Vulnerabilities

Vulnerabilities

Issued by: CSO

How to make sure your data doesn’t crash and burn

The dangers of public Wi-Fi are already well known, but the security issues of in-flight Internet connection are still somewhat obscure. Typically there’s no password protection on the Wi-Fi connection, so persons with malicious intent can intercept data that’s being transmitted on the wireless network quite easily. Airplanes are unique hacking grounds more dangerous than…

Vulnerabilities

Issued by: Security Week

Critical RCE Flaw Patched in PHPMailer

The developers of PHPMailer have patched a critical vulnerability that can be exploited by a remote attacker for arbitrary code execution, a researcher said on Sunday. With millions of installations, PHPMailer is considered the world’s most popular email creation and transfer class for PHP. It has been used by several major open-source projects, including WordPress,…

Cloud Security, Vulnerabilities

Issued by: Security Week

Cisco CloudCenter Orchestrator Flaw Exploited in Attacks

Cisco has warned customers about a critical privilege escalation vulnerability that has been exploited against Cisco CloudCenter Orchestrator (CCO) systems. Cisco CloudCenter is a hybrid cloud management platform with two primary components: CloudCenter Manager, the interface utilized by users and administrators, and CloudCenter Orchestrator, which automates application deployment and infrastructure provisioning and configuration. CCO was…

Vulnerabilities

Issued by: CIO Security

Privacy groups complain to FTC over Google’s ‘deceptive’ policy change

Privacy groups have complained to the Federal Trade Commission that Google is encroaching on user privacy through a policy change in June that allows it to combine personally-identifiable information with browsing data collected by its DoubleClick digital advertising service. The complaint by Consumer Watchdog and Privacy Rights Clearing House alleged that Google has created “super-profiles”…

Vulnerabilities

Issued by: CSO

Medical data: Accessible and irresistible for cyber criminals

How valuable is personal healthcare data? Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods. McAfee, now a division of Intel Security, reported recently that the price for an individual medical…

Vulnerabilities

Issued by: Blog Malwarebytes

A closer look at a tech support screen locker

In this blog post, we are going to take a closer look at some of the code that the most predominant family of tech support screen lockers are currently using to frustrate their victims. This, which is dubbed VinCE because of the Program folder it creates for itself, is compiled in Microsoft Intermediate Language (MSIL),…

Vulnerabilities

Issued by: Security Week

Microsoft Patches Several Publicly Disclosed Flaws

Microsoft’s December 2016 Patch Tuesday updates include a total of 12 critical and important security bulletins that resolve vulnerabilities in Windows, Office, Internet Explorer and Edge. Several of the vulnerabilities patched this week have already been publicly disclosed. For instance, the critical bulletin MS16-144 fixes eight remote code execution, security bypass and information disclosure flaws….

Vulnerabilities

Issued by: CSO

IDG Contributor Network: Putting the privacy into cybersecurity at DHS

Security and privacy have an awful lot in common; both disciplines care deeply about the confidentiality of personally identifiable information. Attend a cyber-security conference or a privacy conference, you are likely to hear the same catch phrases “[Security/privacy] is best addressed at the earliest stages of system development, not at the end when retrofitting requirements…