Trending Now
LATEST
Financial Industry Insiders Put the Keys to the Kingdom at Risk
Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums
read more
Trends in malware – ransomware, cryptojacking, what next? [PODCAST]
Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.
Microsoft offers up to $100,000 to identity bug finders
Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services.
Read more in my article on the Hot for Security blog.
Automated money-laundering scheme found in free-to-play games
The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.
Trends in malware – ransomware, cryptojacking, what next?
When it comes to learning about the latest trends in malware, there's no one we'd rather talk to than SophosLabs Principal Researcher Fraser Howard. Join us as Fraser explains how to "know your enemies" so you can fight them...
British Airways cancelled flights at Heathrow after ‘IT system issue’
Thousands of British Airways passengers left stranded at Heathrow airport following incident
The post British Airways cancelled flights at Heathrow after ‘IT system issue’ appeared first on WeLiveSecurity
Venmo users: time to hide your drug deals and excessive pizza consumption
To its fans, Venmo is a hassle-free P2P app that lets anyone living in the US send money to friends, split a restaurant bill, pay for a ride on Uber, or buy a hotel room. To the security conscious,...
Review: Predictively locking down security with Balbix
If cybersecurity defenders could accurately predict when and how future attacks against their networks would take place, it would be a lot easier for organizations to commit their limited resources where they could do the most good. But there...
ABB to Patch Code Execution Flaw in HMI Tool
Swiss industrial tech company ABB is working on a patch for a serious arbitrary code execution vulnerability affecting one of its engineering tools.
read more
Smashing Security #087: How Russia hacked the US election
Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name...
Shorts, Crocs, & Dress Socks – Enterprise Security Weekly #99
This week, Paul interviews John Moran, Senior Product Manager of DFLabs to talk about SOAR! Paul and John will then wrap up with the Enterprise News to give updates on McAfee, ThreatConnect, Optiv Security, CA Technologies, and more on...
Airbus UK infosec gros fromage: Yep, we work with arch-rivals Boeing
Says firm's airliners designed with security foremost in mind Airbus's UK infosec chief, Ian Goslin, has said that cyber-attack attribution is a matter for "nation states" – and has questioned whether some critical national infrastructure companies are taking the...
Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers
Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Schedule a meeting during Black Hat to learn more!Two of my favourite developer things these days are Azure Functions and Cloudflare Workers....
Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products
Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products.
The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite.
The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal...
2015-025-BsidesSPFD, threathunting, assessing risk
Sorry, this week's show took an odd turn, and we don't have much in the way of show notes... Ms. Berlin is recovering from knee surgery, and we wish her a speedy recovery. Bryan B. got back from BsidesSPFD,...
Cisco Finds Serious Flaws in Policy Suite, SD-WAN Products
Cisco informed customers on Wednesday that it has found and patched over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products.
read more
ISC StormCast for Thursday, July 19th 2018
Increase in scans for port 15454 https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/Oracle Quarterly Critical Patch
087: How Russia hacked the US election
Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the...
Broker accused of netting $5m on inside info about Lattice Semiconductor
Chinese broker faces prison, if he's ever found in US juristiction An investor from China is being charged with insider trading in the US after using insider information from Lattice Semiconductor to turn a massive profit on Wall Street.…
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
Why Defending Insider Threats Takes More than Just Technology
Insider threats can pose a serious risk to security. Yet out of approximately 250 professionals surveyed by Varonis1, as many as 24% have no breach detection capabilities and 40% are not able to detect when files containing sensitive data...
Cisco SD-WAN Solution Zero Touch Provisioning Denial of Service Vulnerability
A vulnerability in the Zero Touch Provisioning service of the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
The vulnerability is due to incorrect bounds checks for certain values...
Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via...
Cisco SD-WAN Solution Remote Code Execution Vulnerability
A vulnerability in the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary code with vmanage user privileges or cause a denial of service (DoS) condition on an affected system.
The...
Cisco Webex Network Recording Players Denial of Service Vulnerabilities
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via...
LEADERS
Microsoft offers up to $100,000 to identity bug finders
Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services.
Read more in my article on the Hot for Security blog.
Smashing Security #087: How Russia hacked the US election
Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name...
Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers
Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Schedule a meeting during Black Hat to learn more!Two of my favourite developer things these days are Azure Functions and Cloudflare Workers....
£200,000 fine for exposing possible child abuse victims in classic Cc/Bcc email blunder
The Independent Inquiry into Child Sexual Abuse (IICSA) has been fined £200,000 for revealing identities of abuse victims in a mass email.
Elon Musk retracts vile Twitter accusation against cave rescuer
Tesla chief Elon Musk retracts his unfounded allegations against man who helped boys escape from a Thai cave, but scammers are given another opportunity to strike.
