For the next two months, developers who report vulnerabilities as part of Microsoft’s Online Services bounty program will receive doubled rewards for their work, the company announced.
read more
Threats to Financial Services Firms, All that Glitters isn’t Gold
Financial institutions have long been an attractive target for threat actors due to the information they hold, their role as part of critical national infrastructure and their often global presence. It’s natural to think that their adversaries are all financially motivated, but many are not. In 2016 we saw drivers like hacktivism, ideological differences and intelligence gathering also motivating attacks.
read more
New Financial Regulation Forces Cyber Security into the Board Room
The New York State Department of Financial Services (DFS) 'first-in-the-nation' cybersecurity regulation for the financial services industry is, as of 1 March 2017, operational . One of the most highly regulated industries is now even more regulated in New York.
read more
Backdoor Found in DBLTek GSM Gateways
Researchers at Trustwave have identified a backdoor in GSM gateways manufactured by Hong Kong-based voice over IP (VoIP) solutions provider DBL Technology.
read more
Cloudflare Finds No Evidence of “Cloudbleed” Exploitation
Cloudflare informed customers on Wednesday that it has found no evidence of the recently discovered memory leak being exploited for malicious purposes before it was patched.
read more
Slack Quickly Patches Account Hijacking Flaw
It only took the developers of the Slack team collaboration tool five hours to patch a critical vulnerability that could have been exploited to steal a user’s private token and gain access to their account.
read more
Forged Cookie Attack Affected 32 Million Yahoo Users
The recently disclosed security incident involving forged cookies affected 32 million user accounts, Yahoo said in its annual filing to the U.S. Securities and Exchange Commission (SEC).
read more
Apps Containing Malicious IFrames Found on Google Play
Recent analysis has found 132 Android applications in the official Google Play app store that have been infected with tiny hidden IFrames linking to malicious domains, Palo Alto Networks researchers warn.
read more
New Malware Will Soon Start “AtomBombing” U.S. Banks
New Dridex 4 Banking Malware With AtomBombing Code Injection is Expected to be Used Against U.S. Banks
read more
Aruba Patches Vulnerabilities in AirWave Product
HPE-owned network access solutions provider Aruba has patched XML external entity (XXE) and cross-site scripting (XSS) vulnerabilities in its AirWave network management platform.
The vulnerabilities were reported to Aruba by Pichaya Morimoto of SEC Consult and independently by two other researchers. Both weaknesses affect AirWave’s VisualRF component.
read more
