March 1, 2017
Lucian Constantin, Computerworld.com, February 24, 2017
For months, a bug in Cloudflare’s content optimization systems exposed sensitive information sent by users to websites that use the company’s content delivery network. The data included passwords, session cookies, authentication tokens and even private messages.
Lucian Constantin, Csoonline.com, February 24, 2017
Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible.
Paul Brandau, Delta-risk.net, February 23, 2017
In our previous blog, we discussed how insufficient network segmentation can be exploited by attackers and pen testers.
This week, we discuss a finding that we frequently abuse during the privilege escalation phase of our penetration testing assessments, particularly for those involving public sector clients. This phase occurs after our operators have gained a foothold and established persistence within a client’s internal network. At this point of the assessment, our foothold into the network is in the context of a domain user (or more often, several domain users)
Businesszone.co.uk, February 24, 2017
You may be concerned that keeping your company’s system safe from hacking could necessitate significant expenditure on various security products and services. However, there are actually various ways in which you can protect your system at a low cost. This is particularly appealing for small businesses who could lack abundant financial reserves.
Socialbarrel.com, February 21, 2017
For better or worse, employees are the first (and sometime final) safeguard against digital incursion – and hackers know it. Cybercriminals are a sneaky bunch. More often than not, they will exploit your company’s weak spots rather than launch a full-scale assault against your security solutions. And what is your weakest link? Sadly, research shows that employee negligence is one of the leading causes of data breach.
Tim Armstrong, Dzone.com, February 27, 2017
We’ve written before about what it means to meet compliance standards without going completely overboard. Today, we want to talk about how that applies to cloud security as well. Some teams mistakenly believe that their security posture needs to be absolutely perfect. That’s not only overwhelming — it’s impossible.
Maritza Santillan, Tripwire.com, February 27, 2017
New research reveals that the majority of ransomware victims (85 percent) had their systems taken offline for at least a week, costing businesses thousands in financial damage each day.
Kieren McCarthy, Theregister.co.uk, February 22, 2017
The Dutch banking industry is doing a terrible job of online security, according to the company that runs the country’s .nl internet domains. In a new report published Tuesday, the internet registry SIDN was surprised to find that just six per cent of banks using .nl internet addresses have the security protocol DNSSEC in place to protect their digital assets and their customers.
David Bisson, Grahamcluley.com, February 24, 2017
A new Android banking trojan poses as a legitimate weather forecast app in an effort to steal users’ banking credentials.
Bill Siwicki, Healthcareitnews.com, February 28, 2017
As most everyone in healthcare will remember, health insurer Anthem suffered a data breach in 2015 that affected as many as 80 million patients. While healthcare did not witness a breach of that scale in 2016, numerous hospitals fell victim to ransomware attacks, and healthcare security budgets continued to lag behind those of other industries, according to Forrester Research.
Healthitsecurity.com, February 27, 2017
More healthcare organizations are implementing mobile devices and opting for BYOD strategies to help strengthen communication capabilities. However, the increase in endpoint devices has also opened entities up to more security issues, such as ransomware threats.