Information Security
A serious security vulnerability has been found in 7-Zip
The flaw affects all previous versions of the software.<p>7-Zip is free, open-source file archiving software that's been around for an awfully long …
SecurityGLitch
What is GLitch?<p>GLitch is one part of our series of Rowhammer attacks. We started by breaking the EDGE browser and the cloud. Then we moved towards …
SecurityOracle Access Manager security bug so serious it let anyone access protected data
The moral? Don't roll your own crypto, security researcher tells Oracle.<p><i>Video: Oracle urges customers to install latest patch: It fixes 254</i> …
SecurityA Remote Hack Hijacks Android Phones Via Electric Leaks in Their Memory
Nearly four years have passed since researchers began to experiment with a hacking technique known as "Rowhammer," which breaks practically every …
SecuritySomebody Tried to Hide a Backdoor in a Popular JavaScript npm Package
The Node Package Manager (npm) team avoided a disaster today when it discovered and blocked the distribution of a cleverly hidden backdoor mechanism …
JavaScriptWindows 10 Meltdown Patch Has 'Fatal Flaw,' Update Now
Microsoft may have patched Windows 10 for Meltdown, but a security researcher claims that the patch had a "fatal flaw" that undermines the purported …
Laptops6 Enterprise Password Managers That Lighten the Load for Security
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.<p>1 of 7<p><i>Image Source: Blackboard</i> …
SecurityIndustrial Networks Easy to Hack From Corporate Systems: Study
<b>Hackers could in many organizations easily gain access to industrial environments from the corporate network, according to an analysis conducted by</b> …
SecurityFlaw in global energy facility software shows critical infrastructure risks
Critical infrastructure worries in the U.S. and abroad are far from over. This week, security firm Tenable published research demonstrating a vulnerability affecting two software programs used by global energy management company Schneider Electric. The company’s systems are in place in facilities …
CybersecurityTwitter Corrected a Bug That Caused Passwords to Be Stored in Plain Text
Twitter admitted Thursday that it fixed a bug that stored passwords in plain text in an internal log, stressing that the information in that log was …
Digital MarketingVW bugs: "Unpatchable" remote code pwnage
<b>Two security researchers</b> have excoriated Volkswagen Group for selling insecure cars. As in: hackable-over-the-internet insecure.<p><b>They broke into</b> a …
SecurityGoogle releases open source framework for building “enclaved” apps for cloud | Ars Technica
Toolkit aims to make building "confidential computing" containerized apps easier.<p>Today, Google is releasing an open source framework for the …
SecurityYubikey/Smartcard backed TLS servers
It has become clear that storing secrets in computers is hard. The best demo to the world that storing secrets on “online” computers is hard and …
Security73 percent of industrial networks are vulnerable to hackers
The industrial control systems (ICS) used to run equipment in manufacturing, energy, and other sectors are secured differently from office networks. …
SecurityYou should change your Twitter password right now. Yes, you!
Oh joy, another breach!<p>This time it’s Twitter, which just admitted to a pretty big blunder. In a new blog post, the company’s CTO, Parag Agrawal, wrote that his team “recently identified a bug that stored passwords unmasked in an internal log.” <b>In short, there was something employees had access to</b> …
SecurityResearchers demonstrate GLitch, an Android exploit that uses Rowhammer attack to remotely execute code; Chrome is patched; Firefox's next patch attempt due 5/9
SecurityIntel reportedly gears up to patch 8 Spectre Next Generation CPU flaws
Intel says that eight new security flaws found in modern processors will be disclosed in the near future as it develops specific patches for other …
SecurityIt's time to update you Cisco WebEx software again!
Cisco has released security updates for a variety of its offerings, including some that fix critical remote code execution vulnerabilities in WebEx …
Security3 Ways to Maximize Security and Minimize Business Challenges
The best strategy for choosing security tools and architecting networks is to focus on staffing and resources, risk tolerance, and business …
SecurityKitty malware gets its claws into Drupal websites to mine Monero
Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware …
DrupalTwitter Reveals Password Bug, Recommends Users Change Passwords
Twitter disclosed that it discovered a bug in its system for storing passwords — which left them exposed on an internal log — and said that out of …
StreamingTwitter urges users to change their passwords after discovering a bug that revealed them internally
Twitter on Thursday encouraged its more than 330 million users to change their passwords after the company discovered a bug that revealed the …
SecurityWindows security: Microsoft issues fix for critical Docker tool flaw, so patch now
Microsoft has patched a bug in an open-source tool it developed to help Docker containers run on Windows.<p><i>Video: Microsoft's reverse engineering</i> …
SecurityAMD’s says the patches for its recent Ryzen flaws are almost ready
Whether you believe CTS Labs’ intentions were honest when it revealed a number of bugs in AMD’s Ryzen and Epyc chips earlier this year, the bugs are …
SecuritySecurity Holes Exposed In Smart Lighting System
Sylvania Osram Lightify vulnerabilities could allow an attacker to turn out the lights or ultimately infiltrate the corporate network.<p>Researchers at …
SecurityIt’s a mess: Microsoft patched Windows or Office on 11 different days in April
It took a while to dig through all the announcements, but I’ve come up with a list of significant patches to Windows and Office released in April …
Business Technology(IN)SECURE Magazine: RSAC 2018 special issue released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics.<p>Issue 57.5, dedicated entirely …
SecurityA Survey among Network Operators on BGP Prefix Hijacking – Computer Communication Review
BGP prefix hijacking is a threat to Internet operators and users. Several mechanisms or modifications to BGP that protect the Internet against it …
SecurityCisco Security Webinars
Security Demo Fridays<p>Every Friday at 1PM EDT / 10AM PDT <br>Drop in each week for a 60-minute live technical demo and Q&A with Cisco security experts.<p>‹ prev<br>• next ›<p>1<br>• 2<br>• 3<br>• 4<br>• 5<br>• 6<br>• 7<p><b>Upcoming Demos</b><p><b>May 4, 2018: Cisco Threat Grid and AMP for Endpoint Apps for Splunk</b><br>Register today<p>Splunk turns machine data into answers. …
Cisco SystemsOnapsis Helps SAP Customers Identify and Fix Widespread Critical Security Configuration Risk
Onapsis, the global experts in SAP and Oracle application cybersecurity and compliance, revealed a critical security configuration vulnerability that …
Security