Network Security | SC Media

Network Security

Computer password inventor Fernando Corbató dies at 93

Pioneering computer scientist Fernando “Corby” Corbató, regarded as the inventor of the computer password and a key contributor in the development of time-sharing computer systems, died last Friday, July 12, in Newburyport, Massachusetts at the age of 93. Corbató’s Compatible Time-Sharing System (CTSS) allowed multiple users to work on a computer simultaneously, according to an…

What is workforce’s biggest cyber knowledge gap? ID’ing phishing threats, says study

An analysis of workers’ cyber knowledge gaps found that ends users last year struggled most with identifying phishing threats and protecting data throughout its lifecycle, according to a new report from Proofpoint. Titled “Beyond the Phish 2019, the report incorporated data gathered from roughly 130 million answers to questions that were posed to endpoint users…

Mozilla’s latest Firefox releases fix 21 bugs

The Mozilla Foundation yesterday released version 68 of its Firefox browser and version 60.8 of Firefox Extended Support Release (ESR), and in doing so patched 21 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set of…

homesecurityiotdevice_1259556

New eCh0raix ransomware now hitting QNAP NAS drives

Anomali has unveiled a new ransomware variant that is targeting network attached storage (NAS) devices made by QNAP Systems. The ransomware, dubbed eCh0raix after a line in the code, was first spotted in June when a discussion regarding it appeared in Bleeping Computer’s forums. At this point it is not widespread and for reasons and…

VMware advisory warns users to patch critical issue in product

VMware begins patching process for Linux SACK vulnerabilities

VMware is instructing users to be on the lookout for software patches for 31 products that are affected by two vulnerabilities associated with the Linux kernel implementation of TCP Selective Acknowledgement (SACK). The two flaws, SACK Panic (CVE-2019-11477) and SACK Excess Resource Usage (CVE-2019-11478), were originally found and disclosed by Netflix researchers, along with two…

Cirque du Soleil app was an insecure high-wire act for show-goers, researcher says

A mobile app that was designed to enhance the experience of watching a touring Cirque du Soleil show left audience members’ devices vulnerable to an attack by others sharing the same public Wi-Fi network, according to a blog post today by researchers at ESET. The app corresponded to the show TORUK – The First Flight,…

Deception pointe

Deception technology is far more sophisticated than the traditional honeypot. Today’s deceptions look and feel like the real deal, but will attackers take the bait? If you are a Star Trek: The Next Generation aficionado, you might recall the episode “Ship in a Bottle” where Sherlock Holmes’ archenemy Prof. James Moriarty took control of the…

Pair of vulnerabilities could have enabled takeover of EA gamer accounts

Prolific video game developer Electronic Arts Inc. (aka EA Games) has reportedly patched a pair of vulnerabilities that attackers could have exploited to hijack millions of player accounts, access their payment card information and make fraudulent purchases. The first flaw could have allowed actors to hijack an EA Games subdomain, while the other could have…

Federal agencies still using insecure knowledge-based verification for online services

A performance audit of six U.S. government agencies found that four of them are still using knowledge-based questions to verify the identities of individuals applying for federal benefits or services, even though this practice is considered outdated and insecure, especially in light of the 2017 Equifax breach. Knowledge-based verification questions are typically created by credit…

Flaw in Alaris medical devices exposes infusion pumps to possible sabotage

Medical tech company Becton, Dickinson and Company (BD) has advised users of its Alaris Gateway Workstation – a smart connectivity and integration solution for infusion pump devices – to update their firmware, following the discovery of a highly critical remote code execution vulnerability. CyberMDX researcher Elad Luz found that multiple versions of the workstation –…

Next post in Vulnerabilities