Network Security News, Articles and Updates

Despite advancements training and fears of breaches, employees still practice bad cyber hygiene, study

Despite the majority of consumers being afraid of having their personal data compromised by a breach, employees are still continuing to engage in risky behavior.

DOJ IG report finds no bias in FBI probe, but says Comey, Strzok actions cast cloud over bureau

Former FBI Director James Comey clouded the public's perception of the FBI as an impartial steward of the law as did former FBI Agents Peter Strzok and FBI lawyer Lisa Page, according to a the Justice Department IG's report.

It's FIFA World Cup season, do you know where your cybersecurity pros are?

With nearly half the world watching, odds are several security professionals will be looking to sneak a peak of the game which could be bad for the security of your business.

Tapplock Smart locks found to be physically and digitally vulnerable

Tapplock Smart locks contain several physical and digital vulnerabilities, each of which could allow an attacker to crack the lock with some attacks taking as little as two seconds to execute.

Apple feature to thwart law enforcement access to iPhones

USB Restricted Mode will close a long-standing loophole and make it more difficult for law enforcement to access the contents of iPhones.

VMware patches RCE flaw for AirWatch Agent for Android, AirWatch Agent for Windows

VMware has released updates to resolve a remote code execution vulnerability in AirWatch Agent for Android and AirWatch Agent for Windows.

European authorities fine Yahoo! And Optical Center

European authorities are already cracking down on firm's improperly securing customer data from before GRPR went into effect.

Flawed code-signing process could have let attackers pass malware off as Apple-approved

The developers of third-party security products for Macs are issuing patches after researchers realized their software was not properly interacting with Apple's code-signing API. Without the patch, attackers can craft malicious files capable of bypassing the code-signing process, making it look like their code is legit software approved by Apple.

Foscam home security cameras updated to address root access vulnerabilities

Foscam home security issued an update for its home security systems after researchers found several vulnerabilities which if combined, could allow an attacker to gain root access to the cameras (via LAN or internet.

Device makers still shipping products with Android Debug Bridge enabled, despite risks

Mobile and IoT device manufacturers continue to ship products with the Android Debug Bridge feature automatically enabled -- a dangerous default setting that enables potential adversaries to connect to these devices.

MIT researchers develop frequency-hopping transmitter that fends off attackers

Academic researchers say they have invented a transmitter that can secure billions of Internet of Things products by individually scattering each bit of data that a device wirelessly sends out onto different radio frequency channels, thus preventing attackers from intercepting a full packet and manipulating its data.

Splunk acquires VictorOps in $120 million deal

Splunk has acquired the devops incident management firm VictorOps for $120 million in cash and Splunk securities.

Patched Cisco ACS flaw lets attackers perform MITM attacks, steal admin credentials

Positive Technologies has elaborated on a critical remote code execution vulnerability its researchers discovered in the web interface of Cisco's Access Control Server (ACS), reporting that the bug can be leveraged to perform man-in-the-middle attacks, steal credentials, access network resources and intercept traffic.

DHS documents 'only a matter of time' until airline hack

The statement came from a Department of Energy government research laboratory focusing on the lab's findings around aviation cybersecurity and was included in government internal presentations and risk assessments.

Latest batch of Cisco updates patches 28 bugs, two critical

Cisco Systems yesterday issued 28 security updates that patch vulnerabilities found in a variety of products, including two critical bugs that were assigned a CVSS (Common Vulnerability Scoring System) base score of 9.8.

House committee Republicans reject resolution demanding DHS info on ZTE

Fearing that President Trump would "go easy" on ZTE, eschewing a recently imposed ban and lifting sanctions, House Committee on Homeland Security Democrats had wanted to tap DHS for information related to the the Chinese telecom company.

Reports: U.S. must step up efforts to cultivate cyber workforce, as talent shortage persists

Efforts within the U.S. to grow its public- and private-sector cybersecurity workforce and overcome the current talent shortage in this space are in need of "immediate and sustained improvements," according to a newly issued government report.

Apple discloses new protections against snoopy apps and websites at WWDC event

Apple's newest enhancements to its Safari browser will inhibit websites and apps -- including Facebook -- from using cookies and fingerprinting techniques to track users across the internet.

Australian bank mistakenly sent data on 10K customers to wrong domain

The bank investigated the incident, which occurred last year, finding that 651 internal emails were sent to cba.com instead of cba.com.au.

Apple releases security updates for macOS, tvOS, iOS and more

Apple released security updates for macOS High Sierra, Sierra, El Capitan, Safari, Windows iCloud, Safari and other Appel operating systems.

Facebook defends sharing user data with mobile OEMs

Facebook is defending its privacy practices again after a report that the social media giant entered into agreements over the last decade to share user data with at least 60 mobile device manufacturers, in an effort to make its services available to device owners via integrated APIs.

Companies still finding cybersecurity problems following M&A purchases, says report

Fifty-eight percent out of 100 senior health care executives whose companies were involved in a recent merger or acquisition said in a new survey that their particular organization uncovered a cybersecurity problem with its newly annexed business after the deal was already consummated.

North Korea who met with Pompeo was spy chief behind Sony hack

Vice Chairman Kim Yong Chol is credited with building North Korea's hacker army.

Mobile users ignore shady app permissions at their own risk, warns NY State Cyber Command

Mobile users who download untrustworthy apps on their phone often agree to dangerous permissions requests that give attackers essentially unfettered access to their devices' data and functions -- as demonstrated yesterday by two New York State Cyber Command employees at SC Media's RiskSec NY 2018 conference.

Wide open Apache Airflow server at Universal Music Group contractor exposes FTP, SQL, AWS credentials

Researchers at the Kromtech Security Center, who discovered the unprotected server, said that because Airflow is wide open by default, organizations need to take steps to safeguard servers.

Supermarket retailer CISO identifies millennials, sales and marketing pros as riskiest employees

Supermarket giant Ahold Delhaize has determined that the employees who engage in the riskiest cyber behavior tend to be sales and marketing professionals, high-level executives and millennials, according to the company's global CISO Carolyn Schreiber.

Major vulnerabilities in the EOS blockchain may push back Mainnet launch

Major vulnerabilities in the EOS blockchain and smart contracts platform may push back the Mainnet launch scheduled for June 2.