Month: December 2016

Vulnerabilities

Issued by: Security Week

Yahoo Pays Out $10,000 Bounty for Critical Mail Flaw

A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email. Nearly one year ago, Jouko Pynnönen of Finland-based software company Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in the web version of the Yahoo!…

Vulnerabilities

Issued by: Security Intelligence

How to Find and Remediate Vulnerabilities in Real Time

Every business, large or small, must be able to remediate vulnerabilities that can threaten to undermine all its hard work and success. The security analysts and IT operators at these organizations have surely heard of household-name vulnerabilities like Heartbleed and Shellshock. But do they have all the knowledge and tools they need to track and…

Malware & Threats

Issued by: Security Week

Locky Variant Osiris Distributed via Excel Documents

The infamous Locky ransomware has once again switched to a new extension to append to encrypted files, but reverted to malicious Office documents for distribution, security researchers have discovered. The latest Locky variant is appending the .osiris extension to encrypted files, marking a switch from the Norse mythology to Egyptian mythology. The change comes only…

Malware & Threats

Issued by: Help Net Security

Top 4 global security threats businesses will face in 2017

While the political, social and economic implications are not fully clear, gigabit connectivity represents a significant overnight leap forward. This will enable the IoT and a new class of applications to emerge that will “exploit the combination of big data, GPS location, weather, personal-health monitoring devices, industrial production and much more. Connectivity is now so…

Cloud Security

Issued by: Help Net Security

Governments are behind on data encryption in the public cloud

A HyTrust survey of 59 government and military organizations found that nearly 20 percent of those respondents do not implement data security or encryption solutions in the public cloud. Government agencies today are facing budget constraints and increasingly strict regulations. The latest cloud first policy now requires these organizations to consider cloud-based technology options, which…

Network Security

Issued by: Security Intelligence

Real-Time Payments, Real-Time Fraud Risks?

Real-time payments, near real-time payments, faster payments, immediate payments — those are just some names used to describe the increasing speed of the settlement transaction process. Slow clearing times for payments can have a negative effect on businesses and consumers, but a quicker process may introduce fraud risks. The National Automated Clearing House Association (NACHA)…

Malware & Threats

Issued by: CIO Security

Obama’s cybersecurity plan faces uncertainty with Trump

U.S. consumers could one day see cybersecurity ratings on technology products, much like today’s EnergyStar ratings, if the findings of a government-sponsored cybersecurity commission are heeded. Although like much in Washington right now, a lot depends on  incoming U.S. President Donald Trump and his views on cybersecurity are far from clear. The report, published on…