Destructive Xbash Linux Malware Targets Enterprise Intranets

Tue, 18 Sep 2018 17:07:26 +0000

A newly discovered piece of Linux malware that features both ransomware and crypto-currency mining capabilities appears designed to target enterprise intranets, Palo Alto Networks security researchers say. read more

Critical Vulnerability Impacts Hundreds of Thousands of IoT Cameras

Tue, 18 Sep 2018 14:42:39 +0000

A critical vulnerability in NUUO software could allow attackers to remotely view video feeds and tamper with the recordings of hundreds of thousands of surveillance cameras, Tenable reveals. read more

iOS 12 Brings Patches for 16 Security Vulnerabilities

Tue, 18 Sep 2018 14:26:49 +0000

Apple this week officially released iOS 12, which patches various vulnerabilities in the mobile operating system (OS) and brings improved performance and other enhancements. read more

Swiss, Russian FMs to Meet Next Week on Spy Row

Tue, 18 Sep 2018 14:24:13 +0000

Switzerland's foreign minister said Monday that he will meet his Russian counterpart next week after details emerged of alleged attempts by two Russian spies to hack sensitive Swiss targets. read more

Georgia's Use of Electronic Voting Machines Allowed for Midterms

Tue, 18 Sep 2018 14:13:46 +0000

Judge Amy Totenberg ruled Monday that the state of Georgia's existing plans for the midterm elections to be conducted via some 27,000 Diebold AccuVote DRE touchscreen voting machines must stand. Her remarks, however, suggest that this should be the last time. read more

Building an Integrated IT/OT Security Program: Notes From the Field

Tue, 18 Sep 2018 14:04:40 +0000

Let’s start this column with some good news. read more

Symantec Launches Free Election Security Service

Tue, 18 Sep 2018 13:28:13 +0000

Symantec on Tuesday announced the launch of a new service that aims to make elections more secure by helping candidates and political organizations improve their security posture and detect fake websites. read more

Facebook Offers Rewards for Access Token Exposure Flaws

Tue, 18 Sep 2018 09:43:25 +0000

Facebook announced on Monday that it has expanded its bug bounty program to introduce rewards for reports describing vulnerabilities that involve the exposure of user access tokens. read more

Altaba Settles Yahoo Breach Lawsuits for $47 Million

Tue, 18 Sep 2018 05:08:32 +0000

Altaba, the investment company that resulted from Verizon’s $4.5 billion acquisition of Yahoo’s Internet business last year, has agreed to settle consumer class action lawsuits triggered by the massive data breaches suffered by Yahoo in the past years. read more

Code Execution in Alpine Linux Impacts Containers

Tue, 18 Sep 2018 00:33:21 +0000

A security researcher discovered several vulnerabilities in Alpine Linux, a distribution commonly used with Docker, including one that could allow for arbitrary code execution.  Based on musl and BusyBox, the Alpine Linux distribution has a small size and is heavily used in containers, including Docker, as it provides fast boot times.  read more

Expectations for CISOs Have Changed

Mon, 17 Sep 2018 17:46:58 +0000

There was a time once when CISOs could dazzle or dominate every conversation with the board or senior management – they were the high priests of a technology that no one outside the cubicles of the IT group could understand. The inside joke was that all it took was FUD – Fear, Uncertainty and Doubt – to win budget.  A heat map with some angry red zones was a good visual aid. read more

EternalBlue-Vulnerable Systems Serially Infected

Mon, 17 Sep 2018 17:05:02 +0000

Windows machines that haven’t been patched against the National Security Agency-linked EternalBlue exploit are stuck in an endless loop of infection, Avira warns. read more

Ransomware Disrupts Flight Boards at U.K. Airport

Mon, 17 Sep 2018 15:51:34 +0000

Bristol Airport in the United Kingdom was hit recently by a ransomware incident that caused disruption to flight information display systems, forcing staff to resort to whiteboards and markers. read more

The Art of (Cyber) War: How Adversarial Thinking Strengthens Cybersecurity

Mon, 17 Sep 2018 15:48:31 +0000

Cybersecurity is unique compared to most other business operations, even most IT operations. Unlike marketing or network management—both of which tackle difficult and ever-changing challenges in the business operating environment—cybersecurity pits defenders against intelligent, creative and deliberate opponents.  read more

CISOs and the Quest for Cybersecurity Metrics Fit for Business

Mon, 17 Sep 2018 14:46:49 +0000

read more

Wisconsin Officials Prepare for Potential Election Hackers

Mon, 17 Sep 2018 14:02:31 +0000

A private vendor inadvertently introduces malware into voting machines he is servicing. A hacker hijacks the cellular modem used to transmit unofficial Election Day results. An email address is compromised, giving bad actors the same access to voting software as a local elections official. read more

Amazon Probing Staff Data Leaks

Mon, 17 Sep 2018 13:19:17 +0000

Amazon is investigating allegations that some of its staff sold confidential customer data to third party companies particularly in China, the online giant confirmed on Sunday. read more

New Bill Aims to Address Cybersecurity Workforce Shortage

Mon, 17 Sep 2018 11:10:49 +0000

A bill introduced last week by U.S. Rep. Jacky Rosen (D-Nev.) aims to address the cybersecurity workforce shortage through a grant for apprenticeship programs. read more

Google's Android Team Finds Serious Flaw in Honeywell Devices

Mon, 17 Sep 2018 06:27:29 +0000

Members of Google’s Android team discovered that some of Honeywell’s Android-based handheld computers are affected by a high severity privilege escalation vulnerability. The vendor has released software updates that should address the flaw. read more