Month: September 2017

29th September, 2017  By Chris Brook     Industrial manufacturer Siemens is encouraging users running devices that use its Ruggedcom Discovery Protocol (RCDP) to apply firmware updates this week. The updates resolve a serious and remotely exploitable vulnerability that could let an attacker carry out administrative actions.   The issue, an improper access control vulnerability,… Continue reading Siemens Patches Improper Access Vulnerability in Ruggedcom Protocol

29th September, 2017  By Kelly Sheridan     Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.   Security teams need more advanced people than they can find or afford. For many, outsourcing has become key to bridging the skills gap and addressing tasks they lack… Continue reading Best and Worst Security Functions to Outsource

29th September, 2017  By Chaim Sanders   We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.   Every day, a common scenario plays out across the US. An information security employer receives a resume from a recent graduate and looks at the student’s academic qualifications. Folks… Continue reading Analyzing Cybersecurity’s Fractured Educational Ecosystem

26 September 2017Press Release   Joint report presents physical and network-based malware affecting ATMs   Europol’s European Cybercrime Centre (EC3) and Trend Micro, a global leader in cybersecurity solutions today released a comprehensive report on the current state of ATM Malware. Cashing in on ATM Malware details both physical and network-based malware attacks on ATMs,… Continue reading Europol’s EC3 and Trend Micro Partner to Arm Financial Industry with ATM Malware Protection

“Very good review on Webroot SecureAnywhere” ============================================================================= Webroot is a fairly well-known name in the security community, and it’s all encompassing “Secure Anywhere” software suite is offered in three varietals: antivirus, Internet Security Plus, and Internet Security Complete. I decided to take a look at its basic “antivirus” package, which touts lighting fast scans, no… Continue reading Webroot SecureAnywhere AntiVirus Review

Another breach is being investigated right now, it is still early days but watch this space.   Whole Foods Market recently received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores. These venues use a different point of sale system than the company’s primary store checkout… Continue reading Whole Foods Market Payment Card Investigation Notification

  September 28, 2017 By Michael Mimoso   Google said this week it would enforce HSTS on 45 Top Level Domains it operates.   HSTS, or HTTP Strict Transport Security, forces HTTPS on client connections to webservers and is a key part of the strategy to encrypt the web.   Google is the registry for… Continue reading Google to Enforce HSTS on TLDs it Operates

By Ionut Arghire on September 28, 2017   The infamous FIN7 hacking group has been distributing malware through a LNK file embedded in a Word document via the Object Linking and Embedding (OLE) technology, Cisco Talos security researchers say.   FIN7, also known as Anunak, or Carbanak, is a financially motivated group that has been highly active… Continue reading FIN7 Hackers Use LNK Embedded Objects in Fileless Attacks

By Eduard Kovacs on September 28, 2017   Kaspersky said it had detected roughly 18,000 malware samples belonging to more than 2,500 families on industrial control systems (ICS) in the first half of 2017. According to the company’s “Threat Landscape for Industrial Automation Systems” report for the first six months of the year, nearly 38… Continue reading Thousands of Malware Variants Found on Industrial Systems: Kaspersky

Urgent security triage needed   By John Leyden 28 Sep 2017     A flaw has been found in the way the Linux kernel loads ELF files.   If a malicious program is built as a Position Independent Executable (PIE), the loader can be exploited to map part of that application’s data segment over the memory area… Continue reading Patch alert! Easy-to-exploit flaw in Linux kernel rated ‘high risk’