Thursday, July 19, 2018

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.

Financial Industry Insiders Put the Keys to the Kingdom at Risk

Monitoring for Illicit Insider Activity Shouldn’t Focus Exclusively on Dark Web and Criminal Forums read more

Trends in malware – ransomware, cryptojacking, what next? [PODCAST]

Catch up with Day 3 of our Security SOS Week - here's the third episode of our week-long online security summit.

Microsoft offers up to $100,000 to identity bug finders

Want to earn $100,000? You could win as much as that if you manage to uncover a serious vulnerability in Microsoft’s various identity services. Read more in my article on the Hot for Security blog.

Automated money-laundering scheme found in free-to-play games

The scammers automatically created iOS accounts with valid email accounts, then automatically used stolen cards to buy and resell stuff.

British Airways cancelled flights at Heathrow after ‘IT system issue’

Thousands of British Airways passengers left stranded at Heathrow airport following incident The post British Airways cancelled flights at Heathrow after ‘IT system issue’ appeared first on WeLiveSecurity

Venmo users: time to hide your drug deals and excessive pizza consumption

To its fans, Venmo is a hassle-free P2P app that lets anyone living in the US send money to friends, split a restaurant bill, pay for a ride on Uber, or buy a hotel room. To the security conscious,...

Review: Predictively locking down security with Balbix

If cybersecurity defenders could accurately predict when and how future attacks against their networks would take place, it would be a lot easier for organizations to commit their limited resources where they could do the most good. But there...

ABB to Patch Code Execution Flaw in HMI Tool

Swiss industrial tech company ABB is working on a patch for a serious arbitrary code execution vulnerability affecting one of its engineering tools. read more

Smashing Security #087: How Russia hacked the US election

Regardless of whether Donald Trump believes Russia hacked the Democrats in the run-up to the US Presidential election or not, we explain how they did it. And Carole explores some of the creepier things being done in the name...

Airbus UK infosec gros fromage: Yep, we work with arch-rivals Boeing

Says firm's airliners designed with security foremost in mind Airbus's UK infosec chief, Ian Goslin, has said that cyber-attack attribution is a matter for "nation states" – and has questioned whether some critical national infrastructure companies are taking the...

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Presently sponsored by: Matchlight by Terbium Labs: Know when your exact data appears on the dark web. Schedule a meeting during Black Hat to learn more!Two of my favourite developer things these days are Azure Functions and Cloudflare Workers....

Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products

Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal...

Cisco Finds Serious Flaws in Policy Suite, SD-WAN Products

Cisco informed customers on Wednesday that it has found and patched over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. read more

Broker accused of netting $5m on inside info about Lattice Semiconductor

Chinese broker faces prison, if he's ever found in US juristiction An investor from China is being charged with insider trading in the US after using insider information from Lattice Semiconductor to turn a massive profit on Wall Street.…

Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs

Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.

Cisco Webex Network Recording Players Denial of Service Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via...

Cisco Policy Suite Policy Builder Database Unauthenticated Access Vulnerability

A vulnerability in the Policy Builder database of Cisco Policy Suite could allow an unauthenticated, remote attacker to connect directly to the Policy Builder database. The vulnerability is due to a lack of authentication. An attacker could exploit this vulnerability...

Cisco SD-WAN Solution Local Buffer Overflow Vulnerability

A vulnerability in the configuration and monitoring service of the Cisco SD-WAN Solution could allow an authenticated, local attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due...

Cisco Cloud Services Platform 2100 Web Upload Function Code Injection Vulnerability

A vulnerability in the web upload function of Cisco Cloud Services Platform 2100 could allow an authenticated, remote attacker to obtain restricted shell access on an affected system. The vulnerability is due to insufficient input validation of parameters passed to...

Cisco Webex Network Recording Players Remote Code Execution Vulnerabilities

Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via...