scr3: April 2018

Monday 30 April 2018

All Chrome OS Devices Now Protected Against Meltdown

The latest version of Chrome OS now keeps all devices protected from Meltdown, Google says.

from SecurityWeek RSS Feed https://ift.tt/2raV4Nl
via https://ifttt.com/ IFTTT

USB Sticks Can Trigger BSOD – Even on a Locked Device

Thanks to auto-play, it’s possible to crash Windows systems by simply inserting the drive into the USB port, no further user interaction necessary.

from Threatpost | The first stop for security news https://ift.tt/2JHN65d
via https://ifttt.com/ IFTTT

KRACK Vulnerability Puts Medical Devices At Risk

A slew of products from medical dispensing company BD are susceptible to the KRACK vulnerability disclosed last fall.

from Threatpost | The first stop for security news https://ift.tt/2FtkhXF
via https://ifttt.com/ IFTTT

Updated GravityRAT Malware Adds Advanced AV Detection

Researchers warn that the code behind this remote access trojan has been tweaked in an attempt to decrease antivirus detection.

from Threatpost | The first stop for security news https://ift.tt/2JEwQSd
via https://ifttt.com/ IFTTT

NATO Exercise Tests Skills of National Cyber Defenders

More than 1,000 experts from nearly 30 countries have tested their ability to protect IT systems and critical infrastructure networks at NATO’s Locked Shields 2018 live-fire cyber defense exercise.

from SecurityWeek RSS Feed https://ift.tt/2HBR9n0
via https://ifttt.com/ IFTTT

NIST Updates Cybersecurity Framework to Tackle Supply Chain Threats, Vulnerability Disclosure and More

Version 1.1 includes updates on authentication and identity, self-assessment, supply-chain security and vulnerability disclosure, among other changes.

from Threatpost | The first stop for security news https://ift.tt/2jhHXFv
via https://ifttt.com/ IFTTT

Twitter Sold Data To Cambridge Analytica-Linked Company

Twitter is the latest company to face backlash for how it handles data privacy after disclosing that it sold data access to a Cambridge Analytica-linked researcher.

from Threatpost | The first stop for security news https://ift.tt/2jgDBOU
via https://ifttt.com/ IFTTT

Faulty Patch for Oracle WebLogic Flaw Opens Updated Servers to Hackers Again

Earlier this month, Oracle patched a highly critical Java deserialization remote code execution vulnerability in its WebLogic Server component of Fusion Middleware that could allow attackers to easily gain complete control of a vulnerable server. However, a security researcher, who operates through the Twitter handle @pyn3rd and claims to be part of the Alibaba security team, has now found a

from The Hacker News https://ift.tt/2Kpm6Z3
via https://ifttt.com/ IFTTT

NCSC Joins Secure Chorus to Promote End-to-End Secure Communications

The UK's National Cyber Security Center (NCSC) has become the first government agency to join Secure Chorus, a not-for-profit private company limited by guarantee, whose ownership rests with its members. The purpose of Secure Chorus is to develop a secure interoperable cross-platform multimedia communications ecosystem suitable for government and industry use.

from SecurityWeek RSS Feed https://ift.tt/2Ft5nka
via https://ifttt.com/ IFTTT

Hackers Target Poorly Patched Oracle WebLogic Flaw

Hackers have been scanning the Internet for Oracle WebLogic Server installations that can be taken over using a recently addressed vulnerability. While patched systems should be protected against attacks, experts claim the fix implemented by Oracle can be bypassed.

from SecurityWeek RSS Feed https://ift.tt/2vYzCzF
via https://ifttt.com/ IFTTT

PDF Files Can Silently Leak NTLM Credentials

NTML credentials can be stolen via malicious Portable Document Format (PDF) files without any user interaction, Check Point security researchers warn.