Information Security

Windows metadata bug has been waiting to cripple older machines (updated)

If you're still using Windows 7 or Windows 8, there's <i>another</i> security issue you need to be aware of aside from Wannacry. This one won't hold your computer ransom for bitcoin, though. Actually, it might be more annoying than it is dangerous. Researchers from Aladdin RD, an information security …

Microsoft

New class of attacks affects all Android versions

Researchers have demonstrated how a malicious app with two specific permission can stealthily compromise users’ Android devices.<p>“The possible attacks …

Security

8 Most Overlooked Security Threats

Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.<p>1 of 9<p>(Image: Alphaspirit via …

Technology

Subtitling systems contain 'widespread' security threat

<b>Film fans could be vulnerable to attack by hackers who hide malicious code inside files that provide subtitles, a security firm has warned.</b><p>Checkpoint Software found loopholes in the way four popular media players handle subtitles.<p>Poor checking of subtitle files, the different formats they use and …

Security

83% of Security Pros Waste Time Fixing Co-Workers Non-Security Problems

Security personnel in many organizations waste time every week helping co-workers with general IT problems, rather than doing their own work, which …

Security

Samba exploit – not quite WannaCry for Linux, but patch anyway!

Samba is an open source project that is widely used on Linux and Unix computers so they can work with Windows file and print services.<p>Samba can work …

Linux

Amazon's app store compromises Android security

It's dangerous to go alone outside Google's protective walled garden, but it's the price you pay for free software.<p>Ask almost any security expert, …

Apps

Medical implants and hospital systems are still infosec dumpster-fires

Medical devices have long been the locus of information security's scariest failures: from the testing and life-support equipment in hospitals to the …

Security

'Judy' could be the largest malware campaign ever found on Google Play Store

Is your Android phone safe? Downloads from all affected applications range between 8.5 and 36.5 million users.<p>Security experts have uncovered a …

Google

Filesystem Bug Hangs or Crashes Windows 7 and Windows 8.1

A bug in Microsoft's NTFS file system technology allows pranksters to hang or crash computers running Windows Vista, Windows 7, and Windows 8.1 just …

Security

Mark Dowd on Exploit Mitigation Development

Mark Dowd, fresh off his 2017 Security Analyst Summit keynote, discusses why certain exploit mitigations have been so successful in driving up the …

Security

Elections, Deceptions Political Breaches

Political hacks have many lessons for the business world.<p>Looks like you've hit your article limit. Please or register for a free account to get …

Cybersecurity

Crysis ransomware master keys released to the public

A total of 200 master keys can now be used by victims to decrypt and unlock their systems.<p>The world has been rocked by WannaCry causing disruption …

Security

Man in the Middle iOS Attacks: The Danger of Relying on a Single Layer of Security

<i>Author Note: This write-up will not examine any new vulnerability. Rather, it explores a common methodology used in trivially hacking iOS apps, in</i> …

Security

Major security vulnerability found in VLC, Kodi, and other media players, Kodi for Android already patched

What's worse than a security vulnerability in a widely-used program? A security vulnerability in <i>several</i> widely-used programs. Researchers from Check …

Security

This bug from the 1990s can hang or crash any Windows 7 or 8.1 system

Malicious webpages are generally responsible for embedding this bug.<p>A bug resembling those from older versions of Windows can now affect any Windows …

Microsoft Windows

Samba Patches Wormable Bug Exploitable With One Line Of Code

A patch for a critical vulnerability impacting the free networking software Samba was issued Wednesday. The flaw poses a severe threat to users, with …

Security

Hackers are hiding viruses in Kodi, Popcorn Time and other pirated movie subtitles

Security research firm Check Point revealed a new exploit on Tuesday that affects several media players. The vulnerability allows a hacker to infect …

Popcorn Time

Linux SambaCry

Great news everyone, Windows is not the only operating system with remote code execution via SMB. Linux has also its own, seven-year-old version of …

Linux

Dissecting TLS Using Wireshark

The primary goal of the Transport Layer Security protocol as defined in RFC 2246 (TLS version 1.0) is “to provide privacy and data integrity between …

DevOps

'Thousands' of known bugs found in pacemaker code

<b>Pacemakers, insulin pumps and other devices in hospitals harbour security problems that leave them vulnerable to attack, two separate studies warn.</b><p>One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices.<p>The other study of the broader device …

U.S. Dept. of Homeland Security

Rash Of Phishing Attacks Use HTTPS To Con Victims

Scammers are increasingly abusing consumer awareness of sites that encrypt data sent over the internet using HTTPS, particularly through a spike in …

Security

If Investing In BlackBerry's Cyber Security Story, Soon You May 'WannaCry'

BlackBerry has no software or hardware that could have prevented WannaCry.<p>BlackBerry ranks 34th in cyber security.<p>There are much better cyber …

Cybersecurity

Split Tunnel SMTP Exploit Bypasses Email Security Gateways

Attackers can inject malicious payloads directly to email server via email encryption appliances, Securolytics says.<p>Many organizations, especially in …

Technology

Proposed US Bill Would Legalize Aggressive "Hack Back" Attacks

A US congressman is currently tinkering away at a proposed bill that will legalize some "hack back" counter-measures that breached companies can take …

Cybersecurity

Recently revealed "Cloak & Dagger" Android attack uses overlays and accessibility services to deceive users

A new series of vulnerabilities in Android have been discovered by researchers at the University of California Santa Barbara and the Georgia …

WannaCry Ransomware: Fake Antivirus Apps For Android Don't Protect Against Malware Attacks

A new wave of apps appearing in the Google Play Store purport to protect devices against the WannaCry ransomware attack that infected hundreds of …

Google Play Store

Put down the popcorn and patch your media player

Researchers have uncovered an alarming “zero resistance” security hole in the way several popular media players handle film subtitles that could …

Security

Unwrapping the Mystery: Did a Big, Slimy Internet Worm Make Hundreds of Organizations WannaCry?

Two weeks into the WannaCry aftermath, response teams are getting back to normal, organizations are re-evaluating their infrastructures, and even the …

Security

Protecting Medical Devices from Ransomware: A Critical Step

In the wake of the WannaCry ransomware campaign, healthcare entities need to take a critical step right now to prevent their medical devices from the …

Cybersecurity