U.S. retailers are digging in their heels over their need for PIN authentication for Europay MasterCard Visa (EMV) smartcard use here.
Ukraine's top security body said on Saturday that it and the national news agency had been hit by cyber attacks, the latest suffered by state organizations since the start of the crisis over Crimea. The Ukrainian authorities said last week the country's telecommunications system had come under cyber attack, with equipment installed in Russian-controlled Crimea used to interfere with the mobile phones of members of parliament. "There was a massive DoS-attack on communication channels of the National Security and Defence Council of Ukraine, which was apparently aimed at hindering a response to the challenges faced by our state," the Security and Defence Council said.
Microsoft plans to release five security bulletins next week for this month's Patch Tuesday, including a fix for a security vulnerability used in attacks against Internet Explorer 10.
That vulnerability, which was described in Security Advisory 2934088, was spotted being used in watering hole attacks during the past few weeks. The bug also affects Internet Explorer 9, and could be exploited if the victim is tricked into visiting a compromised Website. Customers using other versions of IE are not impacted, Microsoft noted.
In addition to the IE bulletin, Microsoft will release one other critical bulletin for Windows. The other three bulletins are rated 'important' and affect Microsoft Windows and Microsoft Silverlight.
"The March patch list is small, with only five bulletins, but they are certainly significant," said Ken Pickering, director of engineering at CORE Security. "There are two bulletins listed as 'critical' with remote code executions, one on Internet Explorer and one on a series of Windows versions. These types of bulletins need immediate attention and a reboot, which is always a headache for IT teams. Bulletin 5 only affects Silverlight, and aside from using it to stream House of Cards on Netflix, doesnâ€™t have a big impact."
"Windows XP is affected by all five updates, and there is really no reason to expect this picture to change; Windows XP will continue to be impacted by the majority of vulnerabilities found in the Windows ecosystem, but you will not be able to address the issues anymore," blogged Wolfgang Kandek, CTO of Qualys. "Windows XP is getting its penultimate update and is now very close (just over 30 days) to its declared end-of-life date...so you need a strategy for the XP machines remaining in your infrastructure."
The Patch Tuesday updates will be released March 11.Tweet Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Microsoft to Release Critical IE Patch Next WeekRussia, Ukraine Conflict Enters Cyberspace TOR Network Increasingly Being Abused by Cybercriminals: Kaspersky LabBitcoin Exchanges Hit By Hackers Fewer Than Half of RSA Attendees Think NSA Overstepped: Survey sponsored links Tags:
- NEWS & INDUSTRY
7 hours ago MS14-016 - Important : Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) - Version: 1.0Microsoft View Synopsis+1
BETHESDA, Md., March 11, 2014 /PRNewswire-USNewswire/ -- SANS Institute today announced its return to San Diego on May 8-17 forÂ SANS Security West 2014. SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning ...
Third party business connections often provide attackers easy, unfettered access to bigger, richer networks.
While President Obama can't get no "RSPECT," the retail world is scrambling in the wake of the Target breach (and yet, my wife shopped there for hours today), even Iran can't stop Facebook, and Brazil wants to build an undersea cable.
Report in Japan says '150,000 hits per second'
A Japanese newspaper is reporting that during the spectacular collapse of the Mt Gox Bitcoin exchange, the operation's servers were also suffering a large-scale DDOS attack.
Matt Gunn, an independent model aircraft or drone operator in Cleveland, says the recent court ruling barring the Federal Aviation Administration from enforcing rules prohibiting the commercial use of drones amounts to â€œmud being flung in their face.â€ Gunn is ...
Apple has improved its security in recent years, but is it enough?
Variants of the Dexter and Project Hook point-of-sale malware continue to pose a threat to retailers, according to new research by Arbor Networks' security engineering and response team.
1 day ago Network Downtime: The Costly FalloutNetwork Computing Security View Synopsis+1
Survey of IT pros shows that human-induced network outages resulted in lost revenue and job losses.
Target CIO Beth Jacob has resigned.......
7 minutes ago SMBs To Benefit From More Complete Security ServicesDark Reading View Synopsis+1
Cloud and managed security services are headed down market with simpler interfaces masking their enterprise heritage
8 minutes ago 7 CRM Best PracticesIT Toolbox Blogs View Synopsis+1
Industry best practices can be professional or commercial, but they must be proven to be the most effectual or precise practices to use given a controlled set of conditions. Customer relationship management (CRM) sets out to automate industry best practices for interacting and communicating with customers and organizations for the sale of goods or services.
For CRM, business
The basic value of customer relationship management (CRM) is in managing the massive amount of customer information and data a business generates over the course of time. Once amassed, however, can additional value be gained from so much data? The answer is a resounding yes. Rather than serving only as an electronic Rolodex, the added value of CRM is imminent in the management aspect of CRM functionality.
1 hour ago Rogers Declines to Call Snowden a TraitorInfoRiskToday View Synopsis+1
But NSA Designee Says Snowden Has Caused Harm to NationAt his March 11 Senate confirmation hearing, Navy Vice Adm. Michael Rogers, chosen by President Obama to be the next director of the National Security Agency, declines to characterize NSA leaker Edward Snowden as a traitor.
1 hour ago NIST Plans Secure Mobile Access GuidesInfoRiskToday View Synopsis+1
Preparing Alternative to Personal Identity Verification CardsThe National Institute of Standards and Technology is drafting guidance to help agencies provide stronger security when allowing access to federal government systems from mobile devices.
