Network Security | SC Media

Network Security

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Report reveals struggles of SMBs navigating cyber threat landscape

By

A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…

IT pros dubious of government officials’ cyber knowledge

By

A newly released survey of 515 IT security professionals is giving government officials a no-confidence vote in terms of their ability to understand digital threats, practice cyber hygiene and legislate encryption policies. Conducted during last August’s 2018 Black Hat cybersecurity conference by researchers at Venafi, the survey found that 63 percent of respondents believe government…

Facebook reportedly fixes search bug that could have threatened user privacy

By

Facebook earlier this year reportedly patched a vulnerability in its search page that could have allowed enterprising attackers to perform reconnaissance on certain users. In a company blog post today, Imperva security researcher Ron Masas wrote that Facebook fixed the issue shortly after he discovered the flaw back in May. Masas reportedly noticed that Facebook’s…

Google’s first Android security transparency report highlights dangers of third-party app stores

By

Android users who download from Google Play are less likely to install potentially harmful apps than those who download from unofficial third-party stores, according to the inaugural edition of Google’s quarterly Android Ecosystem Security Transparency Report. The data published in the online report last Thursday was collected from users who enabled the Google Play Protect…

Report: NIST to use IBM’s Watson AI system to score vulnerabilities

By

The U.S. National Institute of Standards and Technology (NIST) reportedly plans to replace its method of scoring publicly disclosed vulnerabilities with a new automated process leveraging IBM’s Watson artificial intelligence system. The agency expects Watson to supplant its current Common Vulnerability Scoring System (CVSS) process for most bugs by October 2019, according to a report…

A flaw that allowed users to break through the passcode screen was eliminated in iOS 7.0.2.

Group FaceTime for iOS exposes users’ full contact info

By

A researcher has apparently found a way to exploit the new Group FaceTime feature in iOS 12.1 in order to access iPhone users’ contact information. The Hacker News has reported that Spanish researcher Jose Rodriguez made the discovery just hours after the release of version 12.1 last Oct. 31, and subsequently created a video of his…

Cisco fixes two critical bugs, recommends workaround for a third

By

Cisco Systems yesterday issued 17 security advisories, disclosing vulnerabilities in multiple products, including at least three critical flaws. One of them, a privileged access bug found in seven models of its Small Business Switches, has not yet been patched, but the company has recommended a workaround to limit its potential for damage. Designated CVE-2018-15439 with…

Malicious Google Chrome extension collected users' data for third parties

Google Chrome to remove ads from abusive sites

By

Google announced it will be adding new features to Chrome 71, starting in December 2018, which will remove ads from sites with persistent abusive experiences. Site owners are free to use the Abusive Experiences Report in the Google Search Console to see if their sites contains any of these abusive experiences that need to be…

Winnti trojan may help set stage for Skeleton Key attacks, analysts say

Encryption flaws in solid state drives enable unauthorized data access

By

Researchers from Radboud University Nijmegen in the Netherlands yesterday disclosed a pair of vulnerabilities in the hardware full-disk encryption mechanisms of self-encrypting solid state drives (SSDs) from Samsung and Crucial. The flaws are present in both internal and external storage devices from these manufacturers, and even affect Microsoft Windows environments that use BitLocker for full-disk…