What to do in case of a global security breach
The bitter truth is, everyone in the world is vulnerable to cybercriminals. Even the biggest companies, ones that hold tons of user data, are no exception. On the contrary, they are a likely target. How vulnerable we actually are Have you ever thought about how many global security breaches took place in the past few…
Kaspersky May Have Found How Russian Hackers Stole NSA Data
Security firm Kaspersky Lab has shared preliminary results from its investigation following media reports that Russian hackers used its software to steal sensitive NSA data from a contractor’s computer back in 2015. The Wall Street Journal reported earlier this month that a threat group working for the Russian government stole information on how the U.S….
Russian Hackers Exploit Recently Patched Flash Vulnerability
The Russia-linked cyber espionage group known as APT28 has been using a recently patched Adobe Flash Player vulnerability in attacks aimed at government organizations and aerospace companies, security firm Proofpoint reported on Thursday. The Flash Player flaw in question, CVE-2017-11292, was patched by Adobe on October 16. At the time when the patch was released, the…
Tech Giants Warn of Crypto Flaw in Infineon Chips
Microsoft, Google, HP, Lenovo and Fujitsu have warned customers of a potentially serious crypto-related vulnerability affecting some chips made by German semiconductor manufacturer Infineon Technologies. TPM vulnerability allows attackers to obtain private RSA keys The flaw, tracked as CVE-2017-15361, is related to the Trusted Platform Module (TPM), an international standard designed for protecting crypto processes…
Printers: The Weak Link in Enterprise Security
Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk. PC security has become a priority for security leaders following global ransomware attacks earlier this year. If they didn’t before, everyone from CISOs to everyday consumers knows it’s a bad idea to ignore security updates or…
macOS High Sierra Update Patches Keychain Access Flaw
An update released on Thursday by Apple for its macOS High Sierra operating system patches two vulnerabilities, including one that allows malicious applications to steal passwords from the Keychain. The Keychain flaw, tracked as CVE-2017-7150, was disclosed last week by Patrick Wardle, director of research at Synack. Apple has now addressed the issue with the release of High…
Websites Hacked via Zero-Day Flaws in WordPress Plugins
Zero-day flaws affecting several WordPress plugins have been exploited by malicious actors to plant backdoors and take control of vulnerable websites. The attacks have been spotted by Wordfence, a company that specializes in protecting WordPress websites. The firm’s investigation revealed that attackers had been exploiting previously unknown vulnerabilities in three WordPress plugins.
Google Discloses Critical Wi-Fi Flaws Affecting iOS, Android
Google Project Zero has disclosed the details of two critical remote code execution vulnerabilities affecting the Broadcom Wi-Fi chips found in many Android and iOS devices. The flaws, identified as CVE-2017-11120 and CVE-2017-11121, were patched in Android on September 5 with this month’s security updates and in iOS on September 19 with the release of…
iOS 11 Patches 8 Security Vulnerabilities
Apple this week announced the availability of 8 security patches for its iPhone 5s and later, iPad Air and later, and iPod touch 6th generation users, released as part of the iOS 11 platform upgrade. The bugs affect 7 platform components, namely Exchange ActiveSync, iBooks, Mail MessageUI, Messages, MobileBackup, Safari, and WebKit. Exploitation of these…
Google Patches 81 Android Vulnerabilities With September 2017 Updates
A total of 81 security vulnerabilities have been addressed in this month’s set of security patches for the Android platform. 13 of the flaws were rated Critical severity. The security bulletin has two security patch levels, each focused on addressing vulnerabilities in specific components. The 2017-09-01 security patch level fixes a total of 30 vulnerabilities, 10 of…