Security News

Open-source vulnerabilities plague enterprise codebase systems

zdnet 0 day - Tue, 05/15/2018 - 08:00
Vulnerabilities including the bug reportedly responsible for Equifax's data breach are still common elements of open-source systems used in the enterprise.
Categories: Security News

Enterprise vulnerability management as effective as 'random chance'

zdnet 0 day - Tue, 05/15/2018 - 07:00
New research suggests that predictive models could pave the way for more efficient cybersecurity remediation strategies.
Categories: Security News

Sending Inaudible Commands to Voice Assistants

Bruce Shneier's Blog - Tue, 05/15/2018 - 06:13
Researchers have demonstrated the ability to send inaudible commands to voice assistants like Alexa, Siri, and Google Assistant. Over the last two years, researchers in China and the United States have begun demonstrating that they can send hidden commands that are undetectable to the human ear to Apple's Siri, Amazon's Alexa and Google's Assistant. Inside university labs, the researchers have... Bruce Schneier
Categories: Security News

Adobe sends out second wave of security updates for critical vulnerabilities

zdnet 0 day - Tue, 05/15/2018 - 05:59
A total of 47 vulnerabilities in Adobe Reader, Acrobat, and Photoshop CC have been tackled in the new security update.
Categories: Security News

Kaspersky Lab to shift US customer data from Russia to Switzerland

zdnet 0 day - Tue, 05/15/2018 - 02:00
Kaspersky Lab also plans to move the tools and systems used to compile products from its source code to the country.
Categories: Security News

US cell carriers are selling access to your real-time phone location data

zdnet 0 day - Mon, 05/14/2018 - 14:00
The company embroiled in a privacy row has "direct connections" to all major US wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint -- and Canadian cell networks, too.
Categories: Security News

Details on a New PGP Vulnerability

Bruce Shneier's Blog - Mon, 05/14/2018 - 13:36
A new PGP vulnerability was announced today. Basically, the vulnerability makes use of the fact that modern e-mail programs allow for embedded HTML objects. Essentially, if an attacker can intercept and modify a message in transit, he can insert code that sends the plaintext in a URL to a remote website. Very clever. The EFAIL attacks exploit vulnerabilities in the... Bruce Schneier
Categories: Security News

Critical PGP Vulnerability

Bruce Shneier's Blog - Mon, 05/14/2018 - 09:33
EFF is reporting that a critical vulnerability has been discovered in PGP and S/MIME. No details have been published yet, but one of the researchers wrote: We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. There are currently no reliable... Bruce Schneier
Categories: Security News

Rail Europe had a three-month long credit card breach

zdnet 0 day - Mon, 05/14/2018 - 08:16
Credit card numbers, expiration dates, and card verification codes were stolen.
Categories: Security News

This malware is harvesting saved credentials in Chrome, Firefox browsers

zdnet 0 day - Mon, 05/14/2018 - 02:42
Researchers say the new Vega Stealer malware is currently being used in a simple campaign but has the potential to go much further.
Categories: Security News

Chili's restaurant chain suffers data breach

zdnet 0 day - Mon, 05/14/2018 - 01:37
Customers are being warned that payment card information was likely involved in the data breach.
Categories: Security News