Network Security News, Articles and Updates

Study: Infections of industrial systems common, but few are targeted

Approximately 3,000 unique industrial sites per year are randomly infected with generic malware, while attacks involving malware specifically designed to target industrial control systems are far less common, according to a study.

Cisco issues patches for flaws stockpiled by CIA, exposed by WikiLeaks

Cisco has issued a critical advisory on a number of security updates to address vulnerabilities in more than 300 of its switch models, some of which were detailed in Vault7, a recent dump from WikiLeaks.

LastPass bug could allow hackers to steal passwords and execute code

Google researcher Tavis Ormandy finds more flaws in the LastPass password manager, one affecting the Google Chrome extension and another affecting version 3.3.2 of its Firefox add-on.

Cybersecurity made simple

In a world of ever-increasingly complex technologies, some experts advocate a move to simplify. Greg Masters reports.

Xbox Live, Azure among Micrsooft products knocked offline Tuesday

Microsoft and several other cloud-based services experienced outages and limited operations early Tuesday afternoon, according to reports from downdetector.com.

Flaw in McDonald's mobile app in India delivers not so tasty options

A flaw in a mobile app is leading to some unappetizing offerings for McDonald's customers in India.

Four indicted for breach of Yahoo, including Russian spies

Four men, including two Russian intelligence agents, have been indicted for the breach of Yahoo in late 2014, leading to the exposure of 500 million user accounts.

Overcoming the cyber-security skills gap: experience vs qualifications

When it comes to overcoming the cyber-security skills gap, experience has been shown to be more important than people getting degrees and certifications.

Cisco Vault 7 investigation reveals flaws in Cisco IOS and IOS XE

A Cisco internal investigation has discovered a vulnerability in the Cluster Management Protocol code for Cisco IOS and IOS XE that could lead to two remote execution issues on dozens of Cisco products running that software.

Windows to end Vista support in April 2017

Microsoft announced that it will be ending support for Windows Vista next month.

A White House apology? Nah. GCHQ response to Trump claim it aided wiretap: "Nonsense"

President Donald Trump's unsubstantiated claim that former President Obama ordered wiretaps of his offices in Trump Tower, received the latest in a series of rebuttals, this one from U.K.'s intelligence agency.

Adobe patches Flash Player, Shockwave vulnerabilities

Although Adobe has not observed exploitation of the vulnerabilities in the wild, the Flash Player update is considered priority one.

Cisco patches several tools

Cisco released patches to address vulnerabilities impacting several of its products.

Women represent just 7% of European cyber-security workforce

Proportion of female cyber-security workers in Europe among lowest in the world; while gender pay gap is the highest as female cyber-professionals earn approximately 15 percent less than men.

D-Link DIR-130 and DIR-330 routers vulnerable

The vulnerabilities to the D-Link DIR-130, firmware version 1.23, and DIR-330, firmware version 1.12 are covered under CVE-2017-3191 and CVE-2017- 3192.

Are 'bad bots' weaponising data centres to spread fake news?

As bad bots increasingly take up a greater share of internet traffic, are data centres providing the roads?

Becky Bace's passing hits cybersecurity community hard

Becky Bace, widely respected as a security technology expert, author and entrepreneur, passed away Tuesday.

Study shows ignorance of and critical need to secure important documents

There is a growing need to improve security practices of confidential documents that include information such as financial data, employee records, business contracts and intellectual property.

Researchers hack Fitbits and other IoT devices using sound

A group of researchers from the University of Michigan and the University of South Carolina were able to develop a series of attacks that manipulate devices using sound

CyberUK 2017: GCHQ director explains NCSC ethos in parting interview

Outgoing director of GCHQ, Robert Hannigan, tells the FT's Lionel Barber about the genesis of the National Cyber Security Centre and what he hopes it will achieve.

WhatsApp, Telegram users susceptible to hack, Check Point

Researchers have uncovered what they term a "severe vulnerability" in WhatsApp and Telegram, two enormously popular apps that use end-to-end encryption enabling users to communicate privately.

Brexit won't thwart GDPR prep, IAPP finds

To prepare for GDPR, two-thirds of the U.K. organizations surveyed said they were developing new internal privacy accountability frameworks while 58 percent are ponying up budget dollars to train their staffs and employees in privacy matters.

Facebook, Instagram prohibit firms from using platform for surveillance

Facebook and Instagram Monday announced that the social media platforms have updated their privacy policies again.

Charities increasingly a target for cyberthieves

Cybercriminals are increasingly targeting charities, according to an information security expert speaking at a conference in England last week.

Autonomous warfare: Call of Duty meets Pokemon Go?

Pentagon Strategic Capabilities Office Director Will Roper envisions the future of autonomous warfare looking like Pokemon Go.

NSA hacker Joyce will be White House Cyber Czar, reports say

Rob Joyce has headed up the National Security Agency's Tailored Access Operations group since 2013.

Adobe researcher spots JSON Web Encryption vulnerability

An Adobe security researcher is recommending that those using JSON Web Encryption to update to the latest version to be secure from a critical vulnerability that was spotted.