Security Hot Topics

By GE Scott Knauss - Security Guy | Current security trends and hot topics curated by Scott, CEO of ITS LLC.

How a Dorm Room Minecraft Scam Brought Down the Internet

The most dramatic cybersecurity story of 2016 came to a quiet conclusion Friday in an Anchorage courtroom, as three young American computer savants …

Cybersecurity

Full Disclosure: Qualys Security Advisory - Buffer overflow in glibc's ld.so

<b>Qualys Security Advisory - Buffer overflow in glibc's ld.so</b><p><i>From</i>: Qualys Security Advisory <qsa () qualys com> <i><br>Date</i>: Mon, 11 Dec 2017 11:18:31</b> …

Information Security

A giant botnet behind one million malware attacks a month just got shut down

Arrest made over Andromeda botnet following operation involving the FBI, Europol and other authorities working with cyber security companies.<p>A major …

Security

A popular virtual keyboard app leaks 31 million users' personal data

The app maker's database wasn't protected with a password, leaving exposed its users' most private information.<p><i>Video: Google does some explaining</i> …

Security

Discover Computers Vulnerable to EternalBlue & EternalRomance Zero-Days

The public leaks of NSA tools and information have led to the release of previously secret zero-day exploits such as EternalBlue, used in the …

Linux

Dangerous flaw in macOS High Sierra leaves your Mac vulnerable: Here’s how to fix it

A critical security flaw in Apple’s latest version of macOS grants intruders access to your computer’s settings and data without needing a …

Information Security

US indicts Chinese hackers for corporate espionage

The three Chinese nationals are accused of infiltrating US firms to steal trade secrets.<p>US prosecutors have indicted three Chinese nationals accused …

Security

Open source nameserver used by millions needs patching

Open source DNS software vendor PowerDNS has advised users to patch its "Authoritative" and "Recursor" products, to squish five bugs disclosed …

Information Security

No Patch Available for RCE Bug Affecting Half of the Internet's Email Servers

A critical remote code execution flaw affects over half of the Internet's email servers, and there's no fix for it available, just yet.<p>The bug is a …

Information Security

Intel Patches Management Engine for Critical Vulnerabilities

Intel issued a critical firmware update on Nov. 20 for a set of eight vulnerabilities that impact the Intel Management Engine (Intel ME) firmware.<p>"In …

Information Security

GitHub starts scanning millions of projects for insecure components

Popular cloud service GitHub is a public code repository for millions of open source projects.<p>For example, you can get Microsoft’s JavaScript engine, …

Ruby

Four Years Later, We Have a New OWASP Top 10

The Open Web Application Security Project (OWASP) has published a new version of its infamous Top 10 vulnerability ranking, four years after its last …

Information Security

Your biggest threat is inside your organisation and probably didn't mean it

Threat of the malicious insider is very real, but accidental data leakage is a bigger problem.<p>It doesn't have a super-sexy moniker like KRACK or …

Cybersecurity

The Motherboard Guide To Not Getting Hacked

Do you want to stop criminals from getting into your Gmail or Facebook account? Are you worried about the cops spying on you? We have all the answers on how to protect yourself.<p><i>Editors note: This is Motherboard's comprehensive guide to digital security, which will be regularly updated and replaces</i> …

Security

New Banking Trojan Similar to Dridex, Zeus, Gozi

IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.<p>A newly discovered banking Trojan …

Google investigators find hackers swipe nearly 250,000 passwords a week

Hackers are constantly trying to break into Google accounts, so Google researchers spent a year tracing how hackers steal passwords and expose them …

Security

iPhone X ‘notch remover’ now available in App Store

Hot or notch?<p>If you have a burning hatred of the so-called "notch" on your new iPhone X then boy do I have good news for you. Apple just approved an app called Notch Remover despite its urging of developers to embrace the notch by not masking it:<p><b>Don't mask or call special attention to key display</b> …

iOS

Antivirus Engine Design Flaw Helps Malware Sink Its Teeth Into Your System

Several antivirus products are affected by a design flaw that allows malware or a local attacker to abuse the "restore from quarantine" feature to …

Information Security

Even a Novice Hacker Could Breach the Network Hosting Kris Kobach's Bogus Voter Fraud Program

A program overseen by the head of President Trump’s so-called “election integrity” commission—which is now largely a tool for driving conspiracy …

Security

Misconfigured Amazon S3 Buckets Expose Users, Companies to Stealthy MitM Attacks

Hackers can exploit exposed Amazon S3 buckets to carry out silent Man-in-the-Middle attacks or other hacks on a company's customers or internal …

Information Security

MINIX: ​Intel's hidden in-chip operating system

Buried deep inside your computer's Intel chip is the MINIX operating system and a software stack, which includes networking and a web server. It's …

Electronic Frontier Foundation

2 factor or 1.5 factor ? | ITS

With all the recent high-profile breaches, many people are asking: "How do I protect my data?" The resounding answer from the security community is: …

New iOS 11.1 Wi-Fi hack drops malware on your iPhone to steal sensitive data

Researchers participating in the Pwn2Own 2017 contest successfully hacked an iPhone 7 running iOS 11.1, just one day after Apple released a patch for …

WordPress site admins: Update immediately!

If you’re running your website on WordPress and you haven’t yet upgraded to version 4.8.3, you should do so without delay. The advice comes from the …

Information Security

TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. [...]

Information Security

Putin outlaws the use of VPNs throughout Russia

MOSCOW (AP) — A law banning the use of virtual private networks, or VPNs, and other internet proxy services has come into effect in Russia.<p>The law, the latest in a spate of legislation stifling internet freedoms in Russia, was pushed by authorities who cited concerns about the spread of extremist …

Researchers warn of new botnet that could take down the internet

Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the …

As devastating as KRACK: New vulnerability undermines RSA encryption keys

A new security flaw has placed the security of RSA encryption in jeopardy.<p>Flawed chipsets used by PCs to generate RSA encryption keys have a …

Information Security

Researchers Reveal Critical KRACK Flaws in WPA WiFi Security

Widely used WPA2 protocol for WiFi security is revealed by researchers to be at risk from a form of replay attack that could leave hundreds of …

Information Security