Windows Hello for Business Opens Door to New Attack …
Tuesday, 19 November 2019
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation. Researchers investigating Microsoft’s Windows Hello for Business have discovered new attack vectors, including a persistent Active Directory backdoor that they say current security tools don’t detect. Windows Hello for Business (WHfB) was introduced in
- Published in Threats, Threats Analysis
7 Comments
Human Nature vs. AI: A False Dichotomy?
Tuesday, 19 November 2019
How the helping hand of artificial intelligence allows security teams to remain human while protecting themselves from their own humanity being used against them. Nobel Prize-winning novelist Anatole France famously opined: “It is human nature to think wisely and act foolishly.” As a species, we’re innately designed with — as far as our awareness extends
- Published in Threats, Threats Analysis
Facebook Discloses WhatsApp MP4 Video Vulnerability
Tuesday, 19 November 2019
Enterprise Vulnerabilities From DHS/US-CERT’s National Vulnerability Database CVE-2019-19084PUBLISHED: 2019-11-18 In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details. CVE-2019-19085PUBLISHED: 2019-11-18 A persistent cross-site scripting (XSS) vulnerability in Octopus Server 3.4.0 through 2019.10.5 allows remote
- Published in Threats, Threats Analysis
13 Security Pros Share Their Most Valuable Experiences
Monday, 18 November 2019
From serving as an artillery Marine to working a help desk, infosec practitioners pinpoint experiences that had the greatest influence on their careers. 1 of 11 There is no one-size-fits-all approach to building a security career, as evidenced by the diverse range of educational, professional, and personal experiences that its many practitioners have. It’s also
- Published in Threats, Threats Analysis
Capture the Flag Planned to Find Missing Persons Information
Friday, 15 November 2019
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
- Published in Threats, Threats Analysis
Attacks on Healthcare Jump 60% in 2019
Friday, 15 November 2019
Well-known Trojans Emotet and Trickbot are cybercriminals’ favorite weapons in their campaigns. Cybercriminals are increasingly targeting hospitals, doctors’ offices, and other healthcare organizations, with attacks using Trojan malware climbing by 82% between the second and third quarters of this year. Cyberattacks against healthcare organizations jumped 60% in the first nine months of the year, compared
- Published in Threats, Threats Analysis
US-CERT Warns of Remotely Exploitable Bugs in …
Friday, 15 November 2019
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker. US-CERT has issued an advisory for vulnerabilities in Medtronic’s Valleylab FT10 and Valleylab FX8 Energy Platforms, both key surgical equipment that could be remotely exploited by a low-skill attacker. Vulnerabilities also affect Valleylab Exchange Client, officials report. The advisory details three vulnerabilities.
- Published in Threats, Threats Analysis
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
Wednesday, 13 November 2019
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer. Patch Tuesday is back once again, bringing with it 74 security fixes, 61 of which are classified as Important and 13 as Critical, including one Internet Explorer bug under active attack. Microsoft today released fixes for CVEs across Windows,
- Published in Threats, Threats Analysis
Researchers Disclose New Vulnerabilities in Windows …
Wednesday, 13 November 2019
Attackers could take advantage of simple design flaws in widely distributed drivers to gain control over Windows systems. Eclypsium researchers today disclosed new vulnerabilities in widely distributed Windows drivers, which could be exploited to take over Windows systems, including the device’s system and component firmware. These vulnerable drivers directly affect Intel devices, they report. The
- Published in Threats, Threats Analysis
Rethinking Enterprise Data Defense | Tech Library
Wednesday, 13 November 2019
Rethinking Enterprise Data Defense What are the chief concerns of today’s enterprise data defenders? What technologies and best practices do they find to be most effective in preventing compromises, and what methods have they found to make better use of their staffing and funding resources? In this survey we ask security professionals for insight on
- Published in Threats, Threats Analysis