Tuesday, September 25, 2018

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
TechRepublic

PCI compliance slipping for first time in 6 years, but IT remains on top

According to Verizon data, only 52.5% of companies maintained full compliance with payment card industry standards in 2017.
ZDNet

Domain registrar oversteps taking down Zoho domain, impacts over 30Mil users

Domain registrar bungle takes down the website of one of the world's largest companies.
PC Mag

This Bug Can Crash Firefox by Forcing Repeated Downloads

Security researcher Sabri Haddouche is demonstrating the flaw with a web link that'll freeze the Firefox browser when it attempts to open the page. Mozilla is working on a fix.

Fault-Tolerant Method Use for Security Purposes in New Framework

A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
ZDNet

SHEIN fashion retailer announces breach affecting 6.42 million users

Hack took place somewhere in June, but the company only discovered the breach in late August.
isBuzz

California Dem Candidate DDoS’d During Failed Primary Bid

The Rolling Stone was among outlets reporting that the website of Congressional candidate for California’s 25th District Democrat Bryan Caforio was taken down by DDoS attacks four times during his unsuccessful campaign, including critical junctures such as during a...
The Register

Microsoft ‘kills’ passwords, throws up threat manager, and APIs Graph Security

Cloud lineup gets security overhaul with 2FA and new monitoring tools Ignite  Microsoft is beefing up the security in its cloud services lineup with a handful of unveilings today at this year's Ignite conference.…
isBuzz

Vote Leave And Cambridge Analytica Linked Data Firm Hit With First Ever GDPR Notice

It was reported that the Information Commissioner’s Office (ICO) has handed the United Kingdom’s first formal General Data Protection Regulation notice to a Canadian firm linked to Cambridge Analytica, the firm behind the Facebook data scandal. AggregateIQ (AIQ) was accused of processing...

A Small Google Chrome Change Stirs a Big Privacy Controversy

The latest update to Google's browser has riled privacy advocates by appearing to log people in without their explicit permission.
isBuzz

Internet Regulator

On news on the upcoming Government whitepaper detailing a future internet regulator, SD-WAN network expert Ian McEwan (Vice President EMEA of Aryaka, leading global SD-WAN provider) commented below. Ian McEwan, Vice President EMEA at Aryaka: “We have to wait and see...
PC Mag

Google Faces Privacy Backlash Over Chrome’s ‘Forced Login’ Policy

If you sign into any Google service on Chrome 69, like Gmail, the browser will automatically log you into Chrome, too. That prompted concern that Google was collecting browser histories via the sync feature, but Google says that's not...
isBuzz

One In Four Tech Professionals Have Confidence In Their AI Deployment

Despite heightened interest in enterprise deployment of artificial intelligence, only 40 percent of respondents to ISACA’s second annual Digital Transformation Barometer express confidence that their organizations can accurately assess the security of systems based on AI and machine learning. Dr Anton Grashion, Managing...

Cybercriminals Target Kodi Media Player for Malware Distribution

A recent cryptomining campaign shows criminal ingenuity.

In Quiet Change, Google Now Automatically Logging Users Into Chrome

The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.

What Exactly is Threat Hunting – and Why Does it Matter?

Naturally, we all want to detect every threat to our network as soon as it manifests itself. That’s why we spend a ton of money every year on tools that detect things automatically. But what do we do when...
Cisco

Cisco Identity Services Engine EAP TLS Certificate Denial of Service Vulnerability

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial...
Cisco

Cisco Identity Services Engine Unauthorized Access Vulnerability

A vulnerability in the Admin portal of devices running Cisco Identity Services Engine (ISE) software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. An attacker who can connect to the Admin portal of an...
Cisco

Cisco Identity Services Engine Privilege Escalation Vulnerability

A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input...
Symantec

SYMSA1392-SA133 : Sweet32 Birthday Attack against DES, 3DES, and Blowfish

Symantec Network ProtectionSy products that use the DES, 3DES, and Blowfish symmetric encryption ciphers in long-lived encrypted SSL/TLS, SSH, or VPN connections are susceptible to the Sweet32 birthday attack.  A remote attacker with the ability to observe a long-lived...
Symantec

SYMSA1404-SA148: Linux Kernel Vulnerabilities Feb-Apr 2017

Symantec Network Protection products that include a vulnerable version of the Linux kernel are susceptible to multiple vulnerabilities.  A remote attacker, with access to the management interface, can exploit these vulnerabilities to execute arbitrary code.  The attacker can also...