DHS Orders Federal Agencies to Use DMARC, HTTPS

Tue, 17 Oct 2017 08:13:42 +0000

The U.S. Department of Homeland Security (DHS) has issued a binding operational directive requiring all federal agencies to start using web and email security technologies such as HTTPS, DMARC and STARTTLS within the next few months. read more

Security Flaw Prompts Fears on Wi-Fi Connections

Mon, 16 Oct 2017 19:47:53 +0000

A newly discovered flaw in the widely used Wi-Fi encryption protocol could leave millions of users vulnerable to attacks, prompting warnings Monday from the US government and security researchers worldwide. read more

Firm Backs Vulnerability Management Service With $1 Million Guarantee

Mon, 16 Oct 2017 19:06:32 +0000

San Francisco-based consulting firm AsTech has today announced a $1 million guarantee for its Qualys Managed Services offering. AsTech is one of a small but growing number of vendors applying a different approach to cyber insurance: a monetary guarantee against failure of their own products. read more

Mobile Edge Computing on 5G Networks: Don't Forget About Security and Testing

Mon, 16 Oct 2017 18:12:58 +0000

5G is here. New cellular networks are being planned and rolled out around the world, exciting consumers and enterprises alike with the promise of huge jumps in performance. However, speed isn’t the only benefit of 5G. The new network protocol is also giving rise to Mobile Edge Computing (MEC)—the ability to push applications and content to the edge of the cellular network. read more

Email Attacks Use Fake VAT Returns to Deliver Malware

Mon, 16 Oct 2017 17:41:40 +0000

Domain-based Message Authentication, Reporting and Conformance (DMARC) is designed to stop phishing. One of the most phished domain names in the world is the UK tax office, HMRC ( HMRC has implemented DMARC to counter this phishing, and in November 2016 it announced, "We have already managed to reduce phishing emails by 300 million this year through spearheading the use of DMARC. read more

Middle East Group Uses Flash Zero-Day to Deliver Spyware

Mon, 16 Oct 2017 15:38:27 +0000

A threat group believed to be located somewhere in the Middle East has been using a zero-day vulnerability in Adobe Flash Player to deliver a piece of spyware to targeted individuals. read more

Dangerous WPA2 Flaw Exposes Wi-Fi Traffic to Snooping

Mon, 16 Oct 2017 14:34:38 +0000

A series of vulnerabilities in the Wi-Fi standard render all Wi-Fi Protected Access II (WPA2) protocol implementations vulnerable to a new type of attack, security researchers have discovered. read more

Adobe Patches Flash Zero-Day Exploited in Targeted Attacks

Mon, 16 Oct 2017 14:18:38 +0000

A Flash Player security update released on Monday by Adobe patches a zero-day vulnerability that has been exploited in targeted attacks. read more

Tech Giants Warn of Crypto Flaw in Infineon Chips

Mon, 16 Oct 2017 13:55:50 +0000

Microsoft, Google, HP, Lenovo and Fujitsu have warned customers of a potentially serious crypto-related vulnerability affecting some chips made by German semiconductor manufacturer Infineon Technologies. TPM vulnerability allows attackers to obtain private RSA keys read more

Android Ransomware Abuses Accessibility Services

Mon, 16 Oct 2017 13:32:35 +0000

A newly discovered ransomware family targeting Android devices is abusing the platform’s accessibility services, ESET warns. read more

Russia Fines Telegram For Not Giving Backdoor Access

Mon, 16 Oct 2017 12:47:16 +0000

A Russian court on Monday fined the popular Telegram messenger app for failing to provide the country's security services with encryption keys to read users' messaging data. read more

'Tick' Cyber Espionage Group Linked to China

Mon, 16 Oct 2017 09:03:25 +0000

The cyber espionage group known as Bronze Butler and Tick continues to target Japan using custom-built malware. Evidence found by researchers suggests that the actor is based in China. read more

Payment Cards Stolen in Pizza Hut Website Hack

Mon, 16 Oct 2017 05:31:08 +0000

Pizza Hut U.S. informed customers over the weekend that their payment card and contact information may have been compromised after cybercriminals breached its website. Emails sent out by the restaurant chain to affected individuals describe the incident as a “temporary security intrusion” on read more

Siemens Patches Flaws in Building Automation Controllers

Fri, 13 Oct 2017 17:16:12 +0000

Siemens has released a firmware update for its BACnet Field Panel building automation products to address two vulnerabilities, including one classified as high severity. read more