Network Security News, Articles and Updates

Facebook tool will let users view Russian-placed pages, Instagram accounts

Rocked by accusations that it helped a Russian propaganda campaign designed to sow division in the U.S. and influence the presidential election, Facebook has attempted to make amends.

Discount deception: AliExpress patches fake coupon vulnerability

Online retailer AliExpress fixed a vulnerability in its online shopping portal last October after researchers discovered a way to inject a fake coupon designed to phish sensitive information from those who receive it.

Symantec patches certificate spoofing flaw in Install Norton product

Symantec patched a certificate spoofing vulnerability in its Install Norton Security product that occurs when downloading Norton for Mac

Intel security advisory, patches elevation of privilege exploits

Intel researchers identified an elevation of privilege exploits in various product families which could enable a system crash or system instability, among other issues.

Two Democrats ask Appropriations Committee to give states $400M for election security

The duo asked the committee to apply the balance left from the 2002 Help America Vote Act to state election systems security and upgrades.

Symantec updates Management console product

Symantec released an update to its Management Console product to patch a vulnerability that can leave users susceptible to a directory traversal exploit.

Warrant orders Apple to turn over Texas shooter iPhone contents

The FBI had recently expressed frustration that investigators weren't able to reach protected data on Devin Patrick Kelley's phone, but Apple said it had offered to help out investigators.

Misconfigured Amazon S3 server leaks Australian Broadcasting Corporation

As misconfigured Amazon servers continue to leak sensitive data, Australian Broadcasting Corporation (ABC) is the latest culprit of administrators not properly securing their cloud servers.

Senators introduces USA Liberty Act of 2017

The USA Liberty Act of 2017 (S. 2158), which takes aim at government overreach under Section 702 of the Foreign Intelligence Surveillance Act (FISA), was introduced by Sen. Patrick Leahy, D-Vt., and Sen. Mike Lee, R-Utah.

Oracle issues emergency patch for JoltandBleed bug in Tuxedo middleware

Oracle Corporation issued an emergency patch on Tuesday, fixing critical vulnerabilities affecting the Jolt server within Oracle Tuxedo that could be exploited over a network with no valid username or password credentials.

Disclose or exploit? White House reveals process for flaw disclosure

The process is intended to improve transparency, represent the interests of a multitude of stakeholders, and establish accountability both of the process and its operators.

Cisco: Critical vulnerability in 12 types of Voice OS-based products

Cisco is warning users of a critical flaw in its Voice-OS which could allow an unauthenticated, remote hacker to gain elevated access to 12 types of its products.

Study: Organizations suffer critical and costly IT incidents five times a month

On average, organizations suffer a critical IT incident five times per month, with each one costing a mean of $141,628, according to a Quocirca/Splunk study. Another study, from Ponemon Research/Radware, found that 45 percent of 600 surveyed CISOs experienced a data breach in the last year.

Colorado implements Risk-Limiting Audit process to verify election results

Colorado is implementing a Risk-Limiting Audit Process to verify election results in hopes of building more confidence in the outcome of its elections.

DHS, FBI analyze North Korean Hidden Cobra, FallChill

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have officially revealed the IP addresses that the agencies say are used by the North Korean government to administer the RAT FallChill.

In historic decision, FISA court allows NSA surveillance transparency lawsuit to continue

The U.S. Foreign Intelligence Surveillance Court has ruled that there is sufficient standing to proceed with a lawsuit that could require the court to publicly reveal the justifications behind the NSA's electronic surveillance program.

Amazon takes steps to reduce S3 misconfiguration leaks

Amazon is taking action to combat the recent wave of its Amazon S3 server being left misconfigured subsequently exposing potentially sensitive data

Researchers create mask that defeats iPhone Face ID feature

Barely one week after the highly anticipated launch of Apple's new iPhone X, security researchers are claiming they were able to defeat its Face ID facial recognition security feature using a carefully crafted mask worth approximately $150.

TERA video game patched after report of RCE bug in chat feature

Game developer Bluehole, Inc. issued a hotfix for its popular title TERA this weekend, following the circulation of a report revealing that the MMORPG's HTML-based chat function could be abused to spread malware.

Former CISO: Knowledge of cyber should be requirement to join board of directors

A CISO carries many weighty responsibilities, but teaching cybersecurity to a company's board of directors in order to should not be one of them, according to Edward Amoroso, founder and CEO of cybersecurity advisory firm TAG Cyber LLC.

Sowbug APT uses Felismus backdoor to for cyberespionage operations

A previously unknown cyberespionage group called Sowbug has been found using the Felismus backdoor to spy on several South American and Pacific Rim national governments for the last several years.

Third-party contractor may have deactivated Trump's Twitter account

Twitter is investigating the incident but two sources told the New York Times the culprit is now believed to be a third party rather than an employee.

Facebook asks users to send nudes to prevent revenge porn

Facebook is asking users to submit their nudes in a preemptive strike to combat revenge porn.

Trump signs Cyber Crime Fighting Act to train up local and state law enforcement

The legislation authorizes the highly regarded National Computer Forensics Institute (NCFI) in Hoover, Ala., which has trained nearly 7,000 local officials from 50 states and three U.S. territories.

Bug in anti-malware defenses mistakenly blocks users' Google Docs files

Google issued a public apology on Thursday after a bug mistakenly caused its defenses against malware, phishing, and spam to block some users' access to Google Docs files.

Developers skeptical of app security, survey

Just under a third, or 31 percent, of respondents in a survey by NodeSource and Sqreen are confident that their code is free of vulnerabilities.

Another misconfigured Amazon S3 server leaks data of 50,000 Australian employees

Another misconfigured Amazon server has resulted in the exposure of 50,000 Australian Employees that were left unsecure by a third-party contractor.

Cisco patches 16 vulnerabilities to kick off November

Cisco Systems on Wednesday issued patches for 16 different product vulnerabilities, half of which are considered high impact in nature.