Employee from hell busted by VPN logs

Before retiring from PenAir airline, Suzette Kugler set herself up with fake, high-privilege VPN user accounts that didn’t keep her secrets. more…

To Mitigate Third-Party Security Risk, Be at the Table

In the last twelve months it seems like supply chain attacks are on the rise—CCCleaner, Nyetya/NotPetya, Spectre and Meltdown, to name a few. read more more…

Drupal 8 Updated to Patch Flaw in WYSIWYG Editor

Updates released on Wednesday for Drupal 8 patch a moderately critical cross-site scripting (XSS) vulnerability affecting a third-party JavaScript library. The flaw impacts CKEditor, a WYSIWYG HTML editor included in the Drupal core. CKEditor exposes users to XSS attacks due to a flaw in the Enhanced Image (image2) plugin. read more more…

Silence! Chrome hushes noisy autoplaying videos

With the Chrome 66 comes blissful quiet: Google is muting all autoplay content by default. more…

What is cross-site scripting (XSS)? Low-hanging fruit for both attackers and defenders

October 4, 2005, dawned cold and clear–somewhere in the world, anyway. Bleary-eyed MySpace users woke from their slumber to log onto the world’s dominant social media platform, eager to friend new people. People like Samy Kamkar. So eager for friends was Samy he dropped a cross-site scripting (XSS) exploit into his MySpace profile. [ How […] more…

iPhones, iPads Can Be Hacked via ‘Trustjacking’ Attack

A feature that allows users to wirelessly sync their iPhones and iPads with iTunes can be abused by hackers to take control of iOS devices in what researchers call a “Trustjacking” attack. read more more…

Popular Android Apps Leak User Data via Third-Party SDKs

Popular mobile applications that use third-party, ready-to-go advertising Software Development Kits (SDKs) expose user data by transmitting it over the insecure HTTP protocol, Kaspersky Lab warns. read more more…

Perspectives On Securing Our Election Systems

I had the pleasure of sitting on a panel at CyberScoop’s CyberTalks event this week, which coincides this year with the RSA 2018 Conference in San Francisco. Our discussion focused on the need to protect election systems from would-be hackers seeking to change results, sow discord in our election processes, and undermine confidence in our […] more…

How to use a strong passcode to better secure your iPhone

With police departments and federal agencies lining up to buy technology from two companies whose products can bypass iPhone security mechanisms, experts said users concerned about privacy should use a strong passcode to help prevent unwanted access to data. That’s also true for enterprise users with iPhones that access potentially sensitive coporate data. [ Further […] more…

University Enterprise Network Redundant Connections Migration April 25th

On April 25th in the 5-7AM maintenance window will be migrating the following Redundant Circuits from the Redundant3 router to the Redundant 4 router. This involves re-routing the fiber path to Tower Road DataCenter. We anticipate the circuits below will be down for up to 2 hours. Since these circuits are not in service under […] more…

From Baidu to Google’s Open Redirects

Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon after the publication of that article, the bad actors changed the links to use compromised third-party sites and a couple of day later they began […] more…

Russia Says to Probe Facebook After Telegram Crackdown

Russia’s telecoms watchdog plans to probe Facebook before the end of the year after blocking access in the country to the popular messaging app Telegram, its head said on Wednesday. “We will conduct a probe of the company before the end of 2018,” the head of state regulator Roskomnadzor, Alexander Zharov, told pro-Kremlin newspaper Izvestia. […] more…

Honeypot Shows the Power of Automation in the Hands of Hackers

Honeypot Experiment Shows the Commoditization of Using Bots to Perform Low-level Hacking Tasks read more more…

Hacking like it’s 1999 (oh, and what to do about Facebook) [PODCAST]

Here’s the latest Naked Security Podcast – enjoy! more…

Chrome 66 Distrusts Older Symantec Certificates

Released in the stable channel on Tuesday, Chrome 66 removes trusts in website certificates that Symantec issued before June 1, 2016, while also bringing a trial of Site Isolation, and patching 62 vulnerabilities. read more more…

Rockwell Automation Switches Exposed to Attacks by Cisco IOS Flaws

Rockwell Automation informed customers this week that its Allen-Bradley Stratix and ArmorStratix industrial switches are exposed to remote attacks due to vulnerabilities in Cisco’s IOS software. read more more…

2017 Antivirus News | Powered by WordPress | Fluxipress Theme | Show My IP Address, check blacklists | Free Favicon, Android and Apple Icon Generator | Bitcoin and Crypto Currency News