Tuesday, May 21, 2019

Privilege Escalation Flaws Impact Wacom Update Helper

Talos’ security researchers have discovered two security flaws in the Wacom update helper that could be exploited to elevate privileges on a vulnerable system. The update helper tool is being installed alongside the macOS application for Wacom tablets. Designed for...

Answering Tough Questions About Network Metadata and Zeek

We often receive questions about our decision to anchor network visibility to network metadata as well as how we choose and design the algorithmic models to further enrich it for data lakes and even security information and event management...

Qakbot Trojan Updates Persistence, Evasion Mechanism

The Qakbot banking Trojan has updated its persistence mechanism in recent attacks and also received changes that potentially allow it to evade detection, Talos’ security researchers say.  Also known as Qbot and Quakbot, the Trojan has been around for nearly...

Flaws in D-Link Cloud Camera Expose Video Streams

Vulnerabilities in the D-Link DCS-2132L cloud camera can be exploited by attackers to tap into video or audio streams, but could also potentially provide full access to the device.  The main issue with the camera is the fact that no...

SOAR: Doing More with Less

Security orchestration, automation and response model has many benefits, including some that are unintended Security teams in every industry and vertical are facing a common set of challenges. Namely, defending against an endless stream of cyberattacks, having too many security...

Gaining Control of Security and Privacy to Protect IoT Data

Internet traffic growth is unrelenting and will continue to expand exponentially, in large part, due to Internet of Things (IoT). The amount of data being generated is staggering, with 5 quintillion bytesof data produced and transmitted over the Internet,...

Growing Reliance on Digital Connectivity Amplifies Existing Risks, Creates New Ones

Information security threats are intensifying every day. Organizations risk becoming disoriented and losing their way in a maze of uncertainty, as they grapple with complex technology, data proliferation, increased regulation, and a debilitating skills shortage. By 2021 the world will...

How Microsegmentation Helps to Keep Your Network Security Watertight

A submarine operates in hazardous conditions: in the ocean depths, even a small breach of its hull could spell disaster for the vessel and its crew. That’s why submarine designers don’t just rely on the strength of the outer...

Through the Executive Lens: Prioritizing Application Security Vulnerabilities

It’s an old axiom in the security business that your security is only as good as your weakest link. Today, as the number of security threats and attack vectors continues to grow, so too does the number of tools...

Next Generation Firewalls are Old News in the Cloud

Having been in the security field for many years, long enough that I’ve seen the firewall be replaced with the “Next Generation Firewall.” What was special about this change was that it signaled a big milestone as we went...

Trojan Horses for the Mind, Part 2 of Building Impactful Security Awareness Messaging

In late 2018, I wrote about how we can use Trojan Horses for the mind when it comes to shaping messaging and creating an influential awareness campaigns. In other words, the way we design and deliver our messages can...

Internet-Exposed IBM BigFix Relays May Lead to Full Remote Compromise

Internet-facing relays in IBM BigFix deployments could lead to information disclosure and potential full remote compromise if not properly configured, Atredis Partners security researchers have discovered.  Tracked as CVE-2019-4061 and affecting BigFix Platform versions 9.5 - 9.5.11 and 9.2 - 9.2.16, the...

1 Million Apps Patched in Android Security Improvement Program

Over its five-year lifetime, the Android Application Security Improvement Program helped over 300,000 developers to fix more than 1,000,000 apps on Google Play, Google says. The program was launched to help the Android ecosystem thrive by helping developers improve the...

The Role of Analytics in Protecting Healthcare Data Privacy and Security

Healthcare has traditionally had a weaker security profile than most other industries. On the one hand, it is a favorite target for ransomware attacks, and for hackers looking to steal confidential patient records that have a high resale value...

WINDSHIFT Hackers Target Government Agency in the Middle East

A recently discovered threat actor was observed targeting a Middle Eastern government agency on several occasions over the course of last year, Palo Alto Networks security researchers reveal.  Referred to as WINDSHIFT, the surveillance-focused threat actor is believed to have remained...
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...