Yahoo Ditching ImageMagick Highlights Issues in Bug Responsibility Ecosystem

Tue, 23 May 2017 02:38:02 +0000

ImageMagick, an open source command line graphics file editor, has been retired by one of its major consumers: Yahoo. The product has been beset by flaws and bugs for several years, but this appears to have been one too many for Yahoo. Following discovery of a bleed vulnerability, Yahoo fixed it by retiring the product. read more

Critical DoS Flaws Patched in Asterisk Framework

Mon, 22 May 2017 16:15:23 +0000

Updates released on Friday for the Asterisk communications framework address three critical denial-of-service (DoS) vulnerabilities discovered by Sandro Gauci, a penetration tester and researcher who specializes in VoIP and communications systems. read more

EternalRocks Network Worm Leverages 7 NSA Hacking Tools

Mon, 22 May 2017 15:09:57 +0000

EternalRocks Worm Uses NSA Exploits to Compromise Systems and Install DoublePulsar Backdoor A recently discovered network worm leverages a total of seven hacking tools stolen from the National Security Agency (NSA)-linked Equation Group. read more

Verizon Messages App Allowed XSS Attacks Over SMS

Mon, 22 May 2017 13:51:50 +0000

Until a few months ago, Verizon’s Messages service was affected by a vulnerability that could have easily been exploited to launch cross-site scripting (XSS) attacks using SMS messages. read more

S#!T Some Security Vendors Claim

Mon, 22 May 2017 13:20:34 +0000

The information security space is a hot, fast-moving market; and with that heat and speed comes both good and bad. read more

Windows 7 Most Hit by WannaCry Ransomware

Mon, 22 May 2017 13:01:34 +0000

Most of the computers affected by the WannaCry ransomware outbreak were running Windows 7, security researchers have revealed. read more

VMware Patches Workstation Vulnerabilities

Mon, 22 May 2017 11:49:21 +0000

VMware informed customers last week that updates released for the Linux and Windows versions of Workstation patch privilege escalation and denial-of-service (DoS) vulnerabilities. read more

WikiLeaks Details Malware Made by CIA and U.S. Security Firm

Mon, 22 May 2017 08:22:00 +0000

WikiLeaks has published documents detailing another spy tool allegedly used by the U.S. Central Intelligence Agency (CIA). The latest files describe “Athena,” a piece of malware whose developers claim it works on all versions of Windows. read more

Terror Exploit Kit Gets Fingerprinting Capabilities

Sun, 21 May 2017 13:31:47 +0000

Recent changes made to the Terror exploit kit (EK) allow it to fingerprint victims and target specific vulnerabilities instead of carpet bombing the victims with many exploits at the same time, Talos researchers discovered. read more

China Killed or Jailed Up to 20 US Spies in 2010-12: Report

Sun, 21 May 2017 11:54:02 +0000

Beijing systematically dismantled CIA spying efforts in China beginning in 2010, killing or jailing more than a dozen covert sources, in a deep setback to US intelligence there, The New York Times reported Sunday. read more

North Korea Denies Role in Global Cyberattack

Fri, 19 May 2017 19:25:27 +0000

North Korea on Friday angrily dismissed reports linking its isolated regime to the global cyberattack that held thousands of computers to virtual ransom. Up to 300,000 computers in 150 countries were hit by the WannaCry worm, which seizes systems and demands payment in Bitcoin to return control to users. read more

Stealth Backdoor Abused NSA Exploit Before WannaCrypt

Fri, 19 May 2017 19:17:05 +0000

In the aftermath the WannaCry ransomware outbreak, security researchers discovered numerous attacks that have been abusing the same EternalBlue exploit for malware delivery over the past several weeks. read more

WannaCry Does Not Fit North Korea's Style, Interests: Experts

Fri, 19 May 2017 17:17:21 +0000

Some experts believe that, despite malware code similarities, the WannaCry ransomware is unlikely to be the work of North Korea, as the attack does not fit the country’s style and interests. read more

Financial Firms Struggle on Compliance for non-Email Communications

Fri, 19 May 2017 17:07:55 +0000

Financial services is perhaps the most regulated sector in industry. SEC, FINRA and Gramm-Leach-Bliley are merely the better known of a raft of regulations. Key to all of them is the requirement to manage and retain communications. But just as regulations tend to increase and become more complex, so too have the different methods of communication that need to be monitored ballooned. What was once just email now includes SMS, public IM, a variety of social media and more. read more