Joomla vulnerability can be exploited to hijack sites, so patch now!
If you’re running a website on Joomla, you should update to the newly released 3.6.5 version as soon as possible – or risk your site being hijacked. The newest version of the popular CMS has been released on Tuesday (December 13), and it fixes three vulnerabilities, several bugs, and includes a number of new security…
Ransomware Report: Top Security Threat Expected to Continue Rising in 2017
Digital extortion by means of ransomware or a systems breach was one of the most prominent threats to consumers and businesses in 2016. It seems IBM Security’s prediction materialized quite excessively this past year. Ransomware is a generic name for a family of computer bugs programmed to lock up endpoints, such as PCs, servers or…
Corporate Office 365 users hit with clever phishing attack
Corporate Office 365 users are being targeted by phishers using a clever new trick to bypass email filters and the default security protections of the Microsoft service. The attack comes in the form of fake emails, and the trick makes the user to see one URL in the link, anti-phishing filters another, and the actual…
It’s Time For Organizations To Automate Security
Dishwashers are a great invention; they use automation to do a repetitive, high-value task that does not require much skill. It is time to bring your security team out of the 1970s and stop making them wash the cybersecurity dishes by hand. The addition of automation to washing dishes has several benefits, besides eliminating the…
A closer look at a tech support screen locker
In this blog post, we are going to take a closer look at some of the code that the most predominant family of tech support screen lockers are currently using to frustrate their victims. This, which is dubbed VinCE because of the Program folder it creates for itself, is compiled in Microsoft Intermediate Language (MSIL),…
Microsoft Patches Several Publicly Disclosed Flaws
Microsoft’s December 2016 Patch Tuesday updates include a total of 12 critical and important security bulletins that resolve vulnerabilities in Windows, Office, Internet Explorer and Edge. Several of the vulnerabilities patched this week have already been publicly disclosed. For instance, the critical bulletin MS16-144 fixes eight remote code execution, security bypass and information disclosure flaws….
End the air gapping myth in critical infrastructure security
In an environment where we’re seeing increasing demand for connectivity between operational technology (OT) and IT, security teams have to dispel the air gapping myth to acknowledge that IT influences can exploit OT connections. The air gapping approach was used for a long time to prevent any impact on ICS systems. But it’s wishful thinking…
DDoS attacks via WordPress now come with encryption
Kaspersky Lab experts have noted an emerging trend – a growth in the number of attacks using encryption. Such attacks are highly effective due to the difficulty in identifying them amongst the overall flow of clean requests. Recently, the company encountered yet more evidence of this trend – an attack exploiting vulnerabilities in WordPress via…
Data enrichment records for 200 million people up for sale on the Darknet
Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet. The person offering the files claims the data is from Experian, and is looking to get $600 for everything. Details of this incident came to Salted Hash via the secure drop at Peerlyst, where someone uploaded…
IDG Contributor Network: Putting the privacy into cybersecurity at DHS
Security and privacy have an awful lot in common; both disciplines care deeply about the confidentiality of personally identifiable information. Attend a cyber-security conference or a privacy conference, you are likely to hear the same catch phrases “[Security/privacy] is best addressed at the earliest stages of system development, not at the end when retrofitting requirements…