Tuesday, October 23, 2018
SecurityWeek

Japan Orders Facebook to Improve Data Protection

The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide. read more

If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?

According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
The Register

jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites

Flaw present for the past eight years, easy to exploit, and there are thousands of forks A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to...

Watch how a Tesla Model S was stolen with just a tablet

Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away. (But only after they struggled to unplug it.)

Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition

Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.

BrandPost: The Answer to Cyber Threats: People or Technology?

A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year. Compounding this issue: the volume of cyberattacks continue to increase, and...

BrandPost: Know the Facts – Today’s Cyberthreat Landscape

In the last two years, 48% of companies have experienced a data breach, and the severity and volume of cyberattacks continue to increase. A global survey of nearly 3,000 cybersecurity professionals shows that organizations can dramatically reduce the risk...
SC Magazine

State of security: Missouri

Who’s in charge: Secretary of State John R. Ashcroft Security in action: Missouri recently held a National Election Security Summit in St. Louis to discuss and share best practices as well as usable steps to mitigate threats and vulnerabilities concerning...
SC Magazine

State of security: Utah

Who’s in charge:  Lieutenant Governor Spencer Cox,  Director of Elections Justin Lee Security in action: Utah uses a vote by mail system in all but two counties (Carbon and Emery). The two outliers instead use direct-recording electronic (DRE) voting machines that...

US Tops Global Malware C2 Distribution

The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.

This Platform Is Making Management of Apple Devices Easy

Whether you’re just getting your small business off the ground or growing an already successful venture, onboarding and maintaining your employees’ tech gadgets are important steps. Unfortunately, IT can be expensive — and out of the question for many...
Errata Security

Some notes for journalists about cybersecurity

The recent Bloomberg article about Chinese hacking motherboards is a great example to talk about the problems with journalism.Journalism is about telling the truth, not a close approximation of the truth,  but the true truth.Take, for example, a recent...
ZDNet

Mozilla announces ProtonVPN partnership in attempt to diversify revenue stream

Selected Firefox users will be able to purchase a ProtonVPN version for $10. Some of the money will go to support Mozilla and Firefox.
SC Magazine

Amazon patches IoT and critical infrastructure security flaws

Amazon patched 13 security flaws affecting the operating systems of its IoT devices and Amazon Web Services (AWS) connection modules putting smart homes and critical infrastructure alike at risk. Researchers at Zimperium identified the CVE vulnerabilities which included four remote...
SC Magazine

Updated Azorult malware for sale on the Dark Web

A new and improved version of the info stealer and malware downloader Azorult was spotted being distributed by the RIG exploit kit. Check Point researchers report the malware has been heavily upgraded, version 3.3 as labeled by its creators, and...
The Register

Get patching, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking

AWS-stewarded platform has multiple remote code security vulnerabilities Serious security flaws in FreeRTOS – an operating system kernel used in countless internet-connected devices and embedded electronics – can be potentially exploited over the network to commandeer kit.…

2018 State of Cyber Workforce

Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.

UK, US to Sign Accord on AI, Cybersecurity Cooperation

Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.
Brian Krebs

Who Is Agent Tesla?

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license...
SecurityWeek

Cisco, F5 Networks Investigate libssh Vulnerability Impact

Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations. read more

FTC Promotes International Charity Fraud Awareness Week

Original release date: October 22, 2018The Federal Trade Commission (FTC) has released an announcement promoting the first International Charity Fraud Awareness Week (ICFAW). FTC, the National Association of State Charities Officials, and state and international partners coordinated this effort...
F5 Networks

Apache LDAP vulnerability CVE-2018-1337

Apache LDAP vulnerability CVE-2018-1337. Security Advisory. Security Advisory Description. In Apache LDAP API before ...
F5 Networks

Python vulnerability CVE-2014-9365

Python vulnerability CVE-2014-9365. Security Advisory. Security Advisory Description. The HTTP clients in the (1) httplib ...
Cisco

Cisco Wireless LAN Controller Software Control and Provisioning of Wireless Access Points Protocol Denial of Service Vulnerability

A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol component of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.   The vulnerability is due to...
Symantec

SYMSA1461-Symantec Messaging Gateway Multiple Issues

Symantec has released an update to address issues that were discovered in the Symantec Messaging Gateway product.