AtomBombing: The Windows Vulnerability that Cannot be Patched

Researchers have discovered a code-injection vulnerability in the Windows operating system that cannot, because of the nature of the operating system, be patched. It could be used to bypass current malware protection solutions in place. “Unfortunately,” writes enSilo researcher Tal Liberman in a report published Oct. 27, “this issue cannot be patched since it doesn’t rely…

Many Joomla Sites Hacked via Recently Patched Flaws

Less than 24 hours after Joomla released patches for a couple of critical account creation vulnerabilities, researchers noticed that malicious actors had already started exploiting the flaws in the wild. Joomla announced on October 25 the availability of version 3.6.4 to fix two serious vulnerabilities: CVE-2016-8870, which allows attackers to create user accounts even if…

Hacking forum cuts section allegedly linked to DDoS attacks

An online hackers’ forum has deleted a section that allegedly offered paid distributed denial-of-service attacks, following last Friday’s massive internet disruption. HackForums.net will be shutting down the “Server Stress Testing” section, the site’s admin Jesse “Omniscient” LaBrocca said in a Friday posting. “I do need to make sure that we continue to exist and given…

Healthcare industry is the bullseye for hackers in 2017

Healthcare is the most cyber attacked industry according to the 2016 IBM X-Force Cyber Security Intelligence Index. In the same report just a year ago — when financial services held the top spot — healthcare wasn’t even in the top six. The IBM report states that more than 100 million patient records globally were breached last…

What’s the Fix for IoT DDoS Attacks?

No one has claimed responsibility, and Dyn has been somewhat quiet about the attack vectors, but has said that possibly 100,000 hijacked connected devices could have been used in the attack. The attacks could be fallout from the Mirai IoT Botnet assault against Brian Krebs earlier this month. As Krebs himself notes, the attacks started within…

How To Build A Strong Security Awareness Program

At the Security Awareness Summit this August in San Francisco, a video clip was shown that highlights the need to develop holistic security awareness. The segment showed an employee being interviewed as a subject matter expert in his office cubicle. Unfortunately, all his usernames and passwords were on sticky notes behind him, facing the camera…

Smart city initiatives: Highly integrated and complex problems to solve

Every day, leaders of large cities grapple with knotty, complex problems like decaying public transportation infrastructures, aging utility lines, urban blight, neighborhoods that are vulnerable to the effects of climate change, and other multi-faceted socio-economic challenges. Increasingly, municipal leaders are turning to urban analytics, data collection, and advances in sensor technology to help solve the…

Nearly half of consumers have been cybercrime victims

45% of consumers have been a victim of some form of cybercrime — with 65% choosing not to report the incident to authorities. Research also found that one in six of these consumers have lost funds due to online fraud, with 20% losing in excess of $1,298. Conducted by Opinium, the research surveyed 3,457 consumers…

Flash zero-day being exploited in targeted attacks

A newly discovered zero-day vulnerability in Adobe Flash Player is being exploited by attackers in the wild. Adobe released a Security Bulletin (APSB16-36) yesterday which patches the vulnerability (CVE-2016-7855). The critical vulnerability affects Adobe Flash Player 23.0.0.185 and earlier versions for the following operating systems: Windows Mac Linux Chrome OS According to Adobe, an exploit…