100 million patient records globally were breached last…

No one has claimed responsibility, and Dyn has been somewhat quiet about the attack vectors, but has said that possibly 100,000 hijacked connected devices could have been used in the attack. The attacks could be fallout from the Mirai IoT Botnet assault against Brian Krebs earlier this month. As Krebs himself notes, the attacks started within…

At the Security Awareness Summit this August in San Francisco, a video clip was shown that highlights the need to develop holistic security awareness. The segment showed an employee being interviewed as a subject matter expert in his office cubicle. Unfortunately, all his usernames and passwords were on sticky notes behind him, facing the camera…

Every day, leaders of large cities grapple with knotty, complex problems like decaying public transportation infrastructures, aging utility lines, urban blight, neighborhoods that are vulnerable to the effects of climate change, and other multi-faceted socio-economic challenges. Increasingly, municipal leaders are turning to urban analytics, data collection, and advances in sensor technology to help solve the…

45% of consumers have been a victim of some form of cybercrime — with 65% choosing not to report the incident to authorities. Research also found that one in six of these consumers have lost funds due to online fraud, with 20% losing in excess of $1,298. Conducted by Opinium, the research surveyed 3,457 consumers…

A newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions for the following operating systems: Windows Mac Linux Chrome OS According to Adobe, an exploit…