Navigate Up
Sign In

Information Security Feeds

Vulnerability in code library allows attackers to work out private RSA keys
Tue, 17 Oct 2017 21:09:27 +0000
Researchers have discovered a security vulnerability in the Infineon-developed RSA library, which could be exploited by attackers to discover the RSA private key corresponding to an RSA public key generated by this library. This private key could be then misused to impersonate its legitimate owner, decrypt sensitive messages, forge signatures (e.g. for software releases) and more. The vulnerable version of the library is v1.02.013, and it’s unfortunately been in use since 2012 in a wide … More

Are you employees snooping on the corporate network?
Tue, 17 Oct 2017 20:00:16 +0000
The overwhelming majority of employees are deliberately seeking out information they are not permitted to access, exposing a major snooping problem among today’s workforce. Have you ever looked for or accessed sensitive information about your company’s performance, apart from what you are required to do as part of your job? A Dimensional Research survey polled more than 900 IT security professionals on trends and challenges related to managing employee access to corporate data. Among key … More

ESET helps Google protect Chrome users from unwanted software
Tue, 17 Oct 2017 19:12:21 +0000
Google has redesigned Chrome Cleanup on Chrome for Windows, and has upgraded the technology it uses to detect and remove unwanted software. A basic antivirus for Chrome “We worked with IT security company ESET to combine their detection engine with Chrome’s sandbox technology. We can now detect and remove more unwanted software than ever before, meaning more people can benefit from Chrome Cleanup,” Product Manager Phillippe Rivard noted, but added that this feature is not … More

Adobe releases emergency fix for Flash Player zero-day exploited in the wild
Tue, 17 Oct 2017 16:40:33 +0000
Adobe has released an out-of-band security update for Adobe Flash Player that patches a zero-day remote code execution vulnerability actively exploited in the wild. Kaspersky Lab researchers spotted the live attacks on October 10, 2017, and say that the exploit is delivered through a Microsoft Word document and deploys the most recent version of the FinSpy (aka FinFisher) commercial malware developed by Gamma International. The attack leveraging CVE-2017-11292 The researchers believe that the zero-day is … More

Digital transformation, regulations impacting data security decisions at financial organizations
Tue, 17 Oct 2017 15:36:08 +0000
Almost half (49%) of global financial services organisations have experienced a data breach in the past, according to the 2017 Thales Data Threat Report, Financial Edition. The report also reveals 21% have been breached multiple times and that 90% feel somewhat or more vulnerable to data threats. As a result, 78% are increasing spending to protect their critical data. Financial services organisations are engaging in digital transformation making the leap from legacy applications to technologies … More

Companies turn a blind eye to open source risk
Tue, 17 Oct 2017 14:17:44 +0000
Though open source software (OSS) helps software suppliers be nimble and build products faster, there are hidden software supply chain risks all software suppliers and IoT manufacturers should know about. For instance, criminals who potentially gained access to the personal data of the Equifax customers exploited an Apache Struts CVE-2017-5638 vulnerability. Apache Struts is a widely used open source component – a framework for Web servers – used by companies in commercial and in-house systems … More

As GDPR implementation date approaches, cyber risk gets more attention
Tue, 17 Oct 2017 12:30:22 +0000
The upcoming implementation of the European Union’s General Data Protection Regulation (GDPR), which takes effect in May 2018, has elevated cyber risk to the top of the corporate agenda for organizations doing business in Europe. In a new global Marsh survey of over 1,300 senior executives, 65% of respondents whose organizations offer products or services in the EU said that they now consider cyber as a top risk. In a similar survey Marsh conducted in … More

WPA2 weakness allows attackers to extract sensitive info from Wi-Fi traffic
Mon, 16 Oct 2017 22:00:03 +0000
WPA2, a protocol that secures modern protected Wi-Fi networks, sports serious weaknesses that can allow attackers to read and capture information that users believe to be encrypted (e.g. passwords, payment card numbers, etc.). “Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites, says Mathy Vanhoef, a postdoc at Belgian University of Leuven, who discovered the … More

Android DoubleLocker ransomware encrypts data, changes device PIN
Mon, 16 Oct 2017 15:51:48 +0000
A new piece of ransomware is targeting Android users. Dubbed DoubleLocker, it both encrypts users’ files and changes the device’s PIN. About DoubleLocker Lukáš Štefanko, the ESET researcher who discovered the ransomware, says that it is based on the BankBot Android Trojan. Like its “parent,” DoubleLocker is distributed mostly through compromised Web sites, masked as a Adobe Flash Player update. Unlike BankBot, it doesn’t harvest users’ banking credentials. “Once launched, the app requests activation of … More

Using a robust platform for cyber threat analysis training
Mon, 16 Oct 2017 15:25:37 +0000
We have recognised threats coming more regularly from varied origins such as nation-states, hacktivist and cybercriminal actors. Coupled with many new public policies aimed at mitigating the negative effects of data breaches, cyber espionage and intellectual property theft, it’s clear a new ecosystem of cyber threat intelligence sharing is emerging. As more intelligence teams become established with the aim to fortify networks and reduce the liabilities and risks associated with data breaches, the need for … More