Network Security News, Articles and Updates

Two RCE, four DoS flaws found in FreeRDP

"The open source nature of the FreeRDP library means that it is integrated into many commercial remote desktop protocol applications," Talos researchers wrote in a blog post.

Sweden transport agency slips up, leaks top secret data

The leak exposed classified databases, including those on fighter pilots, police suspects and witness relocation subjects, but the Swedish government kept it mostly under wraps.

The rise of the cyber guru - the new must-have for the rich and famous

As high net worth individuals and celebrities find their personal data under attack, so the rise of cyber-advisors to the rich and famous have begun to make an appearance.

Apple iOS patches Wi-Fi remote memory corruption bug

A researcher spotted an iOS memory corruption vulnerability which could allow an attacker to seize control of a user's device.

Election integrity commission holds first meeting amid privacy, security, suppression concerns

Opponents assailed the commission's current mission, saying that resources instead should be put where they are most needed - to safeguard against cyberattacks by nation-states and modernize voting technology.

Killing video game characters enables remote code execution in Valve games

Video game developer Valve Corporation recently created a patch to fix a buffer overflow vulnerability in its Source SDK library that can allow for remote code execution on client and server devices.

State Department reorganization to shutter cyber office, lower priority

The office's coordinator, who currently reports to Secretary of State Rex Tillerson, will move down the command chain, Bloomberg reported, citing two sources who wished to remain anonymous.

Devil's Ivy bug patched after found in toolkit potentially used by millions of IoT devices

Researchers investigating a vulnerability in security cameras from Axis Communications ended up uncovering a far more wide-ranging threat when they discovered the flaw actually lies within a toolkit used by myriad IoT product developers.

Oracle patches 308 bugs, including high-risk arbitrary download flaw in E-Business Suite

Oracle has issued a critical patch update for July 2017, fixing 308 vulnerabilities across its product line.

FBI PSA says connected toys may present privacy risks to children

The agency encourages parents to do their due diligence into the cybersecurity of toys that connect to the internet both directly through Wi-Fi and indirectly via Bluetooth to a mobile device connected to the internet.

UPDATE: Wyden pushes DHS to adopt DMARC

The standard, which is not yet widely adopted by the federal government, including DHS, "would make it significantly harder for fraudsters and foreign governments to impersonate" agencies, Wyden wrote in a letter.

Millions of Dow Jones customer records exposed due an internal error

A misconfigured database on an Amazon S3 server may have exposed the data of between two and four million Dow Jones & Co. customers, a report on the incident stated.

Major cloud service cyberattack could cost global economy $53 billion

Insurance companies could be underestimating the potential devastation major cyber-attacks may cause.

Cisco patches critical remote code execution flaw in WebEx browser extensions

Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

Elon Musk: biggest concern for autonomous vehicles is fleet hack

As automakers rush to bring autonomous vehicles to market, white hats continue to find vulnerabilities that could be exploited remotely.

White House reveals contact info on voters concerned about privacy

The Presidential Advisory Commission on Election Integrity, led by Vice Chairman Kris Kobach, Kansas Secretary of State, had invited comments on its probe of voter fraud, in which the commission had requested a wide range of voter data from all 50 states.

Congressional Black Caucus bill try would thwart election integrity commission

Opponents of the commission fear the data gathered will be used to suppress votes. Sen. Cory Booker, D-N.J., one of the lawmakers who introduced the bill, vowed the U.S. would not go backwards.

Thousands of hosts still vulnerable to EternalBlue after WannaCry attacks

Researchers found just two weeks after the EternalBlue exploit was used in the WannaCry ransomware attack that 60,000 hosts are still vulnerable.

Uber patches authentication bypass flaw

Uber recently patched an authentication bypass vulnerability on its custom single sign-on solution.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Cybersecurity concerns may stop 59 million Americans from voting in 2018

The non-stop news pounding American voters surrounding cybersecurity and the United States electoral system is having a major impact with 45 percent believing the upcoming midterm election will be influenced by a cyberattack.

Election commission halts data collection

The Presidential Advisory Commission on Election Integrity took to the court Monday, saying it will wait until a judge addresses the EPIC request for a temporary restraining order.

Survey: Infosec professionals work long shifts, yet feel rewarded

In a recent survey of 360 infosec professionals, 57 percent of respondents said that they work on weekends, while 29 percent said they work at least ten hours a day.

House of Lords to report on post-Brexit GDPR, Germany first to enact GDPR

The GDPR klaxon rings: Germany becomes the first country to pass the GDPR through its legislative process, as Lords in the UK release a report on what post-Brexit GDPR will look like.

Breached companies underperform on NASDAQ, study

A recent study found breaches also temporarily hurt a company's stock market status as well.

Jayden K Smith Facebook friend request won't result in hack

A hoax warning is circulating Facebook urging users to decline a friend request from alleged hacker Jayden K Smith.

Facebook, Twitter and Microsoft pushing back against gov surveillance gag orders

Facebook, Twitter and Microsoft among other tech firms are engaging in legal battles concerning imposed government surveillance gag orders.

Pentagon to encrypt soldiers' email

Keeping soldiers' email out of the hands of enemies has long been a concern, but the Pentagon has been slow to use the readily available encryption tool for its internal mail service which serves 4.5 million users.