Security Hot Topics

By GE Scott Knauss - Security Guy | Current security trends and hot topics curated by Scott, CEO of ITS LLC.

Researchers warn of new botnet that could take down the internet

Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the …

Information Security

As devastating as KRACK: New vulnerability undermines RSA encryption keys

A new security flaw has placed the security of RSA encryption in jeopardy.<p>Flawed chipsets used by PCs to generate RSA encryption keys have a …

Information Security

Researchers Reveal Critical KRACK Flaws in WPA WiFi Security

Widely used WPA2 protocol for WiFi security is revealed by researchers to be at risk from a form of replay attack that could leave hundreds of …

Information Security

The list grows: Whole Foods hit by hackers

Another day, another cybersecurity breach.<p>Whole Foods Market -- which was recently acquired by tech giant Amazon (AMZN, Tech30) -- said Thursday that hackers were able to gain access to credit card information for customers who made purchases at some of its in-store taprooms and restaurants.<p>The …

Identity Theft

Hackers are using a terrifying new method for stealing cash out of ATMs

Hackers have a new hands-off approach to stealing money out of ATMs.<p>A report from Trends Micro says there is a shift in the ATM malware landscape …

Security

8 Most Overlooked Security Threats

5/26/2017<br>08:00 AM<p>Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.<p>3 of 9<p>Internet of …

Cybersecurity

How I hacked hundreds of companies through their helpdesk

Introduction<p>Months ago I discovered a flaw hackers can use to access a company’s internal communications. The flaw only takes a couple of clicks to …

Security

Researchers claim new security bypass could threaten 400M Windows devices

Checkpoint researchers developed a proof of concept method dubbed Bashware which they claim allows any known malware to bypass most common security …

Information Security

Devs unknowingly use “malicious” modules snuck into official Python repository | Ars Technica

Code packages available in PyPI contained modified installation scripts.<p>The official repository for the widely used Python programming language has …

Python Programming

Public, Hybrid Cloud Security Fears Abound

Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.<p>The …

RouteX malware: Russian hacker infects Netgear routers to mount attacks against Fortune 500 firms

The malware hijacks routers and turns them into proxies, allowing the hacker to launch credential stuffing attacks.<p>A Russian-speaking hacker is using …

Information Security

Here’s Why Equifax Yanked Its Apps From Apple And Google Last Week

A security researcher discovered a shocking vulnerability: “They quite frankly didn’t know what they were doing.”<p>Last week, after news broke that Equifax was the victim of a critical security flaw that exposed hundreds of millions of Americans’ personal data, the company quietly took down its …

Equifax

Video nasty lets VMware guests run code on hosts

VMware's given vAdmins a busy Friday by disclosing three nasties to patch.<p>One's a video nasty dubbed CVE-2017-4924 and impacts a VMware ESXi, and the …

Malicious plugin installed backdoor on 200,000 WordPress websites

A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites …

WordPress

OurMine hacks Vevo, leaks 3.12TB of internal files and videos after staffer told them to 'f**k off'

The trove of stolen data includes private dossiers on 90 different artistes, ranging from Taylor Swift and Justin Bieber to Madonna.<p>The notorious …

Security

Demonstration of the Bashware Technique

Equifax's Mega-Breach Was Made Possible by a Website Flaw It Could Have Fixed

Good website security is tough, but the consequences of bad website security can be far tougher. That appears to be one of the big lessons coming out …

Equifax

OpenShift: The Platform for Establishing Secure DevOps

Security isn’t a checkbox. It’s not an accreditation. It’s a holistic endeavor that has to permeate every layer of your stack and your …

Missed patch caused Equifax data breach

Equifax has revealed that the cause of its massive data breach was flaw it should have patched weeks before it was attacked.<p>The company has updated …

Blueborne • armis

The IoT Attack Vector “BlueBorne” Exposes Almost Every Connected Device<p>General Overview<p>Armis Labs revealed a new attack vector endangering major …

Apache Struts Statement on Equifax Security Breach

The Apache Struts project has put out a statement on the possible role played by a Struts vulnerability in the massive Equifax data breach. …

Security

Researcher publicly discloses 10 zero-day flaws in D-Link 850L routers

Peeved about previous vulnerability disclosures experiences with D-Link, a security researcher has publicly disclosed 10 zero-day vulnerabilities in …

143M consumer records stolen in massive Equifax hack

Consumer credit reporting agency Equifax Inc. has been hacked with the personal information of 143 million American consumers being stolen.<p>Details of …

Equifax data leak could involve 143 million consumers

Data leaks have become so commonplace that it’s incredibly easy to become numb to them, but credit reporting service Equifax announced a doozy today that when all is said and done could involve 143 million consumers. This is bad.<p>It was a treasure trove of information for the bad guys out there and …

Identity Theft

Microsoft won't patch Edge browser content security bypass

Which of Google, Apple and Microsoft think a content security bypass doesn't warrant a browser patch?<p>Thanks to Cisco Talos security bod Nicolai …

Information Security

Bug in Windows Kernel Could Prevent Security Software From Identifying Malware

Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules …

Information Security

ShadowBrokers return with the release of UNITEDRAKE exploit

The hacking group has also promised two exploit dumps a month from now on.<p>The ShadowBrokers have promised the release of NSA exploit UNITEDRAKE which …

Information Security

'Critical' Security Flaw Found in Widely Used Web App Framework [Updated]

<b>Correction:</b> <i>The original headline on this story indicated that Office Depot used the vulnerable plugin. An Office Depot spokesperson said that,</i> …

Information Security

Princess ransomware makes a visit to the wrong website a royal mistake

PrincessLocker ransomware is harnessing the power of the RIG Exploit Kit in order to spread itself through drive-by downloads on compromised websites.<p>…

Ransomware