Network Security | SC Media

Network Security

Inspector General’s report documents security flaws at Arizona Medicare MCOs

By

A recent risk assessment of information systems at two Arizona-based Medicaid managed care organizations turned up 19 vulnerabilities, according to a new report from the Department of Health and Human Services Office of the Inspector General. Collectively, the flaws were related to remote network access (2), password and login controls (2), physical security controls (1), network…

DHS algorithm to assess federal agencies’ cyber posture

By

Federal agencies are reportedly feeding data into a special algorithm introduced by the  Department of Homeland Security (DHS) in order to assess their cyber posture scores. This Agency-Wide Adaptive Risk Enumeration (AWARE) algorithm should go into full production by fiscal year 2020, news outlet GCN reported yesterday, citing a public presentation yesterday by DHS Continuous…

How CISOs can tell a better security story to their board

By Ed Bellis, co-founder, CTO, Kenna Security Historically, when CISOs have been called to speak to their organization’s board of directors, it was an uncommon event. Just a decade ago, the CISO who presented more than once per year was a rare bird. Times have changed. Boards of directors are taking an interest in cybersecurity…

VMware advisory warns users to patch critical issue in product

VMware issues critical security update for Workstation and Fusion products

By

VMware last week issued a security update for its Workstation and Fusion virtual network devices, patching a critical integer overflow vulnerability that, if exploited, could allow unauthorized guests to execute code on the host. Designated CVE-2018-6983, the hypervisor vulnerability is fixed in versions 14.1.5 and 15.0.2 of Workstation Pro and Workstation Player, and versions 10.1.5 and 11.0.2…

Amazon Logo

Amazon website glitch exposes customer data

By

Amazon customer service reportedly sent an unknown number of customers an email today, warning that a technical error on its website had exposed their data. Details on incident are scant, as Amazon’s disclosure was rather vague in details, according to several outlets that covered the development. “Hello, We’re contacting you to let you know that…

Adobe patches critical type confusion bug in Flash Player

By

Adobe Systems today released an out-of-band security update that fixes a critical type confusion vulnerability in Flash Player, which if exploited could lead to arbitrary code execution in the context of the current user. Designated CVE-2018-15981, the bug was found in versions 31.0.0.148 and earlier of Flash Player Desktop Runtime, Flash Player for Google Chrome…

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in

By

A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Report reveals struggles of SMBs navigating cyber threat landscape

By

A recent survey of just over 1,000 small- and medium-sized businesses found that 58 percent of respondents experienced a data breach in the previous 12 months, according to a new SMB cybersecurity research report from Keeper Security and the Ponemon Institute. An even larger number, 67 percent, said they experienced at least one form of cyberattack,…

IT pros dubious of government officials’ cyber knowledge

By

A newly released survey of 515 IT security professionals is giving government officials a no-confidence vote in terms of their ability to understand digital threats, practice cyber hygiene and legislate encryption policies. Conducted during last August’s 2018 Black Hat cybersecurity conference by researchers at Venafi, the survey found that 63 percent of respondents believe government…

Facebook reportedly fixes search bug that could have threatened user privacy

By

Facebook earlier this year reportedly patched a vulnerability in its search page that could have allowed enterprising attackers to perform reconnaissance on certain users. In a company blog post today, Imperva security researcher Ron Masas wrote that Facebook fixed the issue shortly after he discovered the flaw back in May. Masas reportedly noticed that Facebook’s…

Next post in Security News