A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…
California May have some of the strictest data privacy and security laws on the books, but Gov. Gavin Newsom has floated a “new data dividend” that would compel Google, Facebook and the like to pay consumers in the state who choose to share their data. Noting that tech companies make billions from collecting and using…
As if creepy suitors and heartache weren’t enough to contend with on Valentine’s Day, scammers are expected to be out in full force, preying on the vulnerable. Romance scams topped 21,000 in number – with $143 million racked up in losses – in 2018, according to a report from the Federal Trade Commission (FTC). “Given the emotions,…
Researchers developed a proof of concept attack which allows them to hide malware in Intel’s Software Guard eXtensions (SGX). Intel SGX is a feature found on all modern Intel CPUs that allows developers to isolate applications in secure “enclaves” and the attack allows researchers to hide undetectable malicious code from their security software within these…
A vulnerability discovered in the runC container management tool has exposed multiple privileged container systems to a potential exploit through which attackers could allow malware to escape a container and compromise an entire host system. Designated CVE-2019-5736, the flaw allows attackers to use a malicious container to overwrite the host runC binary during the execution…
Image-I-Nation Technologies, Inc., which provides hosting services and software to consumer reporting agencies like Equifax, Experian and TransUnion, experienced a supply chain breach that left users’ personal information exposed for as long as two weeks. Last Dec. 20, the company “discovered that there had been unauthorized access to our database containing the personal information of…
A critical vulnerability in WordPress plugin Simple Social Buttons allows an attacker to completely takeover a website. The plugin allows users to add social media sharing buttons on the sidebar, inline, above and below the content of the post, on photos, pop ups and fly-ins. The bug is the result of and improper design flow…
The developers behind TrickBot have once again upgraded the information stealer’s malicious capabilities, this time creating a variant that swipes credentials for various remote access services. In a Feb. 12 company blog post, Trend Micro researchers Noel Anthony Llimos and Carl Maverick Pascual report that the new version targets passwords for Virtual Network Computing (VCN), PuTTY,…
An executive order signed by President Trump this week is designed to promote U.S. leadership in AI, especially as China makes great strides, by building on five principles that ensure the U.S. drives breakthroughs in technology as well as technical standards, adequately trains current and future workers, builds public trust in AI while preserving civil…
Attorneys general from 31 states have asked the Federal Trade Commission (FTC) to update its Identity Theft Rules. Noting the proliferation of identity theft and consumers’ inability to divine how information stolen from breaches is being used, the AGs said that the rules – also known as the Red Flags Rule and the Card Issuers Rule – “appropriately…
