May 2017 - Cyber Security Minute

Vulnerability opens FreeRADIUS servers to unauthenticated attackers

Issued by: Help Net Security

There is currently no indication that the flaw is being exploited in the wild, but as the existence of the flaw has been made public, the likelihood of attacks rises. The good news is the FreeRADIUS Development Team has plugged the hole in version 3.0.14 of the FreeRADIUS suite (pushed out on Friday), and administrators…

Application Security

Healthcare industry continues to struggle with software security

Issued by: Help Net Security

67% of medical device manufacturers and 56% of healthcare delivery organizations (HDOs) believe an attack on a medical device built or in use by their organizations is likely to occur over the next 12 months. According to the results of a recent survey, roughly one third of device makers and HDOs are aware of potential…

Malware & Threats

5 incident response practices that keep enterprises from adapting to new threats

Issued by: Help Net Security

Security analysts within enterprises are living a nightmare that never ends. 24 hours a day, their organizations are being attacked by outside (and sometimes inside) perpetrators – hackers, hacktivists, competitors, disgruntled employees, etc. Attacks range in scope and sophistication, but are always there, haunting the security teams tasked with guarding against them. To cope with…

Vulnerabilities

Week in review: Hacking through subtitles, new class of attacks against Android

Issued by: Help Net Security

Here’s an overview of some of last week’s most interesting news and articles: How to build a better SOC team There’s no scarcity of discussion around the reasons for the infosec skills shortage or ideas for how we can narrow the gap. Few discussions, however, take an honest look at the contrasting career paths of…

Vulnerabilities

China continues to steal high-tech trade secrets

Issued by: CSO

Those who have followed China’s technology acquisition over the last 30-plus years will recognize the latest pilfering of high-tech trade secrets as par for the course. It all started with Project 863, which was the methodical acquisition of western technology. The most recent incident, in support of China’s Ministry of Industry and Information Technology (CMIIT),…

Network Security

New class of attacks affects all Android versions

Issued by: Help Net Security

Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices. “The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off),” the researchers, from Georgia…

Mobile Security

Don’t Leave Home Without These Five Travel Security Tips

Issued by: Security Intelligence

It’s vacation time for many of us, and that means it’s Christmas for criminals. In their eagerness to experience all the wonders of leisure destinations, travelers are prone to overlooking risks to their physical and digital security. Crooks know this, which is why they target people carrying cameras, sporting backpacks or exhibiting other signs of…