0 Comments
by John E Dunn Drupal’s maintainers have handed users of the popular content management system (CMS) some urgent patching homework in the form of five security vulnerabilities, including two rated ‘critical’. The headline here is simple: do not ignore Drupal updates or they’re likely to come back and bite you. Two critical flaws Both critical
0 Comments
SoftBank Group has become the latest high profile technology business to drop out of an investment conference in Saudi Arabia following the snowballing global outcry over the killing of journalist, Jamal Khashoggi. The Wall Street Journal reports the last minute cancelation by CEO Masayoshi Son of a speaking engagement at the Future Investment Initiative conference which opens in
0 Comments
Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM’s X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind mobile security operations center. With a focus on delivering response training and preparedness, onsite cybersecurity support and education and awareness,
0 Comments
Every now and again security researchers stumble on the sort of bad security flaw that reminds us how innocuous-looking aspects of web development can suddenly turn dangerously hostile. An unnerving example is a vulnerability that Akamai’s Larry Cashdollar stumbled on earlier this year after encountering the hugely popular file upload plugin, jQuery File Upload, used
0 Comments
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6
0 Comments
The Facebook hack may be the work of spammers, not a nation-state affiliated group, according to a report. The Wall Street Journal reported earlier this week that, according to anonymous sources familiar with Facebook Inc.’s internal investigation, the hack of 30 million users was the work of spammers, not a nation-state as previously assumed. Facebook
0 Comments
Security researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server and client share a state machine, so packets designed only to be processed by and update the client state can update the server
0 Comments
Today McAfee, the device-to-cloud cybersecurity company, announced the winners of its distinguished Partner Awards. The awards ceremony, hosted at McAfee’s Americas Partner Summit in Las Vegas, recognized partners who demonstrated the embodiment of three foundational pillars of the McAfee Partner Program: strategic relationships, profitable partnerships and driving better customer outcomes. Partners received awards based on
0 Comments
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems
0 Comments
An explosive report in The New York Times this weekend sheds new light on the apparent targeting of Twitter accounts by “state-sponsored actors” three years ago. It comes in the wake of the confirmed death of Washington Post journalist Jamal Khashoggi on Friday, two weeks after he disappeared in the Saudi consulate in Istanbul. Khashoggi
0 Comments
A survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it comes to oversight of electronic communications, according to Smarsh. Results of the 40-question survey were released this week in the Electronic Communications Compliance Survey
0 Comments
Customers see their admin credentials stolen and their servers infected with Linux/ChachaDDoS In recent months, numerous users of VestaCP, a hosting control panel solution, have received warnings from their service providers that their servers were using an abnormal amount of bandwidth. We know now that these servers were in fact used to launch DDoS attacks. Analysis
0 Comments
Author: Dell SecureWorks Counter Threat Unit™ Threat Intelligence Date: 12 May 2015 Summary In early February 2015, Dell SecureWorks Counter Threat Unit™ (CTU™) researchers investigated a new file-encrypting ransomware family named TeslaCrypt, which was distributed by the popular Angler browser exploit kit. After encrypting popular file types with the AES-256 encryption algorithm, TeslaCrypt holds the
0 Comments
Despite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in a data breach, according to GazetteXtra. Between April 2008 and January 2009, electronic records containing social security numbers, dates of birth and
0 Comments
Cybersecurity threats are growing in both number and strength day by day, making it almost impossible for any one person or organization to maintain a secure environment. This threat is potent, often indiscriminate, and puts both organizations and consumers at risk. Protection, therefore, requires an equally powerful and robust response. But building a strong response
0 Comments
What are the emotional triggers and errors in judgment that make you fall for an online scam? Con artists have been plying their trade since time immemorial, but the internet opened the floodgates to a whole new level of fraud. It has allowed fraudsters to take aim at an endless number of victims and at
0 Comments
Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application
0 Comments
Startup funding hasn’t changed much in the past decade. Funderbeam is an interesting company trying to turn everything upside down using a marketplace approach, a modern syndication system and a blockchain-based platform. I’m excited to announce that Funderbeam founder and CEO Kaidi Ruusalepp will come to TechCrunch Disrupt Berlin. The first boom of venture capital
0 Comments
After wrestling with the development of a technology that would create a three dimensional map of the physical world for over a decade, the team at 6D.ai is finally ready to open up its toolkit to developers that the company says has done exactly that. When company chief executive Matt Miesnieks announced the launch of
0 Comments
A libSSH vulnerability that went undisclosed for nearly five years can give malicious actors an easy access to administrative control over devices through SSH server processes. Peter Winter-Smith, security consultant at NCC Group, discovered the authentication bypass flaw (CVE-2018-10933) in libSSH — a library used to implement the SSH protocol in both client and server