vulnerability Archives - Page 21 of 24

5 incident response practices that keep enterprises from adapting to new threats

Issued by: Help Net Security

Security analysts within enterprises are living a nightmare that never ends. 24 hours a day, their organizations are being attacked by outside (and sometimes inside) perpetrators – hackers, hacktivists, competitors, disgruntled employees, etc. Attacks range in scope and sophistication, but are always there, haunting the security teams tasked with guarding against them. To cope with…

Network Security

New class of attacks affects all Android versions

Issued by: Help Net Security

Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices. “The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app (with all permissions enabled), and silent phone unlocking + arbitrary actions (while keeping the screen off),” the researchers, from Georgia…

Network Security

Stopping Threats in Their Tracks With Proactive Monitoring

Issued by: Security Intelligence

With household names such as Renault ceasing manufacturing and the National Health Service of the U.K. actively redirecting patients from hospitals that are incapable of providing critical health care, ransomware has moved well beyond an annoyance that impacts your grandmother’s laptop and directly into the global spotlight. Over the past few days, however, the behavior…

Network Security

APT3 hackers linked to Chinese intelligence

Issued by: CSO

The APT3 hacker group, which has been attacking government and defense industry targets since 2010, has been linked to the Chinese Ministry of State Security, according to a report by Recorded Future. Other attackers have been linked to the Chinese military, but this is the first time a group has been connected to Chinese intelligence,…

Network Security

Breaking TLS: Good or bad for security?

Issued by: Help Net Security

As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network. Breaking TLS is typically accomplished by loading an inspection CA certificate that dynamically generates certificates by your TLS inspection device. The public key from…

Malware & Threats

Week in review: WannaCry decryptor available, stealing Windows credentials using Google Chrome

Issued by: Help Net Security

Here’s an overview of some of last week’s most interesting news and articles: DocuSign breached, stolen info used for targeted phishing campaign Phishing emails impersonating electronic signature technology provider DocuSign are not an unusual sight, but the latest campaign has the added advantage of specifically targeting registered DocuSign users. There’s now a WannaCry decryptor tool…

Vulnerabilities

Who are we kidding? WannaCry is not a first

Issued by: Help Net Security

On Friday, May 12, 2017, the world was alarmed to discover that cybercrime has reached a new record, in a widespread ransomware attack dubbed WannaCry that is believed to have caused the biggest attack of its kind ever recorded. The details of the attack are all being reported as we go, as security teams scramble…

Vulnerabilities

Apple issues security updates for macOS, iDevices

Issued by: Help Net Security

It’s time to patch your Mac, iDevices and software again: Apple has released security updates for MacOS (all the way back to Yosemite), iOS, watchOS, tvOS, iTunes, iCloud for Windows, and Safari. The iTunes and iCloud for Windows updates fix one vulnerability in WebKit each. But both of these are critical, as they can be…

Malware & Threats

WannaCry: Are you safe?

Issued by: Kaspersky Blog

A few days ago saw the beginning of the Trojan encryptor WannaCry outbreak. It appears to be pandemic — a global epidemic. We counted more than 45,000 cases of the attack in just one day, but the true number is much higher. What happened? Several large organizations reported an infection simultaneously. Among them were several…

Software Security

Certain HP laptops are found recording users’ keystrokes

Issued by: CSO

Over two dozen HP laptop models have been secretly recording users’ keystrokes, possibly by mistake, according to a Swiss security firm. The keylogger is found within the PCs’ audio driver software and has existed since at least Dec. 2015, the security firm Modzero said in a Thursday blog post. The audio driver was designed to…