Actualites provenant du site Vumetric

The latests cybersecurity news



2018-03-07 - Qualcomm Requests National Security Review of Broadcom Bid

US chipmaker Qualcomm postponed its annual shareholders' meeting after secretly requesting a national security review of Broadcom's bid to take over the company, the Singapore-based Broadcom announced Monday.[...]

2018-03-07 - Exim vulnerability opens 400,000 servers to remote code execution

If you’re using the Exim mail transfer agent on your Internet-connected Unix-like systems and you haven’t yet upgraded to version 4.90.1, now is the time to do it as all previous versions contain a vulnerability that can be exploited to achieve remote code execution. About the Exim remote code execution vulnerability The buffer overflow vulnerability in the base64 decode function of Exim (CVE-2018-6789) was discovered and reported by Meh Chang of the DEVCORE research team ... The post Exim vulnerability opens 400,000 servers to remote code execution appeared first on Help Net Security.[...]

2018-03-07 - Memcached DDoS Exploit Code and List of 17,000 Vulnerable Servers Released

Someone has just released proof-of-concept (PoC) exploit code for amplification attack and a pre-compiled list of nearly 17,000 potential vulnerable Memcached servers on the Internet that could even allow script-kiddies to launch massive DDoS attacks using UDP reflections easily. Last week we saw two record-breaking DDoS attacks—1.35 Tbps hit Github and 1.7 Tbps attack against an unnamed[...]

2018-03-07 - Memcached DDoS Attack 'Kill Switch' Found

Corero Network Security says they have discovered a “kill switch” to counteract the Memcached vulnerability that recently fueled some of the largest distributed denial-of-service (DDoS) attacks in history.[...]

2018-03-07 - ID and Access Management: The Next Steps

Bringing identity and access management to the next level and investigating the potential that blockchain offers to improve the management of device IDs are among the priority security projects at Sentara Healthcare, an integrated delivery system serving Virginia and North Carolina, says CISO Daniel Bowden.[...]

2018-03-07 - ONC Considering Tweaks to Trusted Exchange Framework

Based on the feedback it received, the Office of the National Coordinator for Health IT will consider making tweaks to its proposed Trusted Exchange Framework and Common Agreement, including provisions related to privacy and security, says ONC's Genevieve Morris.[...]

2018-03-07 - Global security trends for 2018: GDPR, identity and access security

In its third annual global IT security survey, Versasec found Europe’s General Data Protection Regulation (GDPR) is impacting security planning around the world, smart card deployment is on the rise, and that many companies continue to rely on the inadequate protection offered by user names and passwords alone. These results and more came from IT and security professionals in EMEA, North America and Asia/Pacific regions. The survey showed that users remained consistent year-over-year in what ... The post Global security trends for 2018: GDPR, identity and access security appeared first on Help Net Security.[...]

2018-03-07 - Exploiting the User PII Held in Everyone's Web Browser

Browsers are the single most used application today. Everyone uses at least one browser, whether in the office or at home. But not everyone realizes just how much personal data is left hanging around inside their browsers; nor how easy it is for third-parties to extract it.[...]

2018-03-07 - New DDoS Reflection-Attack Variant

This is worrisome: DDoS vandals have long intensified their attacks by sending a small number of specially designed data packets to publicly available services. The services then unwittingly respond by sending a much larger number of unwanted packets to a target. The best known vectors for these DDoS amplification attacks are poorly secured domain name system resolution servers, which magnify...[...]

2018-03-07 - Cyber attacks becoming No. 1 business risk

SonicWall recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year. “The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence, we ... The post Cyber attacks becoming No. 1 business risk appeared first on Help Net Security.[...]

2018-03-07 - 10 Ways to Close That Security Sale

In my previous column, I took a look at some of the behaviors that salespeople sometimes exhibit that make it more difficult for them to close security sales. The feedback I received about that piece indicated that people very much appreciated it.  More than a few people reached out to me to request a follow-on piece around behaviors that help close security deals.[...]

2018-03-07 - How can IoT stakeholders mitigate the risk of life-threatening cyberattacks?

With an estimated 20 billion Internet-connected devices set to appear in our homes and offices by the end of the decade, future cyberattacks will dwarf what we’ve seen to date. These connected devices will feed into fundamental infrastructure we rely on every day: transportation, power plants, medical devices, and supply chains, for example. As cyberattacks move from financial and reputation risks into the realm of ‘life and death’ consequences, which IoT stakeholders should we turn ... The post How can IoT stakeholders mitigate the risk of life-threatening cyberattacks? appeared first on Help Net Security.[...]

