vulnerability

Software Security

Issued by: Dark Reading

Big Apple Flaw Allows Root Access to Macs without Password

Mac users and administrators need to be on the lookout for compromised machines after a security researcher disclosed late yesterday a big flaw in Apple’s macOS High Sierra platform that allows for password-less logins to root accounts. Publicly disclosed by software engineer Lemi Orhan Ergin via Twitter, the flaw allows someone with physical access to…

Vulnerabilities

Issued by: Symantec Blog

Why Smart Devices Need Even Smarter Security

The introduction of a new generation of connected, intelligent devices into the workplace has helped businesses become more productive, serve customers more efficiently and expand into new markets. But as more smart devices join the burgeoning Internet of Things (IoT), the transition has scrambled the historical notion of the corporate endpoint. We’ve moved beyond the…

Vulnerabilities

Issued by: Security Intelligence

Don’t Let a Retail Vulnerability Cause Holiday Havoc

Retail data breaches have historically occurred during the holiday season. The high volume of transactions and management’s focus on sales and inventory distract attention from a potential retail vulnerability, exposing opportunities for cybercriminals to infiltrate point-of-sale (POS) systemsand online transaction streams.

Malware & Threats

Issued by: Security Week

Windows Defender Immune to AVGater Quarantine Flaw: Microsoft

A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says. Dubbed AVGater, the new attack method relies on a malicious DLL being quarantined by an anti-virus product and then abuses the security program’s Windows process to restore the file.

Network Security

Issued by: Kaspersky Blog

What Mr. Robot can teach us all about security

Mr. Robot has won the hearts and captured the minds of a lot of people around the globe by showing a captivating view of the information security world — and how vulnerable we all are to cyberattacks. When you see how main character Elliot and the hacker group fsociety hack whole corporations, never mind just…

Malware & Threats

Issued by: Security Week

New ATMii Malware Can Empty ATMs

A newly detailed malware targeting automated teller machines (ATM) allows attackers to completely drain available cash, Kaspersky Lab researchers have discovered. Dubbed ATMii, the threat was first spotted in April this year, featuring an injector module (exe.exe) and the module to be injected (dll.dll). Actors using the malware need direct access to a target ATM…

Software Security

Issued by: Help Net Security

Is your Mac software secure but firmware vulnerable?

Mac users who have updated to the latest OS version or have downloaded and implemented the most recent security update may not be as secure as they originally thought, Duo Security researchers have found. That’s because many of them did not receive the newest firmware along with OS and software updates.

Vulnerabilities

Issued by: Help Net Security

Billions of Bluetooth-enabled devices vulnerable to new airborne attacks

Eight zero-day vulnerabilities affecting the Android, Windows, Linux and iOS implementations of Bluetooth can be exploited by attackers to extract information from, execute malicious code on, or perform a MitM attack against vulnerable devices. The vulnerabilities, collectively dubbed BlueBorne by the researchers who discovered them, can be exploited without users having to click on a…

Vulnerabilities

Issued by: Help Net Security

Equifax attackers got in through an Apache Struts flaw?

Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to compromise the company’s networks? Equifax has yet to share more details about how the attack was pulled off, but a report by financial services firm Robert W. Baird & Co….

Malware & Threats

Issued by: Security Week

Understanding Looming Threats and the Need to Hunt With Anonymity

Situational awareness is critical in every kind of engagement. The internet is no exception. Effectively all modern conflicts take place, at least in part, online. To understand the threats you will inevitably face, you need to go hunting outside your perimeter. Only by surreptitiously monitoring and engaging with potential attackers and malware developers will you…