Network Security News, Articles and Updates

Avast execs explain CCleaner cyberattack

Avast executives today attempted clarify and mitigate the public relations damage done when its CCleaner computer maintenance app was discovered to have exposed 2 million users by saying the malware was likely injected prior to Avast's purchase of CCleaner and that to their knowledge no harm came to anyone.

Researchers show how attackers can exploit SS7 exploits to drain Coinbase accounts

Researchers used long-standing vulnerabilities in the Signalling System No. 7 (SS7) telecom network protocol to gain access to and steal from a test account that they recently registered on the Coinbase bitcoin exchange platform.

Cuomo orders new regs to protect New Yorkers from Equifax breach

Financial Services Superintendent Maria T. Vullo had already issued guidance to help licensed financial institutions act to protect consumers affected by the Equifax breach.

Reporter listens in as Trump attorneys discuss Russian probe in D.C. restaurant

The two were discussing Jared Kushner, the controversial meeting at Trump Tower between Donald Trump, Jr. and a Russian lawyer, and White House counsel Donald F. McGahn.

New technique can manipulate encrypted Fitbit data

Fitbit devices are prone to vulnerabilities which could enable an attacker to access personal information and even create false activity records.

Report: Without safeguards, Internet and IoT may create surveillance states in near future

A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.

Motel 6 to revamp privacy, data sharing policies after Phoenix locations send guest info to ICE

Every morning like clockwork, Motel 6 employees at two Phoenix locations would audit guest records and send the information to immigration officials.

600,000 Alaskan voters' data left exposed

Kromtech Security Center researchers discovered an unsecured U.S. voter database was exposed to the public internet due to a misconfiguration of CouchDB instance.

The hidden danger of cryptocurrency mining in the enterprise

New research has revealed that cryptocurrency mining software has already infected at least 1.65 million endpoints this year. Should the enterprise be worried?

Medfusion 4000 Wireless Syringe Infusion Pump can be exploited to compromise operations

Until a new version of Smiths Medical's Medfusion 4000 Wireless Syringe Infusion Pump is issued in January 2018, its operators should be wary of eight vulnerabilities that can be remotely exploited to gain access to the device and compromise its functionality.

Harvard withdraws Manning fellowship after CIA chiefs protest

Morell took issue with Manning's release of classified information, subsequently published by WikiLeaks, which he said put members of the military in harm's way.

Mnuchin hails FIDO authentication standards

Treasury Secretary Steve Mnuchin told Federal Identity Forum & Exposition attendees that solving identity is key to banking and financial.

Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure

The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.

Cornell Tech campus opens on Roosevelt Island

The campus, which broke ground in 2015, is the result of Cornell Tech's win of the Applied Sciences Competition under the administration of former New York City Mayor Mike Bloomberg.

Study finds more than third of global orgs unsure if GDPR compliant

A recent study found 37 percent of global organizations are unsure if they need to comply with the EU's GDPR standards.

Apple iPhone X swaps Touch ID for 'Face ID' facial recognition unlock

Apple is swapping fingerprint verification for face recognition software in the newly revealed iPhone X, a move the company says is more secure.

Multiple Cisco products vulnerable to remote code execution due to Apache Struts bugs

Cisco Systems has issued a pair of advisories warning users that several of its products have been affected by vulnerabilities recently discovered in the Apache Struts 2 open-source web application framework.

Energy Dept. to invest up to $50M in infrastructure cybersecurity, resilience

The awards for 20 cybersecurity projects, including next-generation attack-resilient electricity distribution systems and malware operational mitigation are to improve reliability and strength of the electric grid and oil and gas infrastructure

Staffer with access to Ted Cruz's Twitter responsible for porn 'like'

The post, which was up only briefly, raised speculation that the senator had been hacked.

Samsung announces bug bounty for devices and services

Samsung is joining the ranks of Apple and other competitors and looking to boost the security of their platforms with the launch of its own bug bounty program.

Apple iOS 11 makes it harder for law enforcement to access data

Apple appears to have not buried the hatchet with law enforcement and is doubling down on its privacy beliefs with the latest iOS 11.

Microsoft won't patch Edge bypass vulnerability

Microsoft will not patch a security bypass vulnerability in Edge which could allow the disclosure of confidential information.

Google releases Stable Channel Update for Chrome

Google released a Stable Channel Update for Chrome desktop which included 22 security patches including six high rated bugs.

Self Drive Act looks to bring secure connected cars to road sooner

The U.S. House of Representatives Wednesday passed the first major legislation to speed up the rollout of self-driving cars with the passing of the Self Drive Act

Lenovo settles privacy charges with FTC, 32 states

The VisualDiscovery software created "serious security vulnerabilities" for those laptop users because it served as a man in the middle between and even encrypted websites.