Cross-origin bypass flaws alongside disabling Flash-based ads dominate this round of updates.
Seagate has released firmware updates to address several vulnerabilities affecting the company's wireless storage devices.
4 hours ago BIND Updates Patch Two Critical VulnerabilitiesSecurityWeek View Synopsis+1
The Internet Systems Consortium (ISC) announced on Wednesday the availability of BIND 9.10.2-P4 and BIND 9.9.7-P3. The latest versions of the popular DNS software patch a couple of critical denial-of-service (DoS) vulnerabilities.
In the ninth century, "˜The Philosopher of the Arabs' Al-Kindi came up with what was believed to be the first crypto cracking technique ever documented. It still works today on systems assumed to be a holy grail of security, according to a Microsoft researcher.
Working with data sets for analysis is not necessarily an easy task. Part of the challenge is knowing where to go for the data and the second aspect is having a perfect or clear idea of what it is that you hope to gain from analyzing your data.
The hacker that rocks the cradle
Internet-connected baby monitors are riddled with security flaws that could broadcast live footage of your sleeping children to the world and his dog, according to new research.
5 hours ago "The Declining Half-Life of Secrets"Schneier blog View Synopsis+1
Several times I've mentioned Peter Swire's concept of "the declining half-life of secrets." He's finally written it up:The nature of secrets is changing. Secrets that would once have survived the 25 or 50 year test of time are more and more prone to leaks. The declining half-life of secrets has implications for the intelligence community and other secretive agencies, as they must now wrestle with new challenges posed by the transformative power of information technology innovation as well as the changing methods and targets of intelligence collection.
The creator of PGP, Phil Zimmerman, said he doesn't use PGP because it isn't compatible with his MacBook, and the security community began talking about what this means for broader encryption efforts.
6 hours ago Sony Agrees Cyber-Attack Lawsuit SettlementInfoRiskToday View Synopsis+1
Studio Reaches Deal with Former Employees Over "The Interview" BreachSony Pictures Entertainment has reached a tentative deal to settle a class-action lawsuit filed against it, stemming from its 2014 data breach, which resulted in the leak of personal information for up to 50,000 employees.
3 hours ago "Breaking CSRF: Spring Security and Thymeleaf"Appsec Streetfighter Blog View Synopsis+1
As someone who spends half of their year teaching web application security, I tend to give a lot of presentations that include live demonstrations, mitigation techniques, and exploits. When preparing for a quality assurance presentation earlier this year, I decided to show the group a demonstration of Cross-Site Request Forgery (CSRF) and how to fix the vulnerability.A CSRF RefresherIf you're not familiar with Cross-Site Request Forgery (CSRF), check out the article Steve Kosten wrote earlier this year about the attack, how it works, and how to defend your applications using synchronization tokens:https://software-security.sans.org/blog/2015/01/23/demystifying-cross-site-request-forgeryThe DemoMy favorite way to demonstrate the power of CSRF is by exploiting a vulnerable change ...
Concerns about violating international arms treaty behind pull-out.
2015's Nexus 5Â is the phone Android diehards have been looking forward to the most and a new leak confirms that the new device won't burn a hole through their wallets. One ofÂ Android Authority's sources hasÂ confirmed that Google plans to unveil the new Nexus, which will be "probably" called the Nexus 5X, on September 29th. Even better, the source says the new device will be priced starting at $400, which means it will be quite affordable for a flagship device. DON'T MISS:Â 10 of the best iPhone widgets in the world Google will start selling both the Nexus 5X and the new Huawei-made Nexus phablet on the Google Play Store on the same day as their announcement as well,Â Android Authority says. The
The hybrid cloud brings unique security challenges to the enterprise. Ancient military strategist Sun Tzu has wisdom that can help businesses learn how to protect themselves.
A word of advice to jail inmates who give press interviews: "Off the record" doesn't mean squat to the FBI agents listening in.
The post 'Gone Girl' Suspect Confesses to Reporter - As FBI Listens In appeared first on WIRED.
23 hours ago MS15-081 - Critical: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) - Version: 2.0Microsoft View Synopsis+1
1 day ago Secretary of Defense Says US Could Fall Behind Adversaries in Cybersecurity (August 27, 2015)SANS Newsbites View Synopsis+1
In the wake of revelations that attackers believed to be working on behalf of Russia or China infiltrated a server used by the Pentagon's Joint Chiefs, US military leaders expressed concern that the country could "fall behind" its adversaries in the cybersecurity arena.......
