NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
Newsfeeds
Help Net Security
  • Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio

    Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms. “The supply chain for subtitles is complex, with over 25 different subtitle formats in use, all with unique features and capabilities. This … More

    click to view

  • More links between WannaCry and Lazarus group revealed

    Symantec researchers have found more links between WannaCry ransomworm and Lazarus, the hacking group believed to be behind the 2014 attack on Sony Pictures and the 2016 Bangladesh Central Bank heist. Earlier WannaCry attacks point to the group As you may or may not know, the May 12 attack was not the first time that the WannaCry ransomware was used. But, it was the first time that this particular variant, which incorporated the leaked “EternalBlue” … More

    click to view

  • SCADA systems plagued by insecure development and slow patching

    “Behind most modern conveniences, there exists a SCADA system somewhere that controls them,” Trend Micro researchers pointed out in a new report that delves in the heart of vulnerabilities affecting SCADA systems’ Human Machine Interfaces (HMIs). Mean time to patch vulnerabilities from the time they were disclosed by year “SCADA systems are at the core of water treatment plants, gas pipelines, electrical power distribution systems, wind farms, expansive communication systems, and even civil defense sirens. … More

    click to view

  • Data breach activity reaches all-time high

    With over 1,200 breaches and over 3.4 billion records exposed, 2017 is already on pace to be yet another “worst year on record” for data breach activity, according to Risk Based Security. W-2 phishing “The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017” said Inga Goddijn, Risk Based Security’s Executive Vice President. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for … More

    click to view

  • Highest European CISO salaries set to reach €1 million

    Chief Information Security Officers supervise information systems for their organization, and are in charge of coming up with, proposing, and implementing workable solution for minimizing security threats the organization faces. It is a complex and stressful job, and CISO salaries have been rising and rising in the last few years, fueleded (no doubt) by the data breaches, ransomware and cyber espionage attacks that have become a daily occurrence. “CEOs have started to lose their jobs … More

    click to view

  • Breaking TLS: Good or bad for security?

    As the use of TLS by malware and phishing increases, some security practitioners are seeking solutions to break TLS so they can monitor all traffic in and out of their network. Breaking TLS is typically accomplished by loading an inspection CA certificate that dynamically generates certificates by your TLS inspection device. The public key from this CA is loaded into all clients on the network. When a domain is requested, a certificate is generated “on … More

    click to view

  • Cybersecurity: Industry concerns and suggestions for policy makers

    The EU Agency for Network and Information security – ENISA – together with industry recently reached a common position on cybersecurity, that reflects the concerns of industry and provides a set of suggestions for policy makers. Their paper focuses on four main areas actively debated at the EU level: standardisation and certification, security processes and services, security requirements and implementation, and the economic dimensions. Key challenges and recommendations identified for the European Commission Define a … More

    click to view

  • Beware the coffee shop: Mobile security threats lurk around every corner

    40 percent of organizations believe that C-level executives, including the CEO, are most at risk of being hacked when working outside of the office, according to a new report from iPass. Cafés and coffee shops were ranked the number one high-risk venue by 42 percent of respondents, from a list also including airports (30 percent), hotels (16 percent), exhibition centers (7 percent) and airplanes (4 percent). The vast majority (93 percent) of respondents said they … More

    click to view

  • The privacy threat of IoT device traffic rate metadata

    Even though many IoT devices for smart homes encrypt their traffic, a passive network observer – e.g. an ISP, or a neighborhood WiFi eavesdropper – can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. Examining IoT smart home devices A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the … More

    click to view

  • How to secure your digital transformation

    Organizations are demanding and implementing new solutions that enable them to streamline operations, cultivate new business opportunities and provide better service to their customers. These new solutions require CSOs /CISOs to maintain protection of their organization’s and customers’ assets even while moving the control of network, platforms, applications and data beyond the traditional technologies and boundaries of their organization. Adding additional network and provider layers along with operational uncertainty make it more difficult to sustain … More

    click to view

| Date published: Tue, 23 May 2017 19:57:44 +0000
Back to newsfeed list
Translate to: {GOOGLETRANS}
Google Ads




Headlines

»CVE-2014-9970
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
»CVE-2015-1529
Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a den ...
»CVE-2015-4045
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users ...
»CVE-2015-4046
The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to ex ...
»CVE-2015-4054
PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereferenc ...
»CVE-2015-4455
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For ...
»CVE-2015-4704
Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows re ...
»CVE-2015-5241
After logging into the portal, the logout jsp page redirects the browser back to the login page afte ...
»CVE-2015-5381
Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x be ...
»CVE-2015-5382
program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows ...
»CVE-2015-5383
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by read ...
»CVE-2015-5401
Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.0 ...
»CVE-2015-5468
Directory traversal vulnerability in the WP e-Commerce Shop Styling plugin before 2.6 for WordPress ...
»CVE-2015-5469
Absolute path traversal vulnerability in the MDC YouTube Downloader plugin 2.1.0 for WordPress allow ...
»CVE-2015-5609
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote att ...


