Search results for: zero trust

Week in review: Vulnerable web-based password managers, Mayhem malware, and Google’s Project Zero

Here’s an overview of some of last week’s most interesting news, interviews and articles: Endpoint security myths and why they persist In this interview, Roman Foeckl, CEO of CoSoSys, illustrates the most prominent endpoint security myths and explains why they persist. Furthermore, he talks about the hurdles with protecting endpoint clients in the enterprise and offers advice on what organizations can do in order to stay ahead of the threats. Amazon-hosted malware triples in 6 … More

Five great computer security tips that few people follow

If you’re an infosec professional, you probably know a ton of security tips and best practices; use a firewall, update antivirus, patch regularly, adhere to the least privilege principle, don’t click unsolicited attachments, and so on. Chances are, you probably have implemented most, if not all, of those important best practices already. However, in my experience there is another, smaller subset of InfoSec tips and practices that offer great security benefits, but which few people … More

World Cup 2014 fans are not the only ones with their eye on the ball

The World Cup 2014 championship has begun and like most major sports events, employees are browsing websites to check the latest scores, watch streaming live games and chat with their peers about the latest updates. Sports-related websites receive a lot of traffic during large events like these creating a prime opportunity for advertisers to post campaign banners and watch the cash roll in. However, advertisers are not the only ones cashing in. Unbeknownst to fans, … More

Week in review: eBay breach, Linux Trojans, US charges Chinese military hackers for spying on US firms

Here’s an overview of some of last week’s most interesting news, podcasts, and articles: Record month for Linux Trojans If you think that you are protected from malware if you use Linux, think again, warn researchers from AV manufacturer Dr. Web, who identified and examined a record-high number of Trojans for Linux this month – and the month isn’t over yet. Secure public WiFi with avast! SecureLine for iOS If you connect to untrusted networks … More

Cybercrime attack targets, victims, motivations and methods

Trustwave experts gathered the data from 691 breach investigations (a 54 percent increase from 2012) across 24 countries in addition to proprietary threat intelligence gleaned from the company’s five global security operations centers, telemetry from security technologies and ongoing threat research. While payment card data continued to top the list of the types of data compromised, 45 percent of data thefts in 2013 involved confidential, non-payment card data—a 33 percent increase from 2012. Non-payment card … More

Microsoft updates IE against latest 0-day, updates also XP

Microsoft has issued an out of band security update to patch the zero day vulnerability that affects all versions of Internet Explorer and is being actively exploited in the wild in targeted attacks seemingly directed against US-based defense and financial firms. “While we’ve seen only a limited number of targeted attacks, customers are advised to install this update promptly. The majority of our customers have automatic updates enabled and so will not need to take … More

IE 0-day exploit actively used in attacks against US-based firms

Late on Saturday, Microsoft has published a security advisory warning about “limited, targeted attacks” exploiting a newly discovered zero day vulnerability that affects all supported versions of Internet Explorer (6 to 11). “This issue allows remote code execution if users visit a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message,” shared in a blog post Dustin Childs, Group … More

Tinder users targeted by spamming bots

Spammers are taking advantage of the popularity of the Tinder dating app to promote a game via bots posing as attractive women. For a week now users have been complaining of getting matched with bots peddling the game in a pretty standardized way: after saying hello, the bot asks the user how he’s doing and immediately offers: “Relaxing with a game on my phone, castle clash. Have you heard about it?” It then sends out … More

Full Disclosure mailing list closure elicits mixed reactions

The Full Disclosure mailing list has long been the perfect place for security researchers to disclose and discuss newly found vulnerabilities. But John Cartwright, one of its creators, has pulled the plug on the list today. “When Len [Rose] and I created the Full Disclosure list way back in July 2002, we knew that we’d have our fair share of legal troubles along the way. We were right. To date we’ve had all sorts of … More

Exploiting vulnerabilities in media players to spread advanced malware

Trusteer’s research has shown that vulnerable media players are constantly targeted by malicious actors. Since in most environments media players exist on users’ desktops for their own personal use, IT and security administrators ignore these applications and the content files they use. After all, you want to keep your employees productive and happy, and allow them to listen to their harmless music while they work. However, because these applications are not controlled, and users are … More

Data mining the future with security predictions

It has become somewhat of a tradition for information security vendors to pull out their crystal balls at the end of each year and do their best to predict interesting developments and threats for the coming months. It is also becoming a tradition for the security community to greet those predictions with emotions ranging from skepticism to sarcasm but in doing so we may actually miss out on an opportunity to better anticipate developing risks. … More

ENISA: Industrial Control Systems require coordinated capability testing

EU’s cyber security Agency ENISA published a new report to give advice regarding the next steps towards coordinated testing of capability of the often outdated Industrial Control Systems (ICS) for European industries. Among the key recommendations is the testing of ICS is a concern for all EU Member States and could be dealt with at EU levels according to ENISA. Nowadays, IT is being widely used by industrial control systems (e.g. SCADA) for energy, water … More