Saturday, January 19, 2019

Temporary micropatch available for zero-day Windows exploit

Microsoft has left two publicly known vulnerabilities unpatched in Windows this month, but researchers have stepped in and created temporary patches that can be easily applied to protect systems until an official fix becomes available.During the last two weeks...

Get 3 Years of NordVPN Service for Just $2.99 Per Month – Deal Alert

NordVPN promises a private and fast path through the public internet, with no logs, unmetered access for 6 simultaneous devices and access to 5,232 servers worldwide. They are currently running a promotion, but you'll have to use this link...

Rocke coinminer disables cloud protection agents

A group of hackers that specializes in infecting servers with cryptocurrency mining software has started disabling security software agents used in cloud environments to evade detection. Known as Rocke in the security industry, the group has been active since...

Hook Up Your Business with Award-Winning Video Conferencing For As Little As $19.99/mo

If you’re still using a business landline, you’re likely not doing much business in 2018. Video conferencing is as commonplace as sending an email, and remote team members are increasing by the minute, making internet-based communication systems essential for...

Security executives on the move and in the news

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for...

BrandPost: Do Not Underestimate the Challenge of Securing SD-WAN

Historically, the branch office of an organization was the red-headed stepchild of the network. Locally cached data tended to be out of date and connections to the central data center were often slow and unreliable. This was fine when...

Building your forensic analysis toolset

A solid toolset is at the core of any successful digital forensics program. Although every toolset is different depending on an organization’s needs, some categories should be in all forensics toolkits. Two near encyclopedic sources provide listings of these...

I can get and crack your password hashes from email

A few months ago, I participated in a public debate on password policy with my co-worker and friend, Kevin Mitnick. It was a heated back and forth discussion, with Kevin arguing for far longer passwords than most expert sources,...

How to enable audit logs in Microsoft Office 365

Ensuring that audit logs are enabled for Microsoft Office 365 can help you investigate and determine exactly how, why, when and possibly who did what (including, but not limited to, questions from management) when conducting forensic investigations of attacks....

Why AI-based threat detection hasn’t taken over the market … yet

According to Nicole Eagan, CEO of software company DarkTrace, only two out of every ten cybersecurity experts typically embrace artificial intelligence (AI) as a key component of threat detection. The others, she explains, tend to be "totally resistant" or...

IDG Contributor Network: Breaches, market volatility and the government shutdown: Security in the crosshairs

Last year ended with a number of high profile data breaches, tech stocks taking a massive tumble and the start of what has been to date the longest government shutdown on record. Marriott International’s Starwood reservation system was hacked...

Police can’t force you to unlock your phone with face, finger or any biometrics

Hey, hey, there’s actually some good news for privacy! A judge in California ruled that feds can’t force people to unlock their smartphones with a finger or thumbprint, facial recognition, or even an iris. Although the government had shown...

Three encrypted Slack alternatives worth a look

It might come as a surprise that Slack, the ubiquitous collaboration tool that found success by slapping a slick GUI on top of IRC, is not end-to-end encrypted, creating a mounting pile of sensitive data on Slack's servers —...

How cyber competitions can help fill the cybersecurity talent shortage

A cyber intelligence firm offers a new service in the form of secure storage for cryptographic keys. It partners with a cryptocurrency firm to offer key hosting, but one of the crypto firm’s applications is painfully insecure, and as...

Don’t let social media get you in trouble

As individuals, a great many of us use social media on a daily basis. Facebook, Twitter, Snapchat, LinkedIn, Instagram, etc. These platforms all provide us with a way to share experiences and interact with our friends and business associates....

Vulnerabilities found in building access system used by schools, governments

Tenable Research discovered four zero-day vulnerabilities in PremiSys access control system from IDenticard (PremiSys IDenticard). The first, a hardcoded backdoor account, “allows attackers to add new users to the badge system, modify existing users, delete users, assign permission, and...

How to protect backups from ransomware

Despite a recent decline in attacks, ransomware still poses significant threats to enterprises, as the attacks against several major newspapers demonstrated this month. It is also becoming more capable. In particular, ransomware writers are aware that backups are an...

What is a CISO? Responsibilities and requirements for this vital leadership role

CISO definition The chief information security officer (CISO) is the executive responsible for an organization's information and data security. While in the past the role has been rather narrowly defined along those lines, these days the title is often used...

IDG Contributor Network: What is the dark web? How to access it and what you’ll find

The dark web is a part of the internet that isn't indexed by search engines. You've no doubt heard talk of the “dark web” as a hotbed of criminal activity — and it is. Researchers Daniel Moore and Thomas Rid of King's...

Women in identity management: 4 newcomers to watch

Digital Identity – just the phrase leaves you thinking this must be important; after all, our identity is about who we are and what we do. Digital identity is a big technology space too. It encompasses a variety of...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more