It’s Time to Bring Cloud Environments Out of the Shadows
The speed and scale of cloud computing has provided companies around the globe with more flexibility, lower overhead costs and quicker time to value for a wide variety of applications. While the business value of cloud adoption is undebatable, this rapid transition can leave security teams in the dark and sensitive information exposed.
Hackers Can Abuse Text Editors for Privilege Escalation
Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some…
Chip Cards Lead to 70% Drop in Counterfeit Fraud: Visa
The adoption of chip-and-PIN card technology by an increasing number of merchants in the United States has led to a significant drop in cases of counterfeit card fraud, according to Visa. The financial industry has been pushing for the adoption of EMV (Europay, MasterCard, Visa) card technology in the United States since 2011, and efforts…
Top Experts Warn Against ‘Malicious Use’ of AI
Artificial intelligence could be deployed by dictators, criminals and terrorists to manipulate elections and use drones in terrorist attacks, more than two dozen experts said Wednesday as they sounded the alarm over misuse of the technology. In a 100-page analysis, they outlined a rapid growth in cybercrime and the use of “bots” to interfere with…
7 steps security leaders can take to deal with Spectre and Meltdown
Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer…
Cisco Aware of Attacks Exploiting Critical Firewall Flaw
Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. No other information has been provided by the networking giant, but it’s worth noting that aproof-of-concept (PoC) exploit designed to cause a denial-of-service (DoS) condition on devices running…
Asus Router Flaws Disclosed by Several Researchers
Several security researchers and companies have recently disclosed the details of potentially serious vulnerabilities they discovered in the past months in various Asus routers. Fortinet reported on Tuesday that its researchers had found a vulnerability in some Asus routers that allows an authenticated attacker to execute arbitrary commands with root privileges.
Insurers, Nonprofits Most Likely to Fall for Phishing: Study
The employees of insurance companies and non-profit organizations are most likely to fall for phishing attacks, according to a study conducted by security awareness training firm KnowBe4. KnowBe4’s study is based on data collected from six million users across 11,000 organizations. The company has tested users at three stages: before any awareness training, after 90…
Gemalto Licensing Tool Exposes ICS, Corporate Systems to Attacks
A significant number of industrial and corporate systems may be exposed to remote attacks due to the existence of more than a dozen vulnerabilities in a protection and licensing product from Gemalto. Gemalto Sentinel LDK is a software licensing solution used by many organizations worldwide on both their enterprise and industrial control systems (ICS) networks….
CISOs are feeling less confident than ever about cyber risk and data security
Chief Information Security Officers are feeling less confident than ever about cyber-risk and data security this year, according to a survey conducted by Ponemon Institute in late 2017. As today’s climate of high-profile data breaches continues, 67% of respondents believe their companies are more likely to fall victim to a cyberattack or data breach in 2018….