Category: Cybersecurity News Page 1 of 9

When a Good Thing Goes Bad – How Vulnerabilities Were Intentionally Built into pipdig

Don’t just pay attention to the man behind the curtain, tear the curtain down and burn it. That’s been the general sentiment among the InfoSec community on Twitter this past week in the wake of the discovery of multiple vulnerabilities intentionally built into the popular pipdig Power Pack (P3) plugin. I could easily write 3,000 words digging into the code, but that’s been covered incredibly well already by other researchers. Instead, I’m going to focus more on the effects of this situation, and on how we as a security-minded community can make a difference going forward.

Read More

CMS security update

Magento Releases Immediate Security Update Addressing an Unauthenticated SQLi Vulnerability

The popular e-commerce CMS platform, Magento, announced multiple security updates to their commerce and open source versions on March 26, 2018. More than 250,000 active Magento installations are affected by this security flaw, including versions 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.

Read More

Microsoft Seizes Website

Microsoft takes control of websites from Iranian hackers. Is there an abuse of power in trying to help?

If cybercriminals were creating illegitimate websites to impersonate your brand and steal victims’ information—would you shut down those sites if you could?

That’s exactly what Microsoft did when it took control of 99 websites that Iranian hackers used to try to steal sensitive information from targeted victims, namely United States employees in the public and private sectors. According to Microsoft, the hackers “specifically directed” their attacks on government agencies in Washington.

Read More

4th of July

The Beginner’s Guide to California’s Cybersecurity Laws

California has a history of creating legislation that creates a ripple effect that affects consumers in other states. While the laws only affect California, they often push companies into adopting the rules broadly – for example, California’s strict auto emissions standards have been adopted in 16 other states since 2004. “What California does definitely impacts the national conversation,” says state Senator Scott Wiener. As the home of some of the biggest names in technology, it’s no surprise that California’s legislators are especially concerned about cybersecurity. In 2018 alone, California has passed several laws that they hope will inspire other states – and ultimately, Congress – to passing cybersecurity laws that better address the issues of our time. However, these laws have also attracted criticism from tech companies, cybersecurity experts, and the Federal Government. These laws may come to affect you, which is why we’ve created this guide.

Read More

CMS security update

Joomla! Releases Version 3.8.13 with Security Updates

Last week, Joomla! released version 3.8.13 which included five security updates for the 3.x series of Joomla!. All five of the vulnerabilities addressed are part of the Joomla! application core. Although all of the vulnerabilities are considered low priority, Joomla! is encouraging users to update their applications as soon as possible to avoid possible compromise as a result of them being exploited. The vulnerabilities below were addressed:

Read More

SiteLock Website Security Video

Reserve Your Seat for Our Free Webinar! Website Security Lessons From 3 Major Cyber Stories

SiteLock is hosting a free webinar and you’re invited! Join us LIVE on October 3, 2018 at 10 AM CST as we cover the lessons we’ve learned from a year of cybercrime. Learn from our SiteLock Web Security Research Analysts, Jessica Ortega, Ramuel Gall, and Topher Tebow, as they highlight three of our most popular cybersecurity topics from the past year.

Read More

CMS security update

Joomla! Fixes Security Flaws in 3.8.12

Joomla! recently released version 3.8.12 which includes patches addressing three security vulnerabilities and several bug fixes.  This is a security release that impacts all versions of the 3.x series of Joomla! applications and users are encouraged to update as soon as possible to avoid potential compromise.

Read More

Decoding Security 128: Open Sesame!

FireFox and Chrome announced big changes last week with new ways they will be protecting our information. FireFox will begin to block tracking cookies by default, allowing users to have a better experience while web browsing. Google Chrome announced that starting in September 2018, users will be required to enable Adobe Flash every time the user wishes to use it, all in Chrome’s efforts to wean the public of Flash and force websites into the future.

 

Read More

Decoding Security 127: We Got Conned

Breaking news last week, the NIST (National Institute of Standards and Technology) Small Business Cybersecurity Act was signed into law. The bill will provide an avenue of resources and guidelines for small businesses to reduce their cybersecurity risks. Up next, Black Hat, one of the world’s largest information security conferences, took place in early August 2018 in Sin City. The conference held many briefings on politics, legislation, and Machine Learning (ML) and Artificial Intelligence (AI) in cybersecurity, as well as the challenge of endpoint security for many IoT devices. A topic of importance came from Kryptowire, a mobile security research firm that found firmware vulnerabilities in as many as 10 million Android devices in the United States that have remote escalation privileges.

Read More

Decoding Security 126: The Good, The Bad, and The Ugly…Bots

Making headlines last week, over 170,000 carrier-grade routers belonging to internet service providers were compromised. This caused websites being accessed through these routers to be injected with cryptomining malware. In other news, social media site Reddit suffered a data breach in June due to a circumented 2-factor authentication, allowing cybercriminals to access user data like email addresses, usernames, and passwords.

 

 

Read More

Page 1 of 9

Powered by WordPress & Theme by Anders Norén