Must Read Security News

  • Triton malware shines light on threat facing energy production companies
    Sophisticated malware capable of forcing industrial equipment safety systems to fail was found in industrial control systems in the Middle East, according to information provided to CyberScoop and research produced Thursday by U.S. cybersecurity firms FireEye and Dragos. Dubbed “Triton”or “Trisis,” the malware disrupts an emergency shutdown capability in Schneider Electric’s Triconex safety instrumented system (SIS). By targeting this system, Triton makes it easier for an industrial control system (ICS) to fail and break down. SIS technology ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Thales acquires chip giant Gemalto in $5.6B all-cash deal
    French technology giant Thales SA will acquire digital security company Gemalto after outbidding a rival French company whose bid was rejected. Thales will acquire Gemalto — the world’s largest manufacturer of SIM cards and credit card chips — in an all-cash transaction worth €4.76 billion ($5.6 billion), beating an offer from rival Atos that was valued at €4.3 billion ($5.06 billion). Gemalto said Atos’ bid significantly had undervalued the company. Known more for its work in aerospace, Thales has ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Monero Mining Software Found on Oil Transport Company’s Systems
    An oil transportation company discovered someone had installed Monero-mining software on its systems without its authorization. On 14 December, Vladimir Rushailo, vice president of the Russian state-owned transport monopoly Transneft, revealed that the company had found that one of its computers had automatically downloaded software designed to mine the Bitcoin rival. As quoted in a […]… Read More The post Monero Mining Software Found on Oil Transport Company’s Systems appeared first on The State of Security. ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Expert found critical issues in Palo Alto PAN-OS Networks Security Platform
    Palo Alto Networks released security updates for its PAN-OS security platform that address critical and high severity vulnerabilities Last week, Palo Alto Networks released security updates for its PAN-OS security platform that address critical and high severity vulnerabilities that can be exploited by a remote and unauthenticated for remote code execution and command injection. The critical issue, tracked as CVE-2017-15944, is a combination of flaws that affect the management interface. PAN-OS 6.1.18, 7.0.18, 7.1.13, 8.0.5 and earlier versions ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Firewall Bursting: A New Approach to Better Branch Security
    One of the most common network security solutions is the branch firewall. Branch firewall appliances can pack into a single device a wide range of security capabilities including a stateful or next-generation firewall, anti-virus, URL filtering, and IDS/IPS. But the reality is that most of these edge devices lack the processing power to apply the full scope of capabilities on all of the ... [more]
    Read the full story at: THN : The Hackers NewsPublished on 2017-12-18
  • Lessons Learned from the Estonian National ID Security Flaw
    Estonia recently suffered a major flaw in the security of their national ID card. This article discusses the fix and the lessons learned from the incident: In the future, the infrastructure dependency on one digital identity platform must be decreased, the use of several alternatives must be encouraged and promoted. In addition, the update and replacement capacity, both remote and physical, should be increased. We also recommend the government to procure the readiness to act ... [more]
    Read the full story at: Bruce Schneier’s BlogPublished on 2017-12-18
  • Jack of all trades
    Nowadays, it’s all too easy to end up with malicious apps on your smartphone, even if you’re using the official Google Play app store. The situation gets even worse when you go somewhere other than the official store – fake applications, limited security checks, and so on. However, the spread of malware targeting Android OS is not limited to unofficial stores – advertising, SMS-spam campaigns and other techniques are also used. Among this array of ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Researchers discovered two serious code execution flaws in vBulletin not yet unpatched
    Two code execution vulnerabilities affecting version 5 of the vBulletin forum software were disclosed by researchers last week. Two code execution vulnerabilities affecting version 5 of the popular vBulletin forum CMS were disclosed by researchers last week via Beyond Security’s SecuriTeam Secure Disclosure program. vBulletin is currently used by over 100,000 sites, including Fortune 500 and Alexa Top 1M companies websites and forums. The flaws were discovered by an expert at the Italy-based security firm TRUEL ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly
    Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a popular internet forum software—vBulletin—one of which could allow a remote attacker to execute malicious code on the latest version of vBulletin application server. vBulletin is a widely used proprietary Internet forum software package based on PHP and MySQL database server. It powers ... [more]
    Read the full story at: THN : The Hackers NewsPublished on 2017-12-18
  • BGP hijacking – Traffic for Google, Apple, Facebook, Microsoft and other tech giants routed through Russia
    Traffic for Google, Apple, Facebook, Microsoft and other tech giants routed through Russia, experts believe it was an intentional BGP Hijacking. Last week a suspicious event routed traffic for major tech companies (i.e. Google, Facebook, Apple, and Microsoft) through a previously unknown Russian Internet provider. The event occurred on Wednesday, researchers who investigated it believe the traffic was intentionally hijacked. The incident involved the Internet’s Border Gateway Protocol that is used to route traffic among Internet backbones, ISPs, ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • Fixing Data Breaches Part 1: Education
    Presently sponsored by: Security Newsletter: a weekly newsletter digesting last week’s infosec news into a shortlist of useful articles.We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem. My full written testimony ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-18
  • The Best Way to Procure Cybersecurity Technology
    Do you want to live with a big rock, a fancy dog, a tailored suit, or a flexible ecosystem? In other words, what’s the best way to procure cybersecurity technology? That sounds like a trick question, but it isn’t. While most cybersecurity professionals believe they’re underfunded (and probably are) and most cybersecurity programs are understaffed […]… Read More The post The Best Way to Procure Cybersecurity Technology appeared first on The State of Security. ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-17
  • A Look Back at 2017 — Digital Security Lessons Learned
    2017 was a busy year full of malware attacks and data breaches. Yes, these events caused (at least) their fair share disruption and damage. But as the year draws to a close, our attention should move beyond those immediate consequences in an effort to better understand the facts surrounding how and why the incidents occurred. […]… Read More The post A Look Back at 2017 — Digital Security Lessons Learned appeared first on The State of ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-17
  • Foundational Controls that Assure Integrity
    We want more of the CIA Triad. No, this has nothing to do with the US government agency. It stands for “confidentiality, integrity, and availability.” What it alludes to is the idea of protecting access to privileged information (confidentiality), asserting that the information hasn’t been tampered with (integrity), and that the information can be reliably […]… Read More The post Foundational Controls that Assure Integrity appeared first on The State of Security. ... [more]
    Read the full story at: RSSMix Security Feed of FeedsPublished on 2017-12-17
  • Windows 10 bundles a briefly-vulnerable password manager
    Keeper exposed punters to drive-by click-jack pwnage Google Project Zero's Tavis Ormandy has turned up a howling blunder in a password manager bundled with Windows 10.… ... [more]
    Read the full story at: The Register – SecurityPublished on 2017-12-17