Tuesday, May 21, 2019

Sharing Threat Intelligence: Time for an Overhaul

All too often, information-sharing is limited to vertical market silos; to build better defenses, it's time to take a broader view beyond the ISAC.

Windows 10 Update Bricks PCs, Microsoft Offers Workarounds

A glitch in Microsoft's Windows 10 update is causing systems to freeze after users tried to use the System Reboot function. Luckily, workarounds exist.

Salesforce Woes Linger as Admins Clean Up After Service Outage

An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.

Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws

A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.

Slack Bug Allows Remote File Hijacking, Malware Injection

An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.

ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed

Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.

WordPress WP Live Chat Support Plugin Fixes XSS Flaw

A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.

Ransomware ‘Remediation’ Firm Exposed: Researchers Weigh in on Paying

The decision to pay a ransom in the case of a ransomware attack can be a complex one for businesses.

How Decoding Network Traffic Can Save Your Data Bacon

The importance of reading the network tealeaves of a company’s network traffic to head off an attack.

News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws

From a zero day flaw in WhatsApp, to Patch Tuesday fixes, Threatpost breaks down the top vulnerabilities of this week.

Mobile Risks Boom in a Post-Perimeter World

The bloom is on mobile, whether it be the enterprise, employees or the cybercriminals plotting new ways to slip past a corporate defenses in a post-parameter world.

Forbes Becomes Latest Victim of Magecart Payment Card Skimmer

The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others.

Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution

The vendor also issued a patch schedule for the still-unpatched bug in its Secure Boot trusted hardware environment, which affects most of its enterprise and SMB portfolio, amounting to millions of vulnerable devices.

Cybercrime Gang Behind GozNym Banking Malware Dismantled

Europol said it has dismantled the cybercrime network behind the GozNym malware, which siphoned more than $100 million from businesses.

Google Titan Security Key Recalled After Bluetooth Pairing Bug

Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.

Intel ZombieLoad Side-Channel Attack: 10 Takeaways

Here are 10 top takeaways from Intel's most recent class of Spectre-like speculative execution vulnerabilities, disclosed this week.

Billions of Malicious Bots Take to Cipher-Stunting to Hide

Attackers have been tampering with TLS signatures at a scale never before seen using a technique called cipher-stunting.

Microsoft Patches Zero-Day Bug Under Active Attack

Microsoft Patch Tuesday security bulletin tackles 22 critical vulnerabilities.

Apple Patches Intel Side-Channel Bugs; Updates iOS, macOS and More

A massive update addresses the breadth of the computing giant's product portfolio.

Intel CPUs Impacted By New Class of Spectre-Like Attacks

Intel has disclosed a new class of speculative execution side channel attacks.
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...