Windows Hello for Business Opens Door to New Attack …

Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation. Researchers investigating Microsoft’s Windows Hello for Business have discovered new attack vectors, including a persistent Active Directory backdoor that they say current security tools don’t detect. Windows Hello for Business (WHfB) was introduced in
Read more
7 Comments

Human Nature vs. AI: A False Dichotomy?

How the helping hand of artificial intelligence allows security teams to remain human while protecting themselves from their own humanity being used against them. Nobel Prize-winning novelist Anatole France famously opined: “It is human nature to think wisely and act foolishly.” As a species, we’re innately designed with — as far as our awareness extends
Read more
2 Comments

Facebook Discloses WhatsApp MP4 Video Vulnerability

Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-19084PUBLISHED: 2019-11-18 In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details. CVE-2019-19085PUBLISHED: 2019-11-18 A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote
Read more
1 Comment

13 Security Pros Share Their Most Valuable Experiences

From serving as an artillery Marine to working a help desk, infosec practitioners pinpoint experiences that had the greatest influence on their careers. 1 of 11 There is no one-size-fits-all approach to building a security career, as evidenced by the diverse range of educational, professional, and personal experiences that its many practitioners have. It’s also
Read more
6 Comments

Capture the Flag Planned to Find Missing Persons Information

The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
Read more
1 Comment

Attacks on Healthcare Jump 60% in 2019

Well-known Trojans Emotet and Trickbot are cybercriminals’ favorite weapons in their campaigns. Cybercriminals are increasingly targeting hospitals, doctors’ offices, and other healthcare organizations, with attacks using Trojan malware climbing by 82% between the second and third quarters of this year. Cyberattacks against healthcare organizations jumped 60% in the first nine months of the year, compared
Read more
1 Comment

US-CERT Warns of Remotely Exploitable Bugs in …

Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker. US-CERT has issued an advisory for vulnerabilities in Medtronic’s Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, officials report. The advisory details three vulnerabilities.
Read more
1 Comment

Microsoft Patches IE Zero-Day Among 74 Vulnerabilities

The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer. Patch Tuesday is back once again, bringing with it 74 security fixes, 61 of which are classified as Important and 13 as Critical, including one Internet Explorer bug under active attack. Microsoft today released fixes for CVEs across Windows,
Read more
4 Comments

Researchers Disclose New Vulnerabilities in Windows …

Attackers could take advantage of simple design flaws in widely distributed drivers to gain control over Windows systems. Eclypsium researchers today disclosed new vulnerabilities in widely distributed Windows drivers, which could be exploited to take over Windows systems, including the device’s system and component firmware. These vulnerable drivers directly affect Intel devices, they report. The
Read more
8 Comments

Rethinking Enterprise Data Defense | Tech Library

Rethinking Enterprise Data Defense What are the chief concerns of today’s enterprise data defenders? What technologies and best practices do they find to be most effective in preventing compromises, and what methods have they found to make better use of their staffing and funding resources? In this survey we ask security professionals for insight on
Read more
7 Comments