by CIRT Team
The future of smartphone security: Hardware isolation [source: helpnetsecurity]
Mobile spyware has become increasingly more ubiquitous in corporate networks and devices. In a 2017 study, Check Point has found that out of the 850 organizations that they queried, 100% had experienced a mobile malware attack at least once in the past. To date, most cybersecurity companies have focused either on software-only or built-in hardware solutions as a way of fighting back against these threats....
Read More
by CIRT Team
New IoT botnet offers DDoSes of once-unimaginable sizes for $20 [source: arstechnica]
Organizers of a new botnet made up of infected home and small office routers are brazenly selling denial-of-service attacks of once unimaginable volumes for just $20 per target. Calling itself Los Calvos de San Calvicie, the group is advertising several services on this site. Among the services are distributed denial-of-service attacks of 290 to 300 gigabits per second for $20 each. While a third the size...
Read More
by CIRT Team
Tripwire Patch Priority Index for January 2018 [source: tripwire]
Tripwire’s January 2018 Patch Priority Index (PPI) brings together the top vulnerabilities from Microsoft, Adobe, and Oracle. First on the patch priority list this month are patches for Microsoft browsers and scripting engine. These patches address issues such as information disclosure, elevation of privilege, and memory corruption vulnerabilities. Following these are patches for Adobe Flash and Oracle Java. The Adobe patch resolves an out-of-bounds read...
Read More
by CIRT Team
Oracle POS flaw affecting over 300,000 payment systems worldwide [erpscan]
Palo Alto, CA – January 30, 2018 – ERPScan researchers published the details of a new vulnerability recently patched by Oracle. The vulnerability affects its MICROS Point-of-Sale terminals and allows an attacker to read sensitive data from devices. Oracle’s MICROS has more than 330,000 cash registers worldwide. Including 200,000+ food and beverage outlets and more than 30,000 hotels across 180 countries. Despite the fact that Oracle released a...
Read More
by CIRT Team
Widespread API use heightens cybersecurity risks [source: helpnetsecurity]
A new Imperva survey showed a heightened concern for cybersecurity risk related to API use. Specifically, 63 percent of respondents are most worried about DDoS threats, bot attacks, and authentication enforcement for APIs. APIs power the interactive digital experiences users love and are fundamental to an organization’s digital transformation. However, they also provide a window into an application that presents a heightened cybersecurity risk. The survey shows...
Read More
by CIRT Team
Google Removed Over 700,000 Malicious Android Apps From the Play Store in 2017[bleepingcomputer]
Google says it removed over 700,000 bad or malicious apps from the Play Store in 2017, up 70% from 2016. The company also says it banned over 100,000 developer accounts belonging to “bad actors” who tried “to create new accounts and attempt to publish yet another set of bad apps.” These numbers were published today in an end-of-year report authored by Andrew Ahn, Product Manager...
Read More
by CIRT Team
Microsoft Drops on Coercive Registry Cleaners & System Optimizers[bleepingcomputer]
Starting March 1st 2018, Windows Defender and other Microsoft products will begin to remove programs that display coercive behavior designed to pressure a user into purchasing their software. This includes registry cleaners and system optimizers that offer free scans, detect issues with alarming messages, and then require the user to purchase the product before fixing anything. To prepare for this change, Microsoft has updated their software evaluation...
Read More
by CIRT Team
Cyber incidents doubled in 2017 [source: homelandsecuritynewswire]
The Online Trust Alliance (OTA) has just released its Cyber Incident & Breach Trends Report. OTA’s annual analysis found that cyber incidents targeting businesses nearly doubled from 82,000 in 2016 to 159,700 in 2017. Since the majority of cyber incidents are never reported, OTAbelieves the actual number in 2017 could easily exceed 350,000. The report analyzes data breaches, ransomware targeting businesses, business email compromise (BEC), distributed denial of service attacks (DDoS), and...
Read More
by CIRT Team
Achieving zero false positives with intelligent deception [source: helpnetsecurity]
Cyber attacks are not single events. When attackers compromise an asset, they don’t know which asset is infected. They must determine where they are in the network, the network structure and where they can find valuable information. That means attackers carefully try to find out as much as possible about the organization. This is precisely the behavior that intelligent deception technology can exploit in order to thwart...
Read More
by CIRT Team
Cisco Fixes RCE Bug Rated 10 Out of 10 on Severity Scale[source: bleepingcomputer]
Cisco has released software patches that fix a major vulnerability affecting Cisco devices running Adaptive Security Appliance (ASA) Software. Cisco ASA Software is the core operating system for the Cisco ASA Family, a class of security-centric networking devices that combine firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. According to a security advisory published today, older versions of Cisco ASA Software are affected...
Read More
