Network Security News, Articles and Updates

'Unrelenting' rise in vulnerabilities, Risk Based Security reports

We are on track for another record-breaking year in the pace of vulnerability disclosures, said a new report from Risk Based Security.

Survey: U.S. execs bearish on 2018 cybersecurity spending, despite increase in threats

Only 49 percent of surveyed U.S. executives expect to spend more on cybersecurity in a year's time, despite a 56-percent majority expecting the number of data breach attempts to rise in 2018, according to a new research study.

Samba patches remote code execution bug that researchers warn could have worldwide impact

The developers of the Samba suite of SMB/CFIS-based interoperability applications for *NIX machines issued an important patch on Wednesday, following the discovery of a remote code execution vulnerability.

Report: Defcon 2017 to feature election hacking exhibition

The 2017 DEFCON conference will feature an exhibition area decided to hacking voting machines, according to a report Tuesday by Politico.

Trump budget bumps up DHS budget for cybersecurity, proposes cuts for other agencies

A budget blueprint issued by the White House sees DHS sharing more information on cyber incidents with other federal agencies and the private sector.

FTSE 100 could face billions in fines for GDPR non-compliance

New research has shown what the true cost of non-compliance could be for large companies under the GDPR.

Netherlands nearly up to speed in cyber-security, says readiness report

The Netherlands has made great strides in implementing its cyber-security strategy, says latest CRI report, but still needs to address issues with funding and decision-making.

Trump cyber policy taking shape

Cybersecurity staff and policy are slowly developing under the Trump administration. Will the new cyberarsenal match the tweeting rhetoric. Larry Jaffee enquires.

Passwords may become passé in India

The Data Security Council of India (DSCI) is joining the movement away from using passwords as a security measure and will look to develop new authentication methods best suited for that nation.

Hacked in Translation, researchers discover subtitle takeover attack

Check Point researchers developed a proof of concept attack vector which can take over a user's device by exploiting how subtitles are loaded by the user's media player.

Patched Verizon Messaging XSS bug allows for complete takeover of service

In a personal blog post published on Sunday, a security researcher provided details into a cross-site scripting vulnerability he discovered in the Verizon Messages SMS texting service, which was patched late in 2016.

CISO salaries may soon hit £1 million - but few qualified for top roles

New research has shown the staggering needs and rewards for qualified CISOs, reflected in their ever spiralling salaries....

Federal insider threats still not properly addressed despite progress

Federal agencies are setting up more formal insider threat prevention programs at a much higher rate but few have seen progress as a result.

Goddess of cyberwar: Athena CIA tool subject of latest WikiLeaks Vault 7 dump

WikiLeaks on Friday published materials related to a malware implant called Athena, which enables remote beacon and loader capabilities on targeted computers running on Microsoft Windows versions XP through 10.

ACLU files FOIA request to see how ICE uses cell phone trackers

A search warrant obtained by ICE authorized use of a Stingray device to track an immigrant.

Orgs overwhelmed by vulnerabilities, alerts, report says

Some of the pressure came from having smaller budgets and teams, though the research found that "having a lot of money is not always a good thing."

Lawmakers in Germany push for encryption-busting trojan in lead up to election

With a federal election scheduled for September, government officials in Germany are pressing for expanded hacking powers be granted to law enforcement agencies.

Target breach settlement payout held up by lone consumer

Although Target agreed to compensate consumers affected in its 2013 data breach from a pool of $10 million, a lone consumer is halting payouts.

Joomla 3.7.1 patches critical SQL injection flaw

Securi researchers spotted a critical SQL injection vulnerability in Joomla! 3.7.0 which could easily be exploited.

Poor cybersecurity spotted at Mar-a-Lago, other popular Trump retreats

Researchers spotted three weakly encrypted Wi-Fi networks and two open Wi-Fi networks stemming from Mar-a-Lago.

FCC votes to rollback net neutrality regs

The vote, which had been anticipated and hotly debated, was cast along party lines.

U.S. and Europe more prepared for fast-approaching GDPR than the U.K.

Despite the General Data Protection Regulation (GDPR) coming into effect 12 months from now, the majority of European and US businesses are still inadequately prepared and at risk of incurring costly non-compliance fines.

Pair of Artifex MuPDF memory corruption vulnerabilities patched

If exploited, both could lead to arbitrary code executive, the company reported.

3,500 affected in Coney Island hospital data breach

A data breach at NYC Health + Hospitals/Coney Island hospital may have compromised the information of nearly 3,500 patients.

Apple releases iOS 10.3.2 patches, macOS updates

Apple released a host of security patches including iOS 10.3.2 patches which patches nearly nearly two dozen security fixes.

Cybersecurity consciousness in the C-suite

Enterprises are better protected from repercussions of a breach with a board that's knowledgeable about security and which makes sure a comprehensive set of security policies are in place, reports Greg Masters.

Mixed response from IT security pros following release of Cybersecurity Executive Order

The president's executive order on cybersecurity has drawn immediate, if mixed reactions, from cybersecurity pros who either praise it for providing much-needed guidance or criticize it for falling short.