Infected ads threaten lonely hearts' romantic pursuits
Security researchers have uncovered a malvertising attack run over ad networks and aimed at users of dating site Match.com.
Want to know if your nemesis is applying for the same job? You're in luck
HMRC is spewing job applicants' email addresses to potential rivals in mass circular responses it has blamed on "a technical glitch".
Indiana State Police cited a state law defining agricultural terrorism to deny a request for information about cellular surveillance equipment.
10 minutes ago 5 Ways ERP Can Reduce Errors in Your Small BusinessIT Toolbox Blogs View Synopsis+1
For many small business owners, enterprise resource planning (ERP) looks more like catch-as-catch-can. Plotting out your resources and processes seems too time-consuming and expensive. But for businesses that rely on very task-specific processes, such as production lines, shipping and receiving, ERP can be a godsend. Here are five ways ERP software can significantly reduce errors,
10 minutes ago The Benefits of the Cloud in Unified CommunicationsIT Toolbox Blogs View Synopsis+1
By merging various forms of communication into a seamless whole, unified communications (UC) improves collaboration by making communication even easier. Your organization can use a single software package that
10 minutes ago How to Improve the Data Quality of CRM RecordsIT Toolbox Blogs View Synopsis+1
Your customer relationship management (CRM) software holds substantial amounts of data collected from various sources, but is it really as trusted as you hope? Michele Goetz of Forrester says, "Seems that the expectations that CRM systems could provide a single trusted view of the customer was starting to hit a reality check." Too many companies are simply collecting as much data
11 minutes ago U.S. sanctions against Chinese firms could be next week: FTYahoo Security View Synopsis+1
The FT cited three U.S. officials as saying the sanctions probably would come next week in advance of Chinese President Xi Jinping's visit later in the month. Suspicions that Chinese hackers were behind a series of data breaches in the United States have been an irritant in relations between the United States and China. The United States is also considering sanctions against Russian individuals and companies for cyber attacks, U.S. officials have told Reuters.
ReverbNation is notifying users of a breach that occurred in 2014, and is asking them to change their passwords.
37 minutes ago Carbanak banking malware returns with new variantSC Magazine View Synopsis+1
The Carbanak malware and Advanced Persistent Threat (APT) campaign, which facilitated the heist of $1 billion from banks around the world earlier this year, is back with its first new variant.
(Reuters) - The United States is preparing to sanction Chinese companies connected to the cyber theft of U.S. intellectual property as early as next week, the Financial Times reported on Thursday.
A new version of the notorious Carbanak Trojan, also known as Anunak, has been spotted in the wild by researchers at Denmark-based CSIS Security Group.
1 hour ago Tripwire Unveils Asset Discovery AppliancesSecurityWeek View Synopsis+1
Security solutions provider Tripwire on Wednesday announced the availability of Tripwire Asset Discovery Appliances, a high-performance device and application discovery solution designed to be easy-to-deploy on all types of networks.
Samsung and other tech companies showcased new computerized wristwatches this week - all aimed at challenging Apple, a relative newcomer to selling smartwatches. Apple Watch was the leading smartwatch ...
More than three dozen Uber trips was cached by the search engine. These "shared trip" pages often includes exact address data, such as a home, or work address.
2 hours ago How Hackers Are Bypassing Intrusion DetectionInfoRiskToday View Synopsis+1
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
Blackmail campaign unmasked through Bitcoin blockchain
Some blackmail attempts against victims of the ongoing Ashley Madison saga resulted in several - albeit modest - pay outs, according to new research.
In the wake of hacker attacks, which have left healthcare providers uncertain about what security steps to take, the Office of the National Coordinator for Health IT is working to help organizations sort out role-based identity and access management issues, says ONC's privacy officer, Lucia Savage.
3 hours ago Netflix Releases XSS Flaw Discovery FrameworkSecurityWeek View Synopsis+1
Netflix this week released an in-house developed tool for discovering cross-site scripting (XSS) vulnerabilities in applications and for scanning secondary software programs for potential XSS flaws.
Review of Web traffic inspection reveals the TLDs with the "shadiest" websites.
The case, if lost, could see a mass exodus of international customers from the US cloud.
FDA official Suzanne Schwartz, M.D., expects more medical device security vulnerabilities to come to light in the year ahead. The FDA soon will issue new guidance addressing the cybersecurity of medical devices already in use.
The difficulty telling fact from fiction in cybercrime news has been getting worse over the past few years. For decision makers, this means a "sanity check" on reported stats should be in your everyday toolkit.