Information Security News
Security News You Might Have Missed: Microsoft Sues the Government Over Secret Cloud Data Searches
(How this will impact the percentage of rejections remains to be seen.) Here's a recap of additional security news you might have missed this week, along with some tips on tools or features you may wish to uninstall, disable, update, or download ...
Is the FBI Hiding a Firefox Zero-Day?
A question posed by a researcher from the International Computer Science Institute in Berkeley, California has led many to believe, even us, that the FBI may be sitting on a Firefox zero-day which it is currently fighting in US courts to keep secret ...
Senate to Americans: Your security is not our problem
Bad Password is a weekly hacking and security column examining infosec and our ever-eroding "privacy." See all articles. Latest in Culture. Canada's prime minister schools reporter on quantum computing. 2h ago. View. Uber, Lyft drivers will need a ...
More than 3 million Internet-accessible servers are at risk of being infected with crypto ransomware because they're running vulnerable software, including out-of-date versions of Red Hat's JBoss enterprise application, researchers from Cisco Systems said Friday.
About 2,100 of those servers have already been compromised by webshells that give attackers persistent control over the machines, making it possible for them to be infected at any time, the Cisco researchers reported in a blog post. The compromised servers are connected to about 1,600 different IP addresses belonging to schools, governments, aviation companies, and other types of organizations.
Some of the compromised servers belonged to school districts that were running the Destiny management system that many school libraries use to keep track of books and other assets. Cisco representatives notified officials at Destiny developer Follett Learning of the compromise, and the Follett officials said they fixed a security vulnerability in the program. Follett also told Cisco the updated Destiny software also scans computers for signs of infection and removes any identified backdoors.
I just had to block a couple of IP addresses from access to our site because they flooded it with several requests a second. Mostly Amazon WS IPs... Just as a reminder: We like for people to use our data. If you need bulk access, shoot me an e-mail (jullrich -/@/- sans.edu ). And if you write scripts to harvest our data (which is OK!) , then please add an email address or other contact information to your user agent so we can get in touch if there is a problem.
Crooks Combine Gozi and Nymaim Trojans to Steal Money from 24 Banks
During the month of April, security researchers from IBM have spotted a new trojan that appears to be the spawn of the Gozi banking trojan and the Nymaim dropper/ransomware. Dubbed GozNym, researchers say this trojan was used in attacks against the ...
Tippingpoints Zero Day Initiative made two vulnerabilities for Quicktime in Windows public yesterday . The two vulnerabilitiesdo allow remote code execution, but there is a bit of user interaction required in that the user has to visit a web page with a malicious file to get exposed to the exploit. The CVSS score for both vulnerabilities is 6.8.
Usually, I would point to a patch at this point. But Apple responded to TippingPoint stating that Quicktime For Windows is no longer a supported product, and no updates will be released to fix these two vulnerabilities.
Apple published a page with details about how to uninstall Quicktime . But I cant find any other official announcement from Apple about the state of Quicktime, other then the TippingPointvulnerability release. As part of the uninstall instructions, Apple recommends searching for Uninstall QuickTime. Please make sure to only search locally, do not use a Bing/Google/... search as it may lead to suspect software. A quick check I just did doesn there are at least a couple spammy links in Bing.
The InfoSec Landscape Is Changing, And No One Is Safe
In the dynamic world of cloud computing and the Internet of Things, it is no news that cyber security has been a hot topic for both service and equipment providers in the tech landscape. It seems that every enterprise, every endpoint and every user is ...
Why there is a cybersecurity gender gap—and how to close it
The good news is the field of cybersecurity is growing rapidly, which should help draw a wide array of professionals. "I believe more ... "Networking with other women in infosec has been immensely helpful for me," said DeGrippo. "Having that network of ...
Infamous Mario Kart level Is The Inspiration Behind Tesla Easter Egg
Known for including fun little Easter Eggs in its software, Tesla's latest update is no different. A recently discovered Easter egg transforms the dull grey road shown on a Tesla's instrument cluster into a colorful path that resembles the notoriously ...