2018-03-07 - McAfee Launches Security Platform for Azure Cloud

Migrating to the cloud is complex. One of the biggest concerns is a loss of visibility on data in the cloud; and this concern only grows with increasing regulatory requirements. GDPR, coming into force in less than 3 months time, is a case in point.[...]

2018-03-07 - Chrome 65 Patches 45 Vulnerabilities

Released in the stable channel this week, Chrome 65 brings 45 security fixes, including 27 patches for vulnerabilities discovered by external researchers.[...]



2018-03-07 - Live Webinar: Stronger Privileged Account Protection & The New Role of Threat Intelligence


2018-03-07 - Cryptocurrencies and the Revolution in Cybercrime Economics


2018-03-07 - Most top US higher ed institutions fail to protect students from phishing

88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain, according to 250ok. Phishing and spoofing attacks against consumers are likely when companies do not have a published Sender Policy Framework (SPF) or Domain-based Message Authentication, Reporting and Conformance (DMARC) policy in place. SPF is an email validation system that detects ... The post Most top US higher ed institutions fail to protect students from phishing appeared first on Help Net Security.[...]

2018-03-07 - Locked Windows machines can be compromised through Cortana

Compromising locked Windows computers that have the Cortana voice-activated virtual assistant enabled is relatively easy – or it was until Microsoft made a simple tweak. The attack The discovery was made by Tal Be’ery and Amichai Shulman, and a successful attack demonstrated in these videos: This attack requires the attacker to have physical access to the target computer so that he can plug a network adapter in the locked machine’s USB port. The next step ... The post Locked Windows machines can be compromised through Cortana appeared first on Help Net Security.[...]

2018-03-05 - Memcached Servers Deliver Amplified DDoS Attacks

GitHub Disrupted by 1.5 Tbps Onslaught as New DDoS Attack Type EmergesSay hello to a new type of DDoS attack: UDP amplification via internet-facing servers running memcached, an open source distributed caching system that can be abused to amplify DDoS attacks by a factor of 50,000.[...]



2018-03-05 - Triada Trojan Pre-Installed on Low Cost Android Smartphones

Security researchers have discovered the sophisticated Triada Trojan in the firmware of more than 40 low-cost Android smartphone models.[...]

2018-03-05 - Intimate Partner Threat

Princeton's Karen Levy has a good article computer security and the intimate partner threat: When you learn that your privacy has been compromised, the common advice is to prevent additional access -- delete your insecure account, open a new one, change your password. This advice is such standard protocol for personal security that it's almost a no-brainer. But in abusive...[...]

2018-03-05 - New LTE attacks open users to eavesdropping, fake messages, location spoofing

A group of researchers has uncovered ten new attacks against the 4G LTE wireless data communications technology for mobile devices and data terminals. The attacks exploit design flaws in the communications protocol and unsafe practices employed by the stakeholders and can be used to achieve things like impersonating existing users, spoofing the location of the victim device, delivering fake emergency and warning messages, eavesdropping on SMS communications, and more. The attacks The researchers – Syed ...[...]

2018-03-05 - New 4G LTE Network Attacks Let Hackers Spy, Track, Spoof and Spam

Security researchers have discovered a set of severe vulnerabilities in 4G LTE protocol that could be exploited to spy on user phone calls and text messages, send fake emergency alerts, spoof location of the device and even knock devices entirely offline. A new research paper [PDF] recently published by researchers at Purdue University and the University of Iowa details 10 new cyber attacks[...]

2018-03-05 - HIMSS Speaker Dill on Underutilized Security Technologies

User behavior analytics and data loss prevention tools are among the most promising yet underutilized or improperly implemented security technologies in healthcare, says security consultant Mark Dill, formerly of the Cleveland Clinic, a featured speaker at the HIMSS18 conference.[...]

2018-03-05 - Backdooring connected cars for covert remote control

We’ve all known for a while now that the security of connected cars leaves a lot to be desired. The latest proof of that sad state of affairs comes from Argentinian security researchers and hackers Sheila Ayelen Berta and Claudio Caracciolo. The pair is set to demonstrate a hardware backdoor for the CAN bus that can be controlled remotely at the upcoming Hack in the Box conference in Amsterdam. The Bicho Dubbed “The Bicho,” which ...[...]

Lien vers la totalité des actualités VUMETRIC