Network Security | SC Media

Network Security

Google adds to Baltimore’s ransomware woes

A recent attempt by Baltimore government officials to create a workaround that would allow them to email while the city recovers from a ransomware attack was temporarily stymied by Google. Baltimore staffers had started to create Google Gmail accounts as a temporary replacement communication system. However, Google’s automatic security apparatus shut down the accounts as…

Mozilla fires up another Firefox update, patching 24 vulnerabilities

The Mozilla Foundation yesterday issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set…

Slack logo

Slack patches flaw that could allow attackers to hijack downloaded documents

The developers of the work collaboration app Slack have issued a security update for its desktop client following the discovery of a medium-severity download hijack vulnerability that could let attackers modify the location where downloaded files are stored. Malicious actors could exploit the flaw to steal and spy on users’ documents by uploading them to…

‘Thrangrycat’ flaw in millions of Cisco devices could enable ‘Secure Boot’ bypass

Millions of Cisco devices used by corporate, government and military networks contain a logic vulnerability in their Secure Boot process that could allow local, authenticated actors to bypass and disable critical functionality in the Trust Anchor hardware module (TAm) – the bedrock upon which all other trusted computing mechanisms within the devices are built. The hardware…

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

NVIDIA update fixes three vulnerabilities in GPU Display Driver

Graphics chip manufacturer NVIDIA last week released a security software update for its GPU Display Driver, fixing three vulnerabilities that, if left untreated, could result in denial of service, escalation of privileges, code execution or information disclosure. The most serious of the three bugs is CVE-2019-5675, a high-severity flaw in the kernel mode layer handler…

Cisco tackles critical vulnerability in switch software, 41 other bugs

Cisco Systems issued a series of security updates on Wednesday, addressing 42 vulnerabilities, including one critical bug found in the Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software. Designated CVE-2019-1804, the critical flaw could potentially allow an authenticated remote attacker to gain root user privileges on an affected system. Cisco Nexus 9000 Series…

VPN Endgame

Choosing a virtual private network (VPN) can be difficult. Besides selecting a VPN provider, users must also choose between a paid VPN or a free VPN, among other factors. Simply picking a seemingly “free” VPN can have consequences ranging from having information logged and sold to advertisers, which may defeat the purpose of using a…

Slack logo

Slack warns investors of future cybersecurity risks

Cloud-based work collaboration tool provider Slack warned investors of the risks posed by organized cybercrime and nation-state threat actors in a filing with the SEC. The company warned that threats from these organizations including advanced persistent threat intrusions are a strong possibility considering that more than 600,000 organizations use the platform making it a prime…

GitHub hosted Magecart skimmer used against e-commerce sites

Cybercriminals are harvesting personal information including payment card details in what Malwarebytes researcher Jerome Segura described as “the online equivalent of ATM card skimming.” Threat actors are hosting Magecart skimmers on GitHug in attacks to steal data from hundreds of e-commerce sites. While skimming code is normally stored on infrastructure controlled by the attackers, researchers…

Next post in Cybercrime