You are here:-CyberSecurity

CyberSecurity

GnuPG Vulnerability Allows Spoofing of Message Signatures

By | 2018-06-15T03:04:32+00:00 June 14th, 2018|Categories: CyberSecurity|

GnuPG recently addressed an input sanitization vulnerability where a remote attacker could spoof arbitrary signatures. Part of the GNU Project and also known as GPG, GnuPG is a complete and free implementation of the OpenPGP standard that enables the encryption and signing of data and communications. The hybrid-encryption software program has a versatile

Cortana Flaw Allows for Code Execution from Lock Screen

By | 2018-06-15T02:08:28+00:00 June 14th, 2018|Categories: CyberSecurity|

One of the vulnerabilities Microsoft addressed with the June 2018 security patches was a flaw in Cortana that could allow an attacker to elevate privileges and execute code from the lock screen. The issue, discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee, is tracked as CVE-2018-8140. The bug

Meltdown-Like ‘LazyFP’ Vulnerability Impacts Intel CPUs

By | 2018-06-15T01:19:07+00:00 June 14th, 2018|Categories: CyberSecurity|

Intel and software vendors have started informing users about a new vulnerability involving side channel speculative execution that could be exploited by malicious actors to obtain sensitive information from the targeted system. Dubbed LazyFP, the security hole is related to the floating point unit (FPU), also known as the math coprocessor. The FPU

New LokiBot-Linked Android Trojan Emerges

By | 2018-06-15T00:27:42+00:00 June 14th, 2018|Categories: CyberSecurity|

A newly discovered banking Trojan targeting Android 7 and 8 versions is using the same command and control (C&C) server as LokiBot, Threat Fabric (formerly known as SfyLabs) reports. Dubbed MysteryBot, the new threat appears to be either an update for LokiBot or a brand new malware family from the same threat actor.

European Parliament Votes to Ban Kaspersky Products

By | 2018-06-14T13:22:14+00:00 June 14th, 2018|Categories: CyberSecurity|

Kaspersky Suspends Collaboration With Europol and NoMoreRansom  Kaspersky Lab has suspended its collaboration with Europol and the NoMoreRansom initiative after the European Parliament passed a resolution that describes the company’s software as being “malicious.” Kaspersky is not trusted by some governments due to its alleged ties to Russian intelligence, which has sparked concerns that the

World Cup: US Spy Warns Russians Will Hack Phones, Computers

By | 2018-06-14T12:22:26+00:00 June 13th, 2018|Categories: CyberSecurity|

A top US intelligence official warned football fans traveling to Russia for the World Cup that their phones and computers could be hacked by Moscow's cyber spies. William Evanina, Director of the National Counterintelligence and Security Center, said that in Russia, even people who believe they are too unimportant to be hacked can

Apple Steps Up Encryption to Thwart Police Cracking of iPhones

By | 2018-06-14T05:54:41+00:00 June 13th, 2018|Categories: CyberSecurity|

Apple said Wednesday it was strengthening encryption on its iPhones to thwart police efforts to unlock handsets without legitimate authorization. The move by Apple, the latest in an ongoing clash with law enforcement, comes amid reports of growing use of a tool known as GrayKey which can enable police to bypass iPhone security

5.9 Million Card Details Accessed in Dixons Carphone Hack

By | 2018-06-14T05:04:41+00:00 June 13th, 2018|Categories: CyberSecurity|

Dixons Carphone, a household name in the UK, announced (PDF) today that it is investigating "unauthorised access to certain data held by the company." It describes this access as "an attempt to compromise 5.9 million cards in one of the processing systems of Currys PC World and Dixons Travel stores," and "1.2m records

Security In A DevOps World

By | 2018-06-14T03:49:54+00:00 June 13th, 2018|Categories: CyberSecurity|

[Originally presented at the Gartner Security & Risk Management Summit 2018, “Security In A DevOps World” examines the challenges and benefits of integrating security technology and thinking into the development process at the early stages. The slides are designed to assist in the presentation of the material but they also might come in

Exploit Kits Target Recent Flash, Internet Explorer Zero-Days

By | 2018-06-14T04:12:07+00:00 June 13th, 2018|Categories: CyberSecurity|

Exploit kits (EKs) might not be as dominant as they were several years ago, but they continue to exist and most of them already adopted exploits for recently discovered Flash and Internet Explorer zero-day vulnerabilities. The first of the flaws is CVE-2018-4878, a security bug in Adobe’s Flash Player discovered in late January,