Navigate Up
Sign In

Information Security Feeds

Most SAP systems vulnerable to critical security configuration risk
Thu, 26 Apr 2018 18:00:45 +0000

Onapsis researchers revealed a critical security configuration vulnerability that results from default installations in SAP systems which if left insecure, could lead to a full system compromise in unprotected environments. If exploited the impact could be full control of the system by hackers, putting business-critical ERP, HR, PII, Finance, and Supply Chain data and processes at risk. Most SAP systems are vulnerable The vulnerability, mainly driven by a security configuration originally documented by SAP in … More

The post Most SAP systems vulnerable to critical security configuration risk appeared first on Help Net Security.

New Drupal RCE vulnerability under active exploitation, patch ASAP!
Thu, 26 Apr 2018 15:05:28 +0000

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affects Drupal versions 7.x and 8.x. Users should upgrade to v7.59 and 8.5.3. Those who, for whatever reason, can’t implement the update can implement standalone patches, but before doing so they have to apply the fix from SA-CORE-2018-002 … More

The post New Drupal RCE vulnerability under active exploitation, patch ASAP! appeared first on Help Net Security.

Tackle cyber threats in real time with the Micro Focus enterprise security platform
Thu, 26 Apr 2018 12:30:02 +0000

In this podcast recorded at RSA Conference 2018, John Delk, Chief Product Officer and the General Manager of the security product group at Micro Focus, talks about how Micro Focus’ solutions comprise an enterprise-grade security platform with built-in scalability and analytics to drive the future of security. Here’s a transcript of the podcast for your convenience. Hi, I’m John Delk, I’m the Chief Product Officer and the General Manager of the security product group here … More

The post Tackle cyber threats in real time with the Micro Focus enterprise security platform appeared first on Help Net Security.

Gmail users can now send self-destructing emails
Thu, 26 Apr 2018 12:15:34 +0000

Google is slowly rolling out a number of changes for consumer Gmail users and G Suite users. Some of the changes improve usability and productivity, while others are meant to maximize data and user protection. Some of the new security options should help enterprise users meed GDPR compliance needs. New Gmail security features Gmail confidential mode will allow users to: Set expiration dates for emails or revoke previously sent messages Secure access to the contents … More

The post Gmail users can now send self-destructing emails appeared first on Help Net Security.

Can existing endpoint security controls prevent a significant attack?
Thu, 26 Apr 2018 12:00:39 +0000

Endpoint security solutions are failing to provide adequate protections to address today’s security threats, specifically malware, according to Minerva Labs. A majority of the respondents surveyed indicated a heightened concern of a major malware breach in the coming year and acknowledged that they require more than an AV solution on the endpoint to combat the rising threat. After a year of massive ransomware outbreaks, NSA state-grade exploit leaks, and an extraordinary number of cybersecurity meltdowns, … More

The post Can existing endpoint security controls prevent a significant attack? appeared first on Help Net Security.

Better code won’t save developers in the short run
Thu, 26 Apr 2018 11:45:35 +0000

According to OWASP, “Insecure software is undermining our financial, healthcare, defense, energy and other critical infrastructure.” In its 2017 OWASP Top 10 Most Critical Web Application Security Risks, the authors argue that as software becomes increasingly complex, and connected, the difficulty of achieving application security increases exponentially. The rapid pace of modern software development processes makes the most common risks essential to discover and resolve quickly and accurately. Incapsula, a web application firewall (WAF) provider, … More

The post Better code won’t save developers in the short run appeared first on Help Net Security.

Global AI business value to reach $1.2 trillion in 2018
Thu, 26 Apr 2018 11:30:26 +0000

Global business value derived from artificial intelligence (AI) is projected to total $1.2 trillion in 2018, an increase of 70 percent from 2017, according to Gartner. AI-derived business value is forecast to reach $3.9 trillion in 2022. The Gartner AI-derived business value forecast assesses the total business value of AI across all the enterprise vertical sectors covered by Gartner. There are three different sources of AI business value: customer experience, new revenue, and cost reduction. … More

The post Global AI business value to reach $1.2 trillion in 2018 appeared first on Help Net Security.

MyEtherWallet users robbed after successful DNS hijacking attack
Wed, 25 Apr 2018 20:00:11 +0000

Unknown attackers have managed to steal approximately $150,000 in Ethereum from a number of MyEtherWallet (MEW) users, after having successfully redirected them to a phishing site posing as MyEtherWallet.com. The redirection was seamless, and the only thing that gave some indication that the phishing site is not what it pretended to be was the warning showed to visitors saying that the TLS certificate used by the site was signed by an unknown authority (i.e., was … More

The post MyEtherWallet users robbed after successful DNS hijacking attack appeared first on Help Net Security.

Researchers discover next generation phishing kit
Wed, 25 Apr 2018 16:40:17 +0000

Researchers at Check Point and CyberInt, have discovered a new generation of phishing kit that is readily available on the Dark Web. A posting on the Dark Net that advertises the [A]pache phishing kit Created by a cyber-criminal known as ‘[A]pache’, the kit makes it simple for those with very little technical ability to carry out their own cyber-attack. By simply downloading this multi-functioning phishing kit and following the straightforward installation instructions, a threat actor … More

The post Researchers discover next generation phishing kit appeared first on Help Net Security.

Apple device users, stay away from QR codes until you upgrade
Wed, 25 Apr 2018 15:24:42 +0000

It’s time to update your Mac and iOS-powered devices again: Apple has plugged four vulnerabilities, two of which could be exploited to execute arbitrary code if a user visits a malicious website. The two critical vulnerabilities (CVE-2018-4200, CVE-2018-4204) affect WebKit, the web browser engine used in Apple’s Safari browser (both the Mac and the iOS version). They have been discovered and flagged by Ivan Fratric of Google Project Zero and Richard Zhu working with Trend … More

The post Apple device users, stay away from QR codes until you upgrade appeared first on Help Net Security.