Network Security News, Articles and Updates

The Big 5: 5 tips to help you with your GDPR plan

The General Data Protection Regulation (GDPR) will transform data privacy rules across Europe.

(ISC)² delivers recommendations to President Trump

As the 100th day of the Trump Administration arrives next week, (ISC)2 offered a series of recommendations to President Trump to advocate for the cybersecurity workforce.

Workaround created to defeat Microsoft Win 7, 8 security patch block

A Github user has published an open-source workaround that supposedly circumvents Microsoft's new block on receiving security updates for systems running Windows 7 or 8.1 on a PC powered by a sixth-generation processor.

1B possibly affected by 'Ring-Road' email account protocol flaw, report

A vulnerability in email accounts that could enable hackers to determine the number of characters being used in passwords has been detected.

NICC releases guidance for secure implementation and use of SIP ALG

Guidance has been produced by NICC for the use and secure implementation of SIP (Session Initiation Protocol) ALG (Application Layer Gateways).

CREST/IISP Con: We have tools to fix it so why's the internet still broken?

Malicious hackers are taking advantage of broken internet infrastructure that could be fixed, said NCSC technical director Ian Levy in his keynote speech yesterday at CRESTCon & IISP Congress 2017.

Information Commissioner notes confusion over 'Consent' in GDPR

The UK's data protection watchdog has noted a great deal of confusion around the concept of 'Consent' drawn out in landmark European regulation set to hit Britain's shores next year.

Cybersecurity firm exposed non-anonymized hospital data in demos

Cybersecurity startup Tanium is in hot water after exposing California Hospital network data during live product demonstrations and online videos.

Data siphoned via Bose wireless headphones constitutes wiretapping, lawsuit charges

Bose, the audio equipment manufacturer, was sued in a federal court in Chicago earlier this week for selling user data without permission.

Updated Microsoft Authenticator simplifies secure log-ins on Android, iOS phones

A new, simplified two-factor verification sign-in feature for phones that eliminates the need for passwords or one-time code entries is now officially available for Microsoft account-holders.

US Regulator orders security companies to stop misrepresenting themselves

A US consumer protection regulator has ordered three security companies to stop misrepresenting themselves as participants in a major US-Asia privacy agreement.

CERT/CC issues vulnerability advisory for 'Equation Group' exploit targeting IBM Lotus Domino

The CERT Coordination Center has issued an advisory for a vulnerability in IBM Domino servers that has apparently been exploited by a technique referenced in the Shadow Brokers' latest unauthorized release of alleged NSA hacking tools.

Cylance denies providing fake malware samples

Security firm Cylance Tuesday disputed accusations that it used fake malware that only its Protect product could detect to gain more favorable results over competitors during testing.

VMware security update patches RCE flaw

VMware released security updates to contend with a vulnerability in vCenter Server.

Cultivating a cybersecurity-first corporate culture

After Sept. 11, New York City's Metropolitan Transportation Authority came up with a tagline intended to make citizens aware that each person is on the front line when it comes to defending the metropolis against another terror attack.

Microsoft: FISA orders seeking content up, global law enforcement requests for data down

On Thursday, Microsoft released its latest batch of semi-annual transparency reports, which revealed that global law enforcement legal requests for Microsoft user data decreased by more than 17 percent from 2015 to 2016, while U.S. FISA orders seeking content from the tech company jumped significantly in the first six months of 2016.

FDA warns Abbott on cybersecurity woes with St. Jude heart devices

In addition to a serious battery depletion problem, the FDA said Abbott hadn't incorporated recommendations into its cybersecurity risk assessment plan.

Fifth of five immigrants pleads guilty to fraud and ID theft charges

Following cyberattacks on U.S. companies, the fifth and final defendant in a gang of immigrants from Eastern Europe pleaded guilty to federal fraud charges related to using credit and debit cards.

GCHQ first to spot suspicious interactions between Trump affiliates, Russians

Multiple intelligence agencies in the West shared information on interactions between members of Trump's team and Russian operatives.

WikiLeaks hostile intel agency with Russian ties, Pompeo

In contrast to earlier remarks by Donald Trump's, CIA Director Mike Pompeo Thursday called WikiLeaks, a "hostile intelligence agency" with ties to Russia.

Parliamentary committee proposes unit to combat 'election hacking'

A parliamentary committee has proposed a monitoring unit in order to ward off the threat of foreign powers trying to influence UK election.

Hackers attacking WordPress sites via home routers

hackers are launching coordinated brute-force attacks on the administration panels of WordPress sites via unsecured home routers.

Side-channel attack technique steals PINs by analyzing smart device sensor readings

Researchers in the UK have uncovered a technique for malicious websites to spy on smart device owners and even decipher their screen touches and PIN number entries by secretly monitoring their devices' sensor data.

Data on 918K seniors exposed on diabetes site

A database containing personal information of 918K seniors seeking discounts on diabetes supplies was exposed online for months.

Survey: Americans overwhelmingly disapprove of ISPs sharing data without consent

In a recent poll of more than 1,200 Americans, 92 percent agreed that Internet providers should not be allowed to monitor their activity online and sell that data to third parties without consent -- a strong indictment of Senate Joint Resolution 34, which lifted FCC restrictions that would have prevented ISPs from engaging in this practice.