Microsoft Patch Tuesday Updates Fix Over 50 Vulnerabilities
Microsoft’s Patch Tuesday updates for July 2018 address more than 50 vulnerabilities, but none of them appear to have been exploited for malicious purposes before the fixes were released. The company has classified 18 of the flaws as critical and, similar to previous months, they mostly affect the Edge and Internet Explorer web browsers. Many…
Intel Patches Security Flaws in Processor Diagnostic Tool
The Intel Processor Diagnostic Tool (IPDT) is a piece of software designed to verify the functionality of an Intel processor. It can check for brand identification and operating frequency, test specific features, and perform a stress test on the processor. The recently addressed vulnerabilities (two of which are tracked as CVE-2018-3667 and CVE-2018-3668) were found…
How to improve software vulnerability disclosure in Europe
As software gets embedded in more and more things we use every day, the problem of software vulnerability reporting and patching rises in importance. Unfortunately, only a few European countries have put vulnerability disclosure processes in place. CEPS, a think tank and forum for debate on EU affairs, has delved in the problematics, listened to…
Federal Cybersecurity Report Finds Majority of Agencies at Risk
As a number of crippling breaches have illustrated, federal government agencies and departments are frequent targets in today’s advanced attacks. The White House’s Office of Management and Budget (OMB), in partnership with the Department of Homeland Security (DHS), recently conducted a cyber risk assessment of 96 agencies across 76 metrics to measure their cyber security…
Does cyber insurance make us more (or less) secure?
If data is the new oil, then we’re looking at pelicans soaked in crude on a beach. When an oil tanker goes down or an oil rig explodes, dumping millions of gallons of petroleum into the ocean, we clean up the spill, we look for first causes, and we hold the company — even individuals…
Will blockchain power the next generation of data security?
Cryptomania is dominating conversations from Silicon Valley to Wall Street. But ‘cryptocurrency’ is only one implementation of the underlying technology innovation that has the ability to transform the way future technology products are designed and built. Of course, that technology is blockchain, the decentralized digital ledger that makes Bitcoin and other cryptocurrencies possible. First, we…
Vulnerability in GnuPG allowed digital signature spoofing for decades
A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools. About the vulnerability (CVE-2018-12020) CVE-2018-12020, dubbed “SigSpoof” by Marcus Brinkmann, the researcher which found it, arises from “weak design choices.” “The signature verification routine…
Don’t start the blockchain revolution without making security a top priority
McAfee released a report detailing the numerous cybersecurity risks associated with blockchain-based cryptocurrencies, and asserts the necessity of making cybersecurity a top priority as industry builds out the foundations for the widespread implementation of blockchain technologies. Demand for blockchain technology continues to grow among some of the most established industries worldwide, including the government, finance,…
Jump-Start Your Management of Known Vulnerabilities
Organizations must manage known vulnerabilities in web applications. When it comes to application security, the Open Web Application Security Project (OWASP) Foundation Top 10 is the primary source to start reviewing and testing applications. The OWASP Foundation list brings some important questions to mind: Which vulnerability in the OWASP Foundation Top 10 has been the…
Most businesses still struggling with mobile working and security
95 percent of surveyed organisations in the UK recognise problems with mobile and remote working, and worryingly, 18% suggest their mobile workers don’t care about security, according to Apricorn. Does mobile working equal trouble? All surveyed IT decision makers noted that they had employees who work remotely at least some of the time, with an…