Cybersecurity News & Analysis | SC Media | Info Security News

Security News

Cisco Network Assurance Engine (NAE) contains password vulnerability

By

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…

Gov. Newsom proposes ‘data dividend’ for Calif. consumers

By

California May have some of the strictest data privacy and security laws on the books, but Gov. Gavin Newsom has floated a “new data dividend” that would compel Google, Facebook and the like to pay consumers in the state who choose to share their data. Noting that tech companies make billions from collecting and using…

Protect your heart, data on Valentine’s Day

By

As if creepy suitors and heartache weren’t enough to contend with on Valentine’s Day, scammers are expected to be out in full force, preying on the vulnerable. Romance scams topped 21,000 in number – with $143 million racked up in losses – in 2018, according to a report from the Federal Trade Commission (FTC). “Given the emotions,…

PoC hides malware in Intel SGX enclave

By

Researchers developed a proof of concept attack which allows them to hide malware in Intel’s Software Guard eXtensions (SGX). Intel SGX is a feature found on all modern Intel CPUs that allows developers to isolate applications in secure “enclaves” and the attack allows researchers to hide undetectable malicious code from their security software  within these…

Flaw in runC could allow malicious containers to infect host environment

By

A vulnerability discovered in the runC container management tool has exposed multiple privileged container systems to a potential exploit through which attackers could allow malware to escape a container and compromise an entire host system. Designated CVE-2019-5736, the flaw allows attackers to use a malicious container to overwrite the host runC binary during the execution…

Image-I-Nation supply chain breach exposes data of major credit agencies’ customers

By

Image-I-Nation Technologies, Inc., which provides hosting services and software to consumer reporting agencies like Equifax, Experian and TransUnion, experienced a supply chain breach that left users’ personal information exposed for as long as two weeks. Last Dec. 20, the company “discovered that there had been unauthorized access to our database containing the personal information of…

TrickBot variant steals credentials for remote computer access

By

The developers behind TrickBot have once again upgraded the information stealer’s malicious capabilities, this time creating a variant that swipes credentials for various remote access services. In a Feb. 12 company blog post, Trend Micro researchers Noel Anthony Llimos and Carl Maverick Pascual report that the new version targets passwords for Virtual Network Computing (VCN), PuTTY,…

Exec order prioritizes AI, broadly outlines U.S. goals

By

An executive order signed by President Trump this week is designed to promote U.S. leadership in AI, especially as China makes great strides, by building on five principles that ensure the U.S. drives breakthroughs in technology as well as technical standards, adequately trains current and future workers, builds public trust in AI while preserving civil…

31 AGs ask FTC to update Identity Theft Rules

By

Attorneys general from 31 states have asked the Federal Trade Commission (FTC) to update its Identity Theft Rules. Noting the proliferation of identity theft and consumers’ inability to divine how information stolen from breaches is being used, the AGs said that the rules – also known as the Red Flags Rule and the Card Issuers Rule – “appropriately…

Next post in Security News