Network Security News, Articles and Updates

Interpol warns IoT devices at risk

Interpol recently drew 43 investigators and digital forensics pros from 23 countries together for its Digital Security Challenge - one in which a cyberattack is launched from a hacked IoT device, a webcam.

uTorrent apps found vulnerable to remote code execution, information disclosure

The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps after Google Project Zero researcher Tavis Ormandy found critical vulnerabilities that can result in remote code execution and information disclosure upon visiting malicious websites.

Companies still sacrificing security for expediency, study

Companies are sacrificing security for expediency and intentionally putting speed and profits before mobile security.

Researcher: Microsoft Word feature can be exploited to display videos that mine cryptocurrency

Malicious actors can abuse Microsoft Word's Online Video feature to deliver videos that secretly exhaust their viewers' computer processing power in order to mine cryptocurrencies, according to Israeli cybersecurity firm Votiro.

Apple patches 'Text Bomb' bug that causes system crashes

Apple just released a patch to fix its crash bug that allowed specially crafted messages to disable access iMessages and other messaging apps.

Exclusive: Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers

Security researchers say they discovered several vulnerabilities and security lapses in Kaspersky Lab's my.kaspersky.com web portal earlier this month, adding that the flaws exposed users to potential session hijackings and account takeovers.

House Dems push for $1B in grants to secure election systems, introduce legislation

A 56-page report from the Congressional Task Force on Election Security and introduced legislation the steps aimed at sewing up holes in U.S. election systems.

Assessment: Security posture of U.S. government contractors inferior to federal agencies using them

An independent risk assessment conducted this month found that the security posture of U.S. government contractors was markedly worse than the federal agencies that use these third-party services, suggesting contractors must raise their game and bridge the gap.

Hack the Air Force 2.0 hands out largest single bounty, yields 106 vulnerabilities

The second Air Force bug bounty initiative handed out $103,883 total over a 20-day period, kicking off with 24 hackers along with government personnel participating in a live challenge in the New York City subway system in December.

Massive code rewrite may be required to patch Skype vulnerability

Skype is reportedly refusing to patch a security vulnerability in its updater process which could allow an attacker to gain system level privileges on a vulnerable computer.

Story behind how low-level Apple employee leaked iBoot source code

The story behind the Apple iOS 9 source code leak played out much like a horror movie in which a close-knit group of friends steal something for a good time only to open Pandora's Box.

Adobe Patch Tuesday patches issues in Acrobat, Reader and Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Mac.

Cyber a top priority, Russia will flex its muscle in 2018 midterms, intel chiefs tell Senate

Russia's actions are part of a dangerous trend as cyber grows to a "top priority" security threat, lawmakers and members of the intelligence community said at the annual Senate Intelligence Committee World Threats hearing.

Google will label all HTTP sites 'not secure' starting in July 2018

Google said that beginning in July 2018 with the release of Chrome 68, the browser will begin marking the sites as part of its move toward a more secure web by strongly advocating that sites adopt HTTPS encryption

Trump nixes declassification of Dem memo rebutting FBI FISA abuse

White House lawyer Don McGahn said the memo contains classified information.

Cisco updates router firmware to prevent remote code execution and denial of service attacks

Cisco Systems on Wednesday issued 20 security updates, notably patching a critical vulnerability in two router products that could resulted in remote code execution or a denial of service condition.

Uber CISO to Congress: data breach extortion payment wasn't a true bug bounty

Testifying before members of Congress on Tuesday, Uber Technologies CISO John Flynn acknowledged that his company acted irresponsibly by waiting a full year before disclosing the breach of a third-party database containing information on 57 million customers and drivers.

Amazon to fix security issue for Key after researcher claims hack

Amazon is issuing a security patch for its Key services shortly after a researchers posted a video demonstration of them claiming to hack the Amazon device.

Every NHS trust failing on patching, officials admit

In an astonishing admission, Department of Health (DoH) officials have admitted that every single NHS trust in the UK has failed to meet cyber-security standards.

Vermont state repair bill could leave equipment vulnerable to cybersecurity attacks

The Vermont Fair Repair Act would require equipment makers to share their source code with independent repair technicians.

Cisco takes a second crack at fixing critical ASA bug

Cisco Systems on Monday released a second fix for a critical vulnerability in the XML parser of its Adaptive Security Appliance (ASA) after finding additional attack vendors and learning that its previous repair job was insufficient.

Study claims most businesses lack cyber expertise to prevent attacks

The majority of businesses lack cybersecurity expertise to prevent cyberattacks and protect customers, according to a recent study.

Misconfigured Amazon Web Services bucket exposes 12,000 social media influencers

Another misconfigured Amazon Web Services S3 cloud storage bucket has been left insecure this time exposing the sensitive data of 12,000 social media influencers.

Congressional Committee threatens DHS with subpoena over Kaspersky documents

U.S. Rep. Lamar Smith threatened to subpoena the DHS for documents related to the federal government's Kaspersky purge.

Gas station software flaws offer cheap gas, admin rights, and more

A pair of researchers discovered vulnerabilities in an automated gas station management system that allowed them to alter fuel prices among other things.