Date published: 2017-05-23T16:00:01Z
Details

»ICS-CERT Releases WannaCry Fact Sheet
Original release date: May 17, 2017 | Last revised: May 19, 2017 The Industrial Control Syste ...
»Joomla! Releases Security Update for CMS
Original release date: May 17, 2017 Joomla! has released version 3.7.1 of its Content Managem ...
»Cisco Releases Security Updates
Original release date: May 17, 2017 Cisco has released updates to address vulnerabilities aff ...
»WordPress Releases Security Update
Original release date: May 17, 2017 WordPress versions prior to 4.7.5 are affected by multipl ...
»FTC Releases Alert on Fraudulent Emails
Original release date: May 16, 2017 The Federal Trade Commission (FTC) has released an alert ...
»Apple Releases Security Updates
Original release date: May 15, 2017 Apple has released security updates to address vulnerabil ...
»Multiple Ransomware Infections Reported
Original release date: May 12, 2017 | Last revised: May 15, 2017 US-CERT has received multipl ...
»Cisco Releases Security Update
Original release date: May 10, 2017 Cisco has released a security update to address a vulnera ...
»FTC Announces Resource for Small Business Owners
Original release date: May 09, 2017 The Federal Trade Commission (FTC) has released an announ ...
»Microsoft Releases May 2017 Security Updates
Original release date: May 09, 2017 Microsoft has released updates to address vulnerabilities ...


Date published: not known
Details

»WannaCry shows we need to understand why organizations don't patch
Perhaps the question we should be asking about WannaCry is not ...
»Modern security software is not necessarily powerless against threats like WannaCry
The WannaCry ransomware has affected many organisations around the ...
»Throwback Thursday: CARO: A personal view
This week sees the 11th International CARO Workshop taking place in ...
»VB2016 paper: Uncovering the secrets of malvertising
Malicious advertising, a.k.a. malvertising, has evolved tremendousl ...
»Throwback Thursday: Tools of the DDoS Trade
As DDoS attacks become costlier to fix and continue to increase in ...
»VB2016 paper: Building a local passiveDNS capability for malware incident response
At VB2016, Splunk researchers Kathy Wang and Steve Brant presented ...
»VB2016 video: Last-minute paper: A malicious OS X cocktail served from a tainted bottle
In a VB2016 last-minute presentation, ESET researchers Peter Kalnai ...
»Consumer spyware: a serious threat with a different threat model
Consumer spyware is a growing issue and one that can have serious c ...
»VB2016 paper: Debugging and monitoring malware network activities with Haka
In their VB2016 paper, Stormshield researchers Benoît Ancel and Meh ...


Date published: not known
Details
Main Menu
· Home
Current Security News
 
US-CERT Current Activity

» ICS-CERT Releases WannaCry Fact Sheet
[17 May 2017 09:14pm]

» Joomla! Releases Security Update for CMS
[17 May 2017 11:48am]

» Cisco Releases Security Updates
[17 May 2017 11:31am]

» WordPress Releases Security Update
[17 May 2017 07:09am]

» FTC Releases Alert on Fraudulent Emails
[16 May 2017 03:10pm]

» Apple Releases Security Updates
[15 May 2017 03:33pm]

» Multiple Ransomware Infections Reported
[12 May 2017 01:05pm]

» Cisco Releases Security Update
[10 May 2017 11:33am]

» FTC Announces Resource for Small Business Owners
[09 May 2017 07:14pm]

» Microsoft Releases May 2017 Security Updates
[09 May 2017 02:50pm]

***
US-CERT Alerts

» TA17-132A: Indicators Associated With WannaCry Ransomware
[12 May 2017 07:36pm]

» TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors
[27 Apr 2017 04:50pm]

» TA17-075A: HTTPS Interception Weakens TLS Security
[16 Mar 2017 06:40am]

» TA16-336A: Avalanche (crimeware-as-a-service infrastructure)
[30 Nov 2016 10:00pm]

» TA16-288A: Heightened DDoS Threat Posed by Mirai and Other Botnets
[14 Oct 2016 05:59pm]

» TA16-250A: The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations
[06 Sep 2016 04:29pm]

» TA16-187A: Symantec and Norton Security Products Contain Critical Vulnerabilities
[05 Jul 2016 08:50am]

» TA16-144A: WPAD Name Collision Vulnerability
[23 May 2016 05:38am]

» TA16-132A: Exploitation of SAP Business Applications
[11 May 2016 05:31am]

» TA16-105A: Apple Ends Support for QuickTime for Windows; New Vulnerabilities Announced
[14 Apr 2016 01:48pm]

***
Computerworld Security

» 4 ways blockchain is the new business collaboration tool
[23 May 2017 04:01am]

» Connecting with work from the road? Here's how to stay safe
[23 May 2017 04:00am]

