These Were the Most Common Passwords Used in 2016
Although weak and commonly used passwords have long been one of the most used venues to compromise accounts, they remain at the top of the most popular passwords charts, a recent Keeper Security report reveals. Last year’s mega-breaches once again brought to the spotlight the long-lasting issue of weak passwords, but users remained deaf to…
Eight Vulnerabilities Patched in WordPress
Eight security flaws and 62 bugs have been addressed with the release of WordPress 4.7.1 on Wednesday. The latest update for the content management system (CMS) has been classified as a security release. The list of vulnerabilities fixed this week includes the recently disclosed remote code execution flaw affecting PHPMailer. While WordPress Core and the…
Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 & 6P Custom Bootmodes,” discusses this vulnerability as well as CVE-2016-6678.
7 tips for better security awareness training sessions
At their worst, security awareness training sessions are boring wastes of time, both for employees and the IT people responsible for them. At their best, however, they are interactive, discussion-driven, and genuinely helpful opportunities to raise security issues and lay the groundwork for better habits. How do you steer your own training sessions closer to…
FTC Seeks Tools for Securing Home IoT Devices
The U.S. Federal Trade Commission (FTC) announced on Wednesday the launch of a contest that aims to find solutions for securing the Internet of Things (IoT) devices deployed in consumers’ homes. The IoT Home Inspector Challenge seeks a technical solution for addressing vulnerabilities in IoT devices. The FTC said the tool can be a physical…
IDG Contributor Network: Best and worst online retailers for security
The holiday shopping season is over, but the quest for improved security continues Image by Thinkstock A majority of consumers chose to skip the crowds and knocked out their shopping list online this year. The bargain-seeking shoppers were in full force, according to Adobe, which noted that consumers spent more than $5 billion online by…
How to make sure your data doesn’t crash and burn
The dangers of public Wi-Fi are already well known, but the security issues of in-flight Internet connection are still somewhat obscure. Typically there’s no password protection on the Wi-Fi connection, so persons with malicious intent can intercept data that’s being transmitted on the wireless network quite easily. Airplanes are unique hacking grounds more dangerous than…
Critical RCE Flaw Patched in PHPMailer
The developers of PHPMailer have patched a critical vulnerability that can be exploited by a remote attacker for arbitrary code execution, a researcher said on Sunday. With millions of installations, PHPMailer is considered the world’s most popular email creation and transfer class for PHP. It has been used by several major open-source projects, including WordPress,…
Attackers Targeting Retail Are Shopping for Low-Hanging Fruit
The end of the year is often a time of reflection. What went wrong? What went right? If you’re a retailer that experienced a security breach in 2016, you’re likely reflecting on what went wrong and seeking to identify the gaps in your security landscape. Why? Because breaches are costly. In fact, the Ponemon Institute’s…
Cisco CloudCenter Orchestrator Flaw Exploited in Attacks
Cisco has warned customers about a critical privilege escalation vulnerability that has been exploited against Cisco CloudCenter Orchestrator (CCO) systems. Cisco CloudCenter is a hybrid cloud management platform with two primary components: CloudCenter Manager, the interface utilized by users and administrators, and CloudCenter Orchestrator, which automates application deployment and infrastructure provisioning and configuration. CCO was…