Hackin9
[SECURITY] [DSA 3600-1] iceweasel/firefox-esr security update
 
SimpleSAMLphp Link Injection
 
[security bulletin] HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS)
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The National Institute of Standards and Technology (NIST) is developing a minor update of its Cybersecurity Framework based on feedback from its users. In the just released Cybersecurity Framework Feedback: What We Heard and Next Steps, ...
 

Infosecurity Magazine

#Infosec16: Beware Incident Response Sucker Punch
Infosecurity Magazine
A serious cybersecurity incident can hit an organization like a punch in the face, forcing IT teams out of their comfort zone even if they have a pre-formed response plan, according to a leading infosec boss. Vicki Gavin, head of business continuity ...

and more »
 

(credit: Matthew Keys)

The jury is still out, but at this early stage, there's good reason to doubt the legitimacy of claims that more than 32 million Twitter passwords are circulating online.

The purported dump went live on Wednesday night on LeakedSource, a site that bills itself as a breach notification service. The post claimed that the 32.88 million Twitter credentials contain plaintext passwords and that of the 15 records LeakedSource members checked, all 15 were found to be valid. Twitter Trust and Info Security Officer Michael Coates has said his team investigated the list, and he remains "confident that our systems have not been breached."

Lending credibility to Coates's claim, Twitter has long used the bcrypt hash function to store hashes. Bcrypt hashes are so slow and computationally costly to crack that it would have required infeasible amounts of time and effort for anyone to decipher the underlying plaintext. As of press time, there were no reports of a mass reset of Twitter users' passwords, either.

Read 3 remaining paragraphs | Comments

 
[SECURITY] [DSA 3599-1] p7zip security update
 
CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability
 

About 11 percent of shared cloud folders contain nasty surprises, according to recent research.

Internet file sharing has long been a prime route for malware to spread. The situation is one of the reasons (aside from the exposure of proprietary data) that many companies restrict the use of cloud file sharing to corporate-approved systems. But it turns out that those enterprise cloud folders are just as bad. As more companies sanction the use of cloud applications for collaboration and sharing data—even just between individuals' computers and mobile devices—those cloud apps have increasingly become fertile ground for malware.

In a study based on data collected from millions of users over the first three months of 2016, cloud security company Netskope found that 11 percent of enterprises have sanctioned cloud apps with malware. That total more than doubled, up from just 4.1 percent in the previous quarter's data.The malware discovered included JavaScript exploits, droppers used to spread other malware, malicious embedded macros in document files, actual backdoor malware, spyware, and adware. Some mobile device malware was found as well.

All of the malware was found in file sharing applications, though only 26.2 percent of it appeared to be actually shared (whether internally to others in the affected company, externally with partners, or even publicly shared). That means the cloud folders were either infected because they were connected to a device exploited by malware, or the files were moved to the folders by the user.

Read 1 remaining paragraphs | Comments

 

PublicTechnology.net

Centrify survey: Public believe government can handle cybersecurity issues
PublicTechnology.net
The survey, published by cybersecurity firm Centrify at the Infosec conference in London, asked 800 people to rank which of seven sectors would best handle security breaches. It found that 28% of people in the UK said they thought government and local ...

 

Gurucul Named Best Behavior Analytics | Enterprise Threat Detection Platform in SC Awards Europe 2016
Business Wire (press release)
Gurucul Risk Analytics (GRA) was deemed superior to solutions from Exabeam, Interset, Splunk and Vectra Networks by information security professionals from major European and global brands in the banking, retail, airline, insurance and food and ... SC ...

and more »
 
ESA-2016-064: EMC Data Domain Information Disclosure Vulnerability
 

Is Bring Your Own Device (BYOD) Right for Your Enterprise?
PR Newswire (press release)
A contractor and chief information security officer (CISO) for a federal agency involved in arms control, emergency response, counterterrorism, and nuclear nonproliferation programs, Josh Moulin is well qualified to tackle the BYOD topic. As he notes ...

and more »
 

Brave New Coin

Large UK businesses are holding bitcoin to pay ransoms
Brave New Coin
"Cybercriminals went even further and contrived an affiliate ransomware distribution scheme,” InfoSec explained, “the idea is to draw a distinct line between the crypto ransomware creators and the individuals or groups who spread the infection ...

and more »
 
[security bulletin] HPSBMU03584 rev.2 - HPE Network Node Manager I (NNMi), Multiple Remote Vulnerabilities
 
ESA-2016-072: EMC NetWorker Remote Code Execution Vulnerability
 
[security bulletin] HPSBMU03614 rev.1 - HPE Systems Insight Manager using Samba, Multiple Remote Vulnerabilities
 

The Register

DevOps is for all, says DevOps pundit-in-chief. He doesn't have it in for the BOFH, honest
The Register
But he continued, research he has conducted with Jez Humble, showed “The same principles and patterns are emerging in large complex organisations, like lv, HMRC and News UK.” (All of whom will be speaking at the conference, unsurprisingly.).

 

Is Bring Your Own Device (BYOD) Right for Your Enterprise?
SYS-CON Media (press release)
... build their professional reputations. With an audience of more than half a million and more than 10,000 posts by security experts, Peerlyst is the preeminent platform for spreading InfoSec news, asking a question, finding an expert, or offering ...

and more »
 

IT PRO

32 million Twitter passwords go for sale on the dark web, but Twitter 'not hacked'
IT PRO
Twitter has denied that its systems were breached by hackers, after more than 32 million users' passwords were found for sale on the dark web. The news comes after a rash of data breaches from sites such as MySpace, LinkedIn and Tumblr, all of which ...

and more »
 

Ars Technica UK

Infosec is a sham: The reality of IT security
Ars Technica UK
To listen to the vendors of business information security services and products—universally known by the faux-cool, quasi-spy name "infosec"—there is safety in numbers, as long as those numbers are big enough and on the bottom of a purchase order ...

and more »
 

Techworm

Here is how Mark Zuckerberg and other celebrity Twitter accounts were hacked
Techworm
If you have been following online reports, you would find that at least one Hollywood celebrity Twitter account is being hacked everyday and the hackers are using the hacked Twitter accounts to tweet. Even the Facebook CEO, Mark Zuckerberg's Twitter, ...

and more »
 
Internet Storm Center Infocon Status