Who is asking Google to delist certain URLs appearing in search results related to their name, and what kind of requests does the search giant honor? The company has been keeping track of them since the “Right to be Forgotten” privacy ruling has been put into practice by the European Union, and since January 2016 the company’s reviewers have been manually annotating each requested URL...
Read More
The exploit kit landscape has continued its downfall started in the summer of 2016 and its leading player —the RIG exploit kit— has stopped delivering any ransomware strains in 2018, focusing now on spreading cryptocurrency miners (coinminers) and information-stealing trojans (infostealers). These are the main conclusions of months of observation by Palo Alto Network security researcher Brad Duncan. Exploit kit market continues to fall Duncan, one...
Read More
Some of the most influential voices in the PHP community have united on a project to improve the security of the PHP ecosystem. Under the name of FriendsOfPHP, this group has created a database that includes references and details for known security vulnerabilities affecting various PHP projects and libraries. The purpose of this database is to provide a giant guide of what versions of what...
Read More
The Equifax breach was well over half a year ago now, but I’ve had a nagging worry all the while since then: Was my child’s data affected in that breach, and how could I possibly find out for sure? After the Equifax breach, a number of people who had never even heard of the credit monitoring bureau (including people living outside of the U.S.) found...
Read More
Small Business is a privileged target of attackers, in fact, there is a high risk of having problems with hackers if you are a large company or even a media player. Do you have a small company? If the answer is yes, and you think that no cyber attack will ever affect you, think again. Small Business is a privileged target of attackers, in fact,...
Read More
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just...
Read More
The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. The agency’s IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its network. DOT officials told local press [1, 2] that crucial systems were not affected, such as...
Read More
Description: A vulnerability in the Interactive Voice Response (IVR) management connection interface for Cisco Unified Customer Voice Portal (CVP) could allow an unauthenticated, remote attacker to cause the IVR connection to disconnect, creating a system-wide denial of service (DoS) condition. The vulnerability is due to improper handling of a TCP connection request when the IVR connection is already established. An attacker could exploit this vulnerability...
Read More
Description: A vulnerability in the authentication functionality of the web-based service portal of Cisco Elastic Services Controller Software could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrator privileges on an affected system. The vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software. An attacker could exploit this vulnerability by...
Read More
Description: A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted...
Read More
