Search results for: vulnerability

week in review

Week in review: Windows EoP flaw still exploitable, GoDaddy breach, malicious Python packages on PyPI

Here’s an overview of some of last week’s most interesting news, articles and interviews: After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379) A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed GoDaddy, the popular internet domain registrar and web hosting company, has suffered … More

numbers

From fragmented encryption chaos to uniform data protection

Encryption is so critical to enterprise security that it’s almost like air: It’s a necessity, it’s everywhere, and we can’t live without it. On the surface, having encryption everywhere seems like a great idea. However, in many ways the drive to achieve ubiquitous data security has undermined itself. That’s because often the only way to approach ubiquity is by combining a variety of point systems, vendors, and technologies to cover data in a dizzying combination … More

innovation

Which technologies will be the most important in 2022?

IEEE released the results of a survey of global technology leaders from the U.S., U.K., China, India and Brazil. The study, which included 350 CTOs, CIOs and IT directors, covers the most important technologies in 2022, industries most impacted by technology in the year ahead, and technology trends through the next decade. The most important technologies, innovation, sustainability and the future Among total respondents, 21% say AI and machine learning, cloud computing (20%) and 5G … More

Windows

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its discoverer, still exploitable. What’s more, it is already being leveraged by malware developers. About the flaw and the exploit Abdelhamid Naceri, who reported the flaw through the Trend Micro Zero Day Initiative, has analyzed the patch for CVE-2021-41379 and found that the bug was “not fixed correctly.” So he created and … More

online shopping

Small businesses urged to protect their customers from card skimming

With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming cyber criminals. As part of NCSC’s Active Cyber Defence programme, the organization has already notified this year 4,151 small businesses that their sites have been compromised to steal customers’ payment details, and is now advising the rest to be on the alert. Online shops and card skimming: The … More

Active Directory

Guarding against DCSync attacks

Gaining access to domain admin credentials is part of the endgame in many sophisticated attacks where threat actors are trying to maintain persistence. One of the ways that adversaries accomplish this is through DCSync attacks. What is a DCSync attack? A DCSync attack is a method where threat actors run processes that behave like a domain controller and use the Directory Replication Service (DRS) remote protocol to replicate AD information. The attack enables them to … More

connected car

How do I select an automotive IoT security solution?

As the automotive industry rapidly evolves and cars become smarter, cybercriminals are becoming more sophisticated too, constantly finding new ways to compromise connected vehicles. Other than the possibility of being stolen, there is an even greater threat, which implies the vehicle being controlled by hackers thus putting human lives at risk. To select a suitable automotive IoT security solution, you need to think about a variety of factors. We’ve talked to several industry professionals to … More

python pi

Malicious Python packages employ advanced detection evasion techniques

JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over 41,000 times. This is not the first time that malicious packages have been successfully introduced into online package repositories and will surely not be the last. What’s worrying the researchers is that attackers are using increasingly advanced techniques to avoid detection. Detection evasion techniques The malicious packages – importantpackage, important-package, pptest, ipboards, … More

find

Ethical hackers and the economics of security research

Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. New findings indicate a startling shift in the threat landscape with 8 out of 10 ethical hackers recently having identified a vulnerability they had never seen before. This comprehensive annual study offers an in-depth look at ethical hackers to reveal how they reduce risk, which industries leverage their expertise most, and what organizations are doing … More

week in review

Week in review: Intel chip flaw, shedding light on hidden root CAs, Emotet stages a comeback

Here’s an overview of some of last week’s most interesting news, articles and interviews: Researchers shed light on hidden root CAs How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. universities and Qihoo 360, the company developing the 360 Secure Browser, have collected 5 months worth of certificate data from volunteer users and analyzed certificate … More

Software

SOC Prime Quick Hunt delivers one-click threat hunting capabilities to security teams

SOC Prime announced the availability of Quick Hunt, a module powered by SOC Prime’s Detection as Code platform that delivers one-click threat hunting capabilities to security teams across the world. With access to the SOC Prime Threat Detection Marketplace, Quick Hunt allows security teams to hunt for threats by running a query in their SIEM or EDR, enabling the capability to hunt for threats for beginners and improving the efficiency for seasoned experts. Quick Hunt … More

code

Lack of API visibility undermines basic principle of security

One of the oldest principles of security is that you cannot secure what you cannot see. Visibility has always been the starting place for monitoring and protecting attack surface and valuable resources. Various technical challenges have come to bear over the years—the shift to “let it all in” HTTP back in the late 90s, the subsequent advent and then common usage of encrypted traffic, the rise of shadow IT and groups or employees empowered to … More