Thursday, July 19, 2018

LATEST

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

Trends in malware – ransomware, cryptojacking, what next? [PODCAST]

Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.

Trends in malware – ransomware, cryptojacking, what next?

When it comes to learning about the latest trends in malware, there's no one we'd rather talk to than SophosLabs Principal Researcher Fraser Howard. Join us as Fraser explains how to "know your enemies" so you can fight them...

British Airways cancelled flights at Heathrow after ‘IT system issue’

Thousands of British Airways passengers left stranded at Heathrow airport following incident The post British Airways cancelled flights at Heathrow after ‘IT system issue’ appeared first on WeLiveSecurity

Venmo users: time to hide your drug deals and excessive pizza consumption

To its fans, Venmo is a hassle-free P2P app that lets anyone living in the US send money to friends, split a restaurant bill, pay for a ride on Uber, or buy a hotel room. To the security conscious,...

Review: Predictively locking down security with Balbix

If cybersecurity defenders could accurately predict when and how future attacks against their networks would take place, it would be a lot easier for organizations to commit their limited resources where they could do the most good. But there...

ABB to Patch Code Execution Flaw in HMI Tool

Swiss industrial tech company ABB is working on a patch for a serious arbitrary code execution vulnerability affecting one of its engineering tools. read more

Smashing Security #087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name...

Shorts, Crocs, & Dress Socks – Enterprise Security Weekly #99

This week, Paul interviews John Moran, Senior Product Manager of DFLabs to talk about SOAR! Paul and John will then wrap up with the Enterprise News to give updates on McAfee, ThreatConnect, Optiv Security, CA Technologies, and more on...

Airbus UK infosec gros fromage: Yep, we work with arch-rivals Boeing

Says firm's airliners designed with security foremost in mind Airbus's UK infosec chief, Ian Goslin, has said that cyber-attack attribution is a matter for "nation states" – and has questioned whether some critical national infrastructure companies are taking the...

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Schedule a meeting during Black Hat to learn more!Two of my favourite developer things these days are Azure Functions and Cloudflare Workers....

Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products

Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal...

2015-025-BsidesSPFD, threathunting, assessing risk

Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD,...

Cisco Finds Serious Flaws in Policy Suite, SD-WAN Products

Cisco informed customers on Wednesday that it has found and patched over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. read more

ISC StormCast for Thursday, July 19th 2018

Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/Oracle Quarterly Critical Patch

087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the...

Broker accused of netting $5m on inside info about Lattice Semiconductor

Chinese broker faces prison, if he's ever found in US juristiction An investor from China is being charged with insider trading in the US after using insider information from Lattice Semiconductor to turn a massive profit on Wall Street.…

Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs

Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.

Why Defending Insider Threats Takes More than Just Technology

Insider threats can pose a serious risk to security. Yet out of approximately 250 professionals surveyed by Varonis1, as many as 24% have no breach detection capabilities and 40% are not able to detect when files containing sensitive data...

Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability

A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect bounds checks for certain values...

Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via...

Cisco SD-WAN Solution Remote Code Execution Vulnerability

A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system. The...

Cisco Webex Network Recording Players Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via...
530FollowersFollow

LEADERS

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Smashing Security #087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name...

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Schedule a meeting during Black Hat to learn more!Two of my favourite developer things these days are Azure Functions and Cloudflare Workers....

£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder

The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 for revealing identities of abuse victims in a mass email.

Elon Musk retracts vile Twitter accusation against cave rescuer

Tesla chief Elon Musk retracts his unfounded allegations against man who helped boys escape from a Thai cave, but scammers are given another opportunity to strike.