Network Security News, Articles and Updates

Former CIA chiefs rally behind Brennan after Trump revokes security clearance

The former CIA directors said clearances should be revoked for security reasons, not political differences.

Report: Many more states installing network intrusion sensors into election infrastructure since 2016

As of Aug. 7, 36 out of 50 U.S. states have implemented a specific brand of network monitoring sensor solution within their election infrastructures in order to help quash cyberattacks against elections and voters, Reuters has reported today, citing multiple government cybersecurity experts.

President signs NIST Small Business Cybersecurity Act into law

A year and nearly four months after the measure was introduced, the NIST Small Business Cybersecurity Act officially passed after President Donald Trump signed the legislation into law.

Georgia voter records exposure raises election security concerns

With the midterms approaching, election systems are in need of greater safeguards, security pros said.

50.5 million Sungy Mobile customers exposed through open ports

Chinese app maker Sungy Mobile may have exposed the information of more than 50.5 million of its customers, according to researchers who were able to access dozens of the company's databases through a pair of IP addresses that did not require any login credentials.

Def Con presenter: 'Synthetic clicks' exploit can help attackers install malware on Macs

A presentation at Def Con 2018 last week revealed an unpatched vulnerability in macOS devices that can allow malware to bypass certain security checks using a technique that fakes user mouse clicks.

Patch Tuesday August 2018: Adobe mends two critical bugs in Acrobat and Reader

Adobe today issued patched updates for Acrobat and Reader, Flash Player, Experience Manager, and the Cloud Desktop Application, collectively fixing 11 vulnerabilities, two of them critical.

Caesars' Palace security room checks rattle Def Con attendees, conference SecOps head offers resignation

Def Con attendees complained the Las Vegas hotel violated their privacy and made them feel unsafe by spotchecking the room of guests who've rejected housekeeping services.

Omarosa recording her firing in Situation Room raises security concerns

Omarosa's firing occurred a month before the White House banned staffers from using their personal cellphones.

FBI cans Strzok over anti-Trump texts

While the FBI's disciplinary office had recommended Strzok be demoted and suspended for 90 days, his lawyer said, FBI Deputy Director David Bowdich booted him from the bureau.

GoDaddy configuration info exposed on open S3 bucket created by Amazon employee

GoDaddy with its 17.5 million customers and 76 million domain names, "is a critical part of internet infrastructure, and their cloud utilization operates at one of the largest scales in existence," UpGuard researchers said.

DHS-backed researchers spot serious vulnerabilities built into phones used by all major U.S. carriers

Kryptowire researchers funded by the Department of Homeland Security spotted vulnerabilities built into phones at all major U.S. carriers.

Black Hat USA 2018: Car hackers Miller and Valasek now using their skills for good

The old phrase that it's hard to teach an old dog new tricks may not be as accurate as one might have thought, as the notorious car hackers Charlie Miller and Chris Valasek gave a talk this week at Black Hat 2018 about how to properly secure autonomous vehicles from cyberattacks.

Black Hat 2018: Retaining and promoting women cybersecurity staffers

A great deal of time and effort is dedicated to trying to boost the number of women in cybersecurity, but not enough is placed on retaining and promoting the women already in the field, said Ashley Holtz of NBC Universal.

VMware repairs out-of-bounds read bug in three Horizon products

VMware this week updated its Horizon 6, Horizon 7 and Horizon Client for Windows solutions to fix an important out-of-bounds read vulnerability in the Message Framework library.

Black Hat USA 2018: Google, Microsoft and Red Hat dish on the Meltdown/Spectre backstory

Some of the biggest players who worked behind the scenes during the run-up to the Jan. 3 disclosure of Meltdown and Spectre came together at Black Hat 2018 to discuss what their companies, and others, did after the vulnerabilities first became known.

Hackers could spoof WhatsApp messages, sender names

Hackers could exploit the very things -- encryption and digital certificates -- that ensure privacy and provide authentication between devices, apps, and clouds.

Black Hat USA 2018: Google's Tabriz calls for more collaboration in Black Hat keynote

Google's Director of Engineering Parisa Tabriz kicked off Black Hat 2018 with a wide-ranging keynote address this morning at the Mandalay Bay Events Center, calling the industry's current approach to cybersecurity insufficient.

Cybercriminals waste no time breaking into experimental honeypot designed to look like ICS environment

A research honeypot set up to look like an electric company's power transmission substation network was compromised by a dark web hacker within two days of it going online.

Health care software OpenEMR patched after discovery of bugs threatening patient records

A team of researchers yesterday disclosed 22 vulnerabilities in OpenEMR, a widely used medical practice management software program that supports electronic medical records, including a portal authentication bypass flaw that could have allowed users to access random patient records.

Black Hat USA 2018: IBM researchers developed AI powered malware to demonstrate future threat models

IBM researchers at Black Hat USA 2018 announced their development of DeepLocker, described as a highly targeted and evasive attack tool powered by AI.

Mozilla patches critical Thunderbird bugs that can cause exploitable crashes

The Mozilla Foundation has released the latest version of its Thunderbird email client, fixing 14 security vulnerabilities along the way, including five critical ones, three of which can result in a potentially exploitable crash.

Defense Dept. bans GPS devices, citing security concerns

The proliferation of devices and their widespread use could put military operations and agency personnel at risk globally.

MongoDB database exposes more than 2 million Mexican patients

A MongoDB database containing the health care information of more than 2 million patients in Mexico was left exposed revealing sensitive patient information.

Salesforce API error left data accessible

The error presents the potential for data exposure and compliance failures, depending on what data was exposed,