Security Feeds

Naked Security

Bitcoin flaw could have allowed dreaded 51% takeover

The scenario was always hypothetical but the fact such a thing was even possible until this week has left some in the Bitcoin community feeling alarmed.

09/21/18 6:35 am

Warning issued as Netflix subscribers hit by phishing attack

Netflix phishing scammers are at it again, sending emails that try to steal sensitive details from subscribers.

09/21/18 4:08 am

Man who shared Deadpool movie on Facebook faces 6 months in jail

US government recommended six months behind bars. That’s one month for every million people that viewed a part of the pirated movie, apparently.

09/20/18 7:36 am

US military given the power to hack back/defend forward

The new preventative cybersecurity powers include potentially acting against countries considered friendly toward the US - a risky move, some say.

09/20/18 4:16 am

FBI wants to keep “helpful” Mirai botnet authors around

The young men behind the powerful IoT device botnet have been working undercover with law enforcement since they were first fingered.

09/20/18 3:50 am

Krebs on Security

Credit Freezes are Free: Let the Ice Age Begin

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you've been holding out because you're not particularly worried about ID theft, here's another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.

09/21/18 9:31 am

Mirai Botnet Authors Avoid Jail Time

Citing "extraordinary cooperation" with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using "Mirai," a potent malware strain used in countless attacks designed to knock Web sites offline -- including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.

09/19/18 9:54 am

GovPayNow.com Leaks 14M+ Records

Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer's credit card.

09/17/18 2:57 pm

U.S. Mobile Giants Want to be Your Online Identity

The four major U.S. wireless carriers today detailed a new initiative that may soon let Web sites eschew passwords and instead authenticate visitors by leveraging data elements unique to each customer's phone and mobile subscriber account, such as location, customer reputation, and physical attributes of the device. Here's a look at what's coming, and the potential security and privacy trade-offs of trusting the carriers to handle online authentication on your behalf.

09/12/18 1:58 pm

Patch Tuesday, September 2018 Edition

Adobe and Microsoft today each released patches to fix serious security holes in their software. Adobe pushed out a new version of its beleaguered Flash Player browser plugin. Redmond issued updates to address at least 61 distinct vulnerabilities in Microsoft Windows and related programs, including several flaws that were publicly detailed prior to today and one "zero-day" bug in Windows that is already being actively exploited by attackers.

09/11/18 1:35 pm

Security Magazine

More intelligent viewing, from Bosch

The latest Bosch AUTODOME IP range is the only camera with built-in Essential Video Analytics and a pan, tilt and zoom (PTZ) function.

10/01/17 11:17 am

Over the Horizon: Emerging Security Threats and Risks to the Enterprise

We are entering a period of time when we are going to see an uptick in the number of security threats, both physical and in cyberspace. There is an increasing global unrest. Over the past few months what we’ve seen electorally, in the U.S., but also in Europe and in other parts of the world, has been a manifestation of that.

10/01/17 4:11 am

Protecting History: A Culture of Security at the Art Institute of Chicago

The Art Institute of Chicago hosts 1.5 million visitors annually, holds 300,000 works of art, serves as the venue for hundreds of private events every year and is a cornerstone of downtown Chicago tourism. All of these factors make security absolutely essential and absolutely challenging.

10/01/17 4:11 am

Preserving & Securing: Keeping Security Discreet at the Darwin Martin House

Iconic American architect Frank Lloyd Wright was commissioned to build a unique residential complex for Buffalo, New York, businessman Darwin D. Martin and his family between 1903 and 1905. Scholars consider the complex of six interconnected buildings as one of Wright’s finest achievements, but the history of the house has been a rocky one.

10/01/17 4:09 am

University Campuses Take Center Stage

Bike thefts, drug abuse, assaults and other violent crimes, protest-counterprotest melees, and cyber hackers are crowding onto the ever-expanding plates of college and university police and security forces. But those in the field say they’re up to those myriad challenges thanks to the combination of equipment, technology and training they can bring to bear.

10/01/17 4:08 am

ThreatPost

Podcast: Two Billion IoT Devices Still Vulnerable to BlueBorne Bug

Up to two billion devices are still vulnerable to the BlueBorne IoT attack - and may not ever get a patch.

09/23/18 3:04 pm

Critical Vulnerability Found in Cisco Video Surveillance Manager

Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.

09/21/18 3:01 pm

Twitter Flaw Exposed Direct Messages To External Developers

The company said it has issued a patch for the issue, which has been ongoing since May 2017.

09/21/18 1:21 pm

Delphi Packer Looks for Human Behavior Before Deploying Payload

Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.

09/21/18 12:45 pm

Unpatched Microsoft Zero-Day in JET Allows Remote Code-Execution

Microsoft said that it's working on a fix for a zero-day flaw in its JET Database Engine.

09/21/18 8:09 am

PacketStorm

Packet Storm

Microsoft Windows ALPC Task Scheduler Local Privilege Elevation

On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can create files in the c:\windows\tasks folder, a hardlink can be created to a file the user has read access to. After creating a hardlink, the vulnerability can be triggered to set the DACL on the linked file. WARNING: The PrintConfig.dll (%windir%\system32\driverstor\filerepository\prnms003*) on the target host will be overwritten when the exploit runs. This Metasploit module has been tested against Windows 10 Pro x64.

09/21/18 5:25 pm

MyBB Visual Editor 1.8.18 Cross Site Scripting

MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.

09/21/18 5:21 pm

Antidote 9.5.1 Code Execution

Antidote versions 9.5.1 and below suffer from an update related code execution vulnerability.

09/21/18 12:18 pm

Staubli Jacquard Industrial System JC6 Shellshock

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability.

09/21/18 12:17 pm

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting

WordPress FV Flowplayer plugin version 7.2.0.727 suffers from a cross site scripting vulnerability.

09/21/18 12:14 pm