» 5 ways to stop future global malware attacks
[22 May 2017 03:06pm]

» No, Windows XP didn't fuel WannaCry
[22 May 2017 01:57pm]

» IDG Contributor Network: Winning the war on ransomware
[22 May 2017 12:00pm]

» Leak: Secret Facebook rules on what violence, self-harm and child abuse can be posted
[22 May 2017 07:18am]

» For enterprise protection, antivirus software is no longer enough
[22 May 2017 04:00am]

» Windows Defender does not defend Windows 7 against WannaCry
[21 May 2017 06:37pm]

» The ransomware epidemic: How to prep for a shakedown
[19 May 2017 02:37pm]

» The Windows firewall is the overlooked defense against WannaCry and Adylkuzz
[19 May 2017 10:25am]

» IDG Contributor Network: Who you gonna call?: Getting ready for the next cyber disaster
[19 May 2017 07:03am]

» CW@50: Vint Cerf on his 'love affair' with tech and what’s coming next
[19 May 2017 04:00am]

» Get 72% off NordVPN Virtual Private Network Service For a Limited Time - Deal Alert
[18 May 2017 09:29am]

» 55% off Panda Security Ransomware and Virus Protection Products for Home Users - Deal Alert
[18 May 2017 07:49am]

» IDG Contributor Network: FTC to crack down on bogus ‘tech support’ lines
[17 May 2017 12:30pm]

***
Microsoft Security Advisories

» 4022345 - Identifying and correcting failure of Windows Update client to receive updates - Version: 1.3
[12 May 2017 11:00am]

» 4021279 - Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege - Version: 1.1
[10 May 2017 11:00am]

» 4010323 - Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11 - Version: 1.0
[09 May 2017 11:00am]

» 3123479 - SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[14 Mar 2017 11:00am]

» 4010983 - Vulnerability in ASP.NET Core MVC 1.1.0 Could Allow Denial of Service - Version: 1.0
[27 Jan 2017 11:00am]

» 3214296 - Vulnerabilities in Identity Model Extensions Token Signing Verification Could Allow Elevation of Privilege - Version: 1.0
[10 Jan 2017 11:00am]

» 3181759 - Vulnerabilities in ASP.NET Core View Components Could Allow Elevation of Privilege - Version: 1.0
[13 Sep 2016 11:00am]

» 3174644 - Updated Support for Diffie-Hellman Key Exchange - Version: 1.0
[13 Sep 2016 11:00am]

» 3179528 - Update for Kernel Mode Blacklist - Version: 1.0
[09 Aug 2016 11:00am]

» 2880823 - Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program - Version: 2.0
[18 May 2016 11:00am]

» 3155527 - Update to Cipher Suites for FalseStart - Version: 1.0
[10 May 2016 11:00am]

» 3152550 - Update to Improve Wireless Mouse Input Filtering - Version: 1.1
[22 Apr 2016 11:00am]

» 3137909 - Vulnerabilities in ASP.NET Templates Could Allow Tampering - Version: 1.1
[10 Feb 2016 11:00am]

» 2871997 - Update to Improve Credentials Protection and Management - Version: 5.0
[09 Feb 2016 11:00am]

» 3109853 - Update to Improve TLS Session Resumption Interoperability - Version: 1.0
[12 Jan 2016 11:00am]

***


***
Network World Security

» IDG Contributor Network: Do you know where your data is?
[23 May 2017 12:00pm]

» IDG Contributor Network: Educating the public about security – are we doing it all wrong?
[23 May 2017 10:35am]

» IDG Contributor Network: How security executives can feel comfortable in the boardroom and server room
[23 May 2017 10:15am]

» IDG Contributor Network: How quantum computing increases cybersecurity risks
[23 May 2017 10:00am]

» Network monitoring tools: Features users love and hate
[01 May 2017 04:51am]

» Fight firewall sprawl with AlgoSec, Tufin, Skybox suites
[10 Apr 2017 04:32am]

» Review: Canary Flex security camera lives up to its name
[24 Mar 2017 07:01am]

» Smackdown: Office 365 vs. G Suite management
[16 Mar 2017 07:01am]

» Zix wins 5-vendor email encryption shootout
[13 Mar 2017 04:00am]

» Review: vArmour flips security on its head
[06 Mar 2017 03:50am]

» 5 open source security tools too good to ignore
[21 Feb 2017 07:12am]

» Review: Samsung SmartCam PT network camera
[15 Feb 2017 07:00am]

» Review: Arlo Pro cameras offer true flexibility for home security
[09 Feb 2017 07:01am]

» IDG Contributor Network: Educating the public about security – are we doing it all wrong?
[23 May 2017 10:35am]

» IDG Contributor Network: How security executives can feel comfortable in the boardroom and server room
[23 May 2017 10:15am]

***


More IT Security
News Feeds
More Sponsors

Advertise on this site
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Welcome
Username:

Password:




Remember me

[ ]

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}