flaw Archives - Cyber Security Minute

4 best practices for managing and tracking SSL and TLS certificates

Issued by: CSO

Most of us take Secured Sockets Layer (SSL) and Transport Layer Security (TLS) for granted, but over time the use of SSL and TLS certificates has dramatically changed. Once, only websites that handled secure transactions provided protection with an SSL certificate. Now search engines demand everything is protected with certificates. Because attackers have used weaknesses…

Malware & Threats

Windows Defender Immune to AVGater Quarantine Flaw: Microsoft

Issued by: Security Week

A recently disclosed vulnerability that allows an attacker to abuse the quarantine feature of anti-virus products to escalate privileges doesn’t affect Windows Defender, Microsoft says. Dubbed AVGater, the new attack method relies on a malicious DLL being quarantined by an anti-virus product and then abuses the security program’s Windows process to restore the file.

Application Security

Slack bug paved the way for a hack that can steal user access

Issued by: CIO Security

One bug in Slack, the popular work chat application, was enough for a security researcher to design a hack that could trick users into handing over access to their accounts. Bug bounty hunter Frans Rosen noticed he could steal Slack access tokens to user accounts due to a flaw in the way the application communicates…

Vulnerabilities

Google Discloses Unpatched Windows GDI Vulnerability

Issued by: Security Week

An unpatched vulnerability affecting the Windows Graphics Device Interface (Windows GDI) was publicly disclosed last week after Microsoft failed to address it within 90 days after being notified. The issue was disclosed by Mateusz Jurczyk, an engineer with Google’s Project Zero team, who initially discovered it along with other bugs in the user-mode Windows GDI…

Network Security

ICS Networks at Risk Due to Flaw in Schneider PLC Simulator

Issued by: Security Week

On Tuesday, at SecurityWeek’s 2016 ICS Cyber Security Conference, Indegy CTO Mille Gandelsman disclosed a vulnerability found by the company in Unity Pro, a Windows-based programming, debugging and operating software for Schneider’s programmable logic controllers (PLCs). Unity Pro, typically deployed on engineering workstations, includes a PLC simulator component that allows users to test applications without…