December 2017 - Page 2 of 3 - Cyber Security Minute

Google Researcher Finds Critical Flaw in Keeper Password Manager

Issued by: Security Week

Google Project Zero researcher Tavis Ormandy recently discovered that the Keeper password manager had been affected by a critical flaw similar to one he identified just over one year ago in the same application. Ormandy found the security hole after noticing that Keeper is now installed by default in Windows 10. He remembered a vulnerability…

Software Security

Kaspersky Sues U.S. Government Over Product Ban

Issued by: Security Week

Kaspersky Lab has filed a lawsuit against the U.S. government in response to the decision of the Department of Homeland Security (DHS) to ban the use of the company’s products in federal agencies. The Russia-based cybersecurity firm’s appeal, filed in the U.S. District Court for the District of Columbia, targets the DHS’s Binding Operational Directive…

Malware & Threats

Hackers Target Security Firm Fox-IT

Issued by: Security Week

Fox-IT, the Netherlands-based cybersecurity firm owned by NCC Group, revealed on Thursday that it had been the victim of a man-in-the-middle (MitM) attack made possible by DNS records getting changed at its third-party domain registrar. The incident took place back in September and Fox-IT decided to disclose it now after conducting a detailed analysis. A…

Malware & Threats

New Year, New Threats: Five Security Predictions That Will Take Hold in 2018

Issued by: Security Intelligence

On Dec. 31, we’ll close the books on a year that will go down in history — not due to world events, scientific discoveries or pop culture happenings, but because of the record numbers of personally identifiable information (PII) exposed through major data breaches and cybersecurity events that happened throughout the year.

Malware & Threats

Trump Signs Bill Banning Kaspersky Products

Issued by: Security Week

U.S. President Donald Trump on Tuesday signed a bill that prohibits the use of Kaspersky Lab products and services in federal agencies. The National Defense Authorization Act for FY2018 (H.R. 2810) focuses on Department of Defense and Department of Energy programs, authorizes recruitment and retention bonuses for the Armed Forces, and makes changes to national…

Network Security

Security Compliance: The Less You Spend the More You Pay

Issued by: Dark Reading

The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows. Like the old saying about an ounce of prevention being better than a pound of cure, complying with data protection requirements can be expensive, but the financial consequences of non-compliance can hurt a…

Vulnerabilities

Old Crypto Vulnerability Hits Major Tech Firms

Issued by: Security Week

A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world’s top websites. Last month, F5 Networks informed customers that some of its BIG-IP products include a vulnerability that can be exploited by a remote attacker for recovering encrypted data…

Vulnerabilities

12 Threats of Christmas

Issued by: Trend Micro Blog

We’ve all heard the old classic, “The 12 Days of Christmas.” While we all enjoy a good song about a partridge in a pear tree, Trend Micro has updated this seasonal standby, counting down the top threats to be aware of heading into 2018, from least to most pressing. Let’s look at the vulnerabilities and potential…

Mobile Security

An analysis of 120 mobile app stores uncovers plethora of malicious apps

Issued by: Help Net Security

RiskIQ analyzed 120 mobile app stores and more than 2 billion daily scanned resources. In listing and analyzing the app stores hosting the most malicious mobile apps and the most prolific developers of malicious apps, their Q3 mobile threat landscape report documents an increase in blacklisted apps over Q2, as well as the continued issues…

Network Security

Database of 1.4 Billion Credentials Found on Dark Web

Issued by: Security Week

Researchers have found a database of 1.4 billion clear text credentials in what appears to be the single largest aggregate database yet found on the dark web. These are not from a new breach, but a compilation of 252 previous breaches, including the previous largest combo list, Exploit.in. The database was found by 4iQ on 5…