14th July 2017 By Catalin Cimpanu Starting next week Google will overhaul its two-step verification (2SV) procedure and replace one-time codes sent via SMS with prompts shown on the user’s smartphone. This change in the Google 2SV scheme comes after an increase in SS7 telephony protocol attacks that have allowed hackers to… Continue reading Google to Replace SMS Codes With Mobile Prompts in 2-Step-Verification Procedure
Author: admin
Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE
By Michael Mimoso July 14, 2017 Cisco has patched nine serious remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software. The vulnerabilities had been publicly disclosed. Cisco notified users of the availability of patches after releasing its initial advisory on the matter on June 29, warning of… Continue reading Cisco Patches Publicly Disclosed SNMP Vulnerabilities in IOS, IOS XE
Siemens Patches Authentication Bypass Flaw in SiPass Server
By Michael Mimoso July 14, 2017 A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product supports card readers… Continue reading Siemens Patches Authentication Bypass Flaw in SiPass Server
NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
By Tom Spring July 14, 2017 Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.” Duncan, a handler at the SANS Institute Internet Storm Center, said that… Continue reading NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
Microsoft Security Update Minor Revisions Issued: July 13, 2017
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 ******************************************************************** Title: Microsoft Security Update Minor Revisions Issued: July 13, 2017 ******************************************************************** Summary ======= The following CVEs have undergone a minor revision increment. * CVE-2017-8563 * CVE-2017-8589 Revision Information: ===================== CVE-2017-8563 – Title: CVE-2017-8563 | Windows Elevation of Privilege Vulnerability –… Continue reading Microsoft Security Update Minor Revisions Issued: July 13, 2017
Bupa breach affects more than half a million customers
A London health insurance agency has been hit with a massive data breach. The personal information of about 547,000 people was compromised. Unlike recent ransomware attacks, this breach came from within the company. “The data breach really highlights the fact that employees can still be an organization’s weakest link with regards to security,”… Continue reading Bupa breach affects more than half a million customers
Bupa warns health insurance information exposed by rogue employee
Graham CLULEY 13th July 2017 Healthcare insurance giant Bupa has warned customers that it has suffered a breach, after an employee inappropriately copied and removed customer information from the business. In all, around 108,000 international health insurance policies are said to be affected. An email sent to affected policy holders describes… Continue reading Bupa warns health insurance information exposed by rogue employee
Attackers Using Automated Scans to Takeover WordPress Installs
By Chris Brook July 13, 2017 Attackers have been setting their sights on freshly installed WordPress deployments, taking advantage of users who fail to follow through when it comes to configuring their server’s settings. Researchers at the WordPress security plugin WordFence said Tuesday they observed a significant spike in attacks targeting WordPress accounts… Continue reading Attackers Using Automated Scans to Takeover WordPress Installs
Samba puts out new security update to address exploit that fueled WannaCry
Vuln hit “all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos.” Cyrus Farivar – 7/13/2017 On Wednesday, the Samba Team released new security updates to fix a vulnerability in “all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos,” according to an announcement from the United States-Computer Emergency Readiness Team (US-CERT). … Continue reading Samba puts out new security update to address exploit that fueled WannaCry
PSA: Don’t Open SPAM Containing Password Protected Word Docs
12th July 2017 By Lawrence Abrams I wanted to alert everyone of a new malware distributing SPAM that I just received that contains a password protected Word document, which pretends to be about a payment I would be receiving shortly. As I always love free money, I had to take a look and see what… Continue reading PSA: Don’t Open SPAM Containing Password Protected Word Docs