It is undeniable that internal controls facilitate data security, but a company’s culture can play an even larger role. Awareness is key, and it starts at the top.
The National Highway Traffic Safety Administration (NHTSA) has issued guidelines for automakers outlining cybersecurity best practices for connected cars. The guidance is not binding, so automakers aren’t required to adhere to the standards set forth.
Some of the country’s most popular sites were disrupted by a DDoS attack Friday. Additionally, corporate applications could not be accessed and organizations were unable perform critical business operations.
The rising threat of ransomware gives evidence to the fact that vulnerability assessments are important to overall cybersecurity protection. Is your organization at risk?
Over 900 million Android devices are at risk of compromise due to a dangerous grouping of vulnerabilities recently discovered. The vulnerabilities have folded directly into the Android operating system developed for each original equipment manufacturer (OEM) that uses the affected chipsets within their devices, including Samsung, HTC, Motorola and LG.
More information on the DNC breach shows us that no organization is too big to follow the most basic cybersecurity practices. The most glaring issues identified include the transfer of personally identifiable information and passwords via unencrypted email.
In short, yes. Guests of short-term rentals, like the popular Airbnb, can reset home routers and gain full control of network traffic. What’s more, the potential hacker needs only one thing: a paper clip.
A Bangladesh Bank was a victim of a malware attack that allowed hackers into the bank’s SWIFT software to transfer money and even hide their tracks in the process. $81 million were stolen.
Verizon has released a statement confirming that “Verizon Enterprise Solutions recently discovered and fixed a security vulnerability on our enterprise client portal. Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers.” Experts believe the exposure of the clients’ contact information leaves them more vulnerable to phishing attacks.
A second Android flaw has been discovered. The new flaw, Certifi-gate, if exploited could allows attackers to access the microphone, camera or location of the Android device.
A major vulnerability was discovered on Android devices. It requires no user interaction and 95% of Androids are at risk. Due to the nature of Androids, remediation of the vulnerability will not be simple due to the number of vendors involved.
A vulnerability has been discovered in the linux kernel driver, NetUSB, which is widely used in many routers. So far 26 vendors have been identified so far as using this driver. If the vulnerability is exploited, attackers can conduct DoS attacks or remote code execution.
New malware, Linux/Moose, is targeting Linux routers by gaining access to the router via brute-force attacks. So far Moose has only been used for fraudulent social networking actions, such as “like” and “follow”; however, attackers may begin to perform more sinister actions.
20-year-old flaw in TLS discovered. TLS protects data during transmission over the Internet from eavesdropping. This includes websites, mail servers and VPNs.
Anyone hosting a web server or mail server “should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group”. Make sure your vendors are aware and taking appropriate action. You can test your server here. Everyone should apply appropriate patches to their web browsers.
New zero-day vulnerability has been identified today. Attackers can exploit the vulnerability that exists in the open-source QEMU hypervisor. By doing so they can break out of the affected virtual machine and have access to the physical server and the other virtual machines. QEMU is utilized in some capacity in other more widely used virtualization products such as Xen, KVM (kernel-based virtual machine) and Oracle VM VirtualBox. Venom will be extremely detrimental for data centers.
Not affected: VMware, Microsoft Hyper-V, and Bochs hypervisors.
POS Vendor Reports Malware Attack
Layered security controls are crucial! Latest POS malware incident involved Harbortouch Payments POS systems and the anti-virus program did not detect the advanced malware.
Zero-Day Malvertising Attack Went Undetected For Two Months
Vulnerability in Adobe Flash was exploited by cybercriminals to inject ransomware malware in the ads on popular web sites including Dailymotion, Huffington Post, answers.com, New York Daily News and HowToGeek.com. Adobe released the patch on February 2nd; however, the vulnerability had been exploited since December 2014.