A popular website was downed after attackers launched a distributed denial-of-service attack using more than 162,000 WordPress sites.
Update now: OS, Internet Explorer and (of course) Flash all in line for fixes
Patch Tuesday Microsoft has fixed security bugs in Internet Explorer and Windows that allowed hackers to remotely execute code on victims' vulnerable machines â€“ one bug a result of poor JPEG handling.
Nineteen bugs in web browser engine Webkit were addressed with the update.
3 hours ago The Other Shoe Drops For Target's CIOForbes View Synopsis+1
To the surprise of few, Target CIO Beth Jacobs resigned last week, taking the fall for a massive data breach before the Christmas holidays that reverberated throughout the retailerâ€™s quarterly revenues. The only surprising thing: Jacobs didnâ€™t resign sooner.
The end is nigh. No, really. Less than a month from now will officially stop supporting the Windows XP operating system. Many security experts predict that it wonâ€™t be pretty for Windows XP users once the security patches stop rolling out, and some feel that pulling the plug on support is a mistake that will come back to bite Microsoft. The reality, though, is that Microsoft is doing us a huge favor that will make us all more secureâ€”albeit with some potential short-term growing pai...
3 hours ago Navy admiral relays concerns about NSA changesYahoo Security View Synopsis+1
WASHINGTON (AP) â€” If the U.S. government turns over the bulk collection of telephone data to an independent third party, higher costs and delays in identifying potential threats could result, the Navy admiral nominated to be the next head of the troubled National Security Agency said Tuesday.
The bad news - attackers have continued to leverage a highly-publicized Internet Explorer vulnerability. The good news is however that vulnerability now has a patch.
Inside the five security bulletins Microsoft released today for Patch Tuesday is a critical fix for CVE-2014-0322, a vulnerability that has been used to target IE 10 users. While it was first spotted in February being used in attacks on the Veterans of Foreign Wars website, since then it has been used against visitors of a...
WASHINGTON - A senior US senator on Tuesday accused the Central Intelligence Agency of illegally searching computers of Senate staff members who were investigating a CIA interrogation program.
Dianne Feinstein, the powerful chairwoman of the Senate Intelligence Committee, angrily denounced the actions of the CIA, accusing it of seeking to "intimidate" lawmakers from holding the spy agency accountable.
"I have grave concerns that the CIA's search may well have violated the separa...
Windows XP's next-to-last Patch Tuesday saw four updates to it. Office 2003 is also going off support, but no updates were released today for it.
4 hours ago Adobe issues non-critical Flash updateZDNet View Synopsis+1
[UPDATE] A new version of Flash fixes two vulnerabilities in the Windows, Mac and Linux versions. They're not super-high priority.
Technique allows lone attacker hidden in the shadows to wage crippling attacks.
By Patricia Zengerle and Phil Stewart WASHINGTON (Reuters) - President Barack Obama's pick to lead the National Security Agency pledged on Tuesday to look for ways to build confidence in the beleaguered spy agency and, in a possible shift, stopped short of calling former contractor Edward Snowden a traitor. Vice Admiral Michael Rogers, now the Navy's top cyber warrior, was cautious during often terse exchanges at a Senate hearing on his confirmation to also lead the U.S. Cyber Command that sa...
NSA cheerleader's concern is hypocritical, says Snowden
US Senator Dianne Feinstein (D-CA) has issued a rare public rebuke to the CIA after the agency hacked into a Senate committee's computers to remove documents describing agents' torture enhanced interrogation of terrorist suspects.
5 hours ago US-CERT urges XP users to dump IENetworkWorld Security View Synopsis+1
People who plan to run Windows XP after Microsoft pulls the patch plug should dump Internet Explorer (IE) and replace it with a different browser, the U.S. Computer Emergency Readiness Team (US-CERT) said Monday.
University researchers have developed a technique that governments and Internet service providers could use to bypass secured Internet connections and gather valuable personal information.
6 hours ago Gauging WLAN Performance: Epitiro StreetwiseNetwork Computing Security View Synopsis+1
Dedicated WLAN service assurance tools promise deeper analysis than integrated WLAN performance tools, but are they worth it? Here's a look at a recent addition to this emerging market.
7 hours ago MS14-015 - Important : Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2930275) - Version: 1.0Microsoft View Synopsis+1
7 hours ago MS14-014 - Important : Vulnerability in Silverlight Could Allow Security Feature Bypass (2932677) - Version: 1.0Microsoft View Synopsis+1
8 hours ago 10 Nerdy Things To Do In Las VegasNetwork Computing Security View Synopsis+1
At the end of March, IT engineers and architects will descend upon Las Vegas for Interop, the biggest independent IT conference of the year. The show will be packed with the latest technology, including everything from OpenFlow to 802.11ac and SSDs to DIMMs. But even the biggest technophile needs have a little fun at the end of the day, and Las Vegas is certainly the place to find it. If you want to get away from the glitzy shows and casinos, check out these places where nerds can let loose.
10 hours ago Solving the mystery of next-generation firewallsTechRepublic View Synopsis+1
The next-generation firewall is poised to take over the mantle of protection from the last generation of security appliances and firewalls.
Attackers collect almost $4 billion by filing fraudulent tax returns, stealing taxpayer identities, ThreatMetrix report says
Last week, it occurred to me that I might start monitoring the local Wi-Fi environment to determine how often the Apple Bus really comes by. My wife guessed 10 times a day. Iâ€™d have said 20. After a week of ...