Network Security | SC Media

Network Security

GAO takes Fiscal Services to task over new and old cyber problems

By

The General Accounting Office (GAO) criticized the Bureau of the Fiscal Service, which is part of the U.S. Department of the Treasury, over new and old cybersecurity problems in a new audit. The GAO found several new and unresolved deficiencies related to information system general controls in the areas of security management, access controls, and…

Mozilla plugs two critical security holes in Thunderbird

By

The Mozilla Foundation yesterday issued a security update for its Thunderbird open-source email client, fixing two critical vulnerabilities involving its IonMonkey JavaScript JIT (just-in-time) compiler. The first of the two flaws, CVE-2019-9810, consists of incorrect alias information when using the Array.prototype.slice method, which could result in a missing bound check and buffer overflow. The second…

Apple’s latest round of security updates includes 51 iOS fixes

By

Apple yesterday released software updates for seven of its products, fixing a broad range of vulnerabilities. Altogether, the company addressed 51 flaws in iOS, 38 in macOS Mojave, 36 in tvOS, 20 in iCloud for Windows, 20 in Safari, 18 in iTunes for Windows and one in Xcode. Some of the vulnerabilities overlapped between these…

github_1439470

Paper: Leaked authentication secrets rampant across GitHub

By

An academic study of GitHub found that more than 100,000 of the web service’s code repositories contain publicly accessible authentication secrets such as API and cryptographic keys, while thousands of new secrets are leaked each day. North Carolina State University researchers Michael Meli, Matthew McNiece (also from Cisco Systems) and Bradley Reaves detail their findings…

The death of the VPN – It’s time to say goodbye

Virtual private networks, VPNs, have often been referred to as the “backbone of the enterprise network.”  This is a bold statement to make about a technology that essentially hasn’t changed in almost over two decades.  And yet, a VPN’s ability to offer employees, third parties and even customers “secure” remote access into enterprise applications and…

Mozilla’s latest Firefox releases fix 22 vulnerabilities

By

The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical. Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability…

Improve cybersecurity program reporting with time-based metrics

As executives allocate an increasing amount of funds to security efforts, they want tangible evidence that their investment is worthwhile. However, this poses a challenge for security teams because when programs are successful, there’s often nothing to report, such as data breaches, email outages, loss of service, or locked out users. This makes it hard…

Report: Chinese e-retailer Gearbest leaves database exposed, endangering 1.5 million records

By

The parent company of Chinese e-retailing giant Gearbest has been operating a completely unsecured corporate database, leaving roughly 1.5 million customer records unencrypted and exposed to the public, a new report warns. Led by white-hat hacker Noam Rotem, researchers from VPNMentor revealed the security issue after discovering they were able to access Gearbest’s customer, order,…

HHS CISO discusses new threat briefings and alerts for health industry

HHS operating divisions must improve security controls: OIG report

By

The U.S. Department of Health and Human Services must improve network security controls at its eight operating divisions (OPDIVs) and fix a series of vulnerabilities discovered during an audit, according to a summary report issued earlier this month by the Office of Inspector General (OIS). The audit, conducted back in 2016 and 2017 by a…

Next post in Security News