Month: November 2016

Software Security

Issued by: CIO Security

Researchers build undetectable rootkit for programmable logic controllers

Researchers have devised a new malware attack against industrial programmable logic controllers (PLCs) that takes advantage of architectural shortcomings in microprocessors and bypasses current detection mechanisms. The attack changes the configuration of the input/output pins that make up the interface used by PLCs to communicate with other devices such as sensors, valves, and motors.

Vulnerabilities

Issued by: Security Week

Vulnerability Impacts Web-Exposed SAP Systems

The bug could be exploited by an external attacker to remotely obtain the list of SAP users from the system, Quenta Solutions’ Sergiu Popa, who SAP acknowledged to have reported the vulnerability, says. “This service is actually an example of application to create a time-off request. This service should not be activated in production systems,…

Malware & Threats

Issued by: Dark Reading

Google Adwords Malvertising Campaign Targets Apple Macs

Apple Mac owners using the Google search engine may have been infected via malicious ads at the tip-top of their search results last week after attackers launched a malvertising campaign against Google Adwords. In an act of gumption or plain cheek, the attackers’ malicious lure of choice was a phony ad for one of Google’s…

Application Security

Issued by: Help Net Security

Integrating threat intelligence with existing security technologies

70 percent of security industry professionals believe threat intelligence is often too voluminous and/or complex to provide actionable insights. The Ponemon Institute study, based on 1,072 respondents in the United Kingdom and North America, also showed that organizations neglect to share essential threat data with board members and C-level executives, despite the fact that security…

Application Security

Issued by: CIO Security

IBM deploys machine learning to bolster online banking security program

Behavioral biometrics that uses machine learning is behind new features being added to IBM’s Trusteer Pinpoint Detect platform, which financial institutions use to head off crooks who may have stolen the username and password of legitimate account holders. The new feature looks for anomalies between legitimate users’ normal mouse gestures and those of the current…

Malware & Threats

Issued by: Security Week

U.S. Should Strike Back at Cyberattackers: Report

The US government and private sector should strike back against hackers to counter cyber-attacks aimed at stealing data and disrupting important computer networks, a policy report said Monday. A panel of experts assembled by the George Washington University Center for Cyber and Homeland Security said policies should be eased to allow “active defense” measures that…

Cloud Security

Issued by: Dark Reading

Microsoft Launches Security Program For Azure IoT

Microsoft has launched a new program for its Azure cloud platform to help business customers strengthen their security posture amid the rise of the Internet of Things. Security and privacy concerns are top of mind for IT pros as the IoT continues to grow within the enterprise. Many struggle to verify the security of their…