The new year is only a couple of weeks old and there have already been several ICS related security incidents in the news. The media often sensationalizes these incidents. This is creating hype and growing worldwide awareness and concern over the threat of cyber attacks against industrial and critical physical infrastructures. I believe that 2017 will be the year ICS security becomes a mainstream media topic.
read more
Oracle Patches 270 Vulnerabilities Across Product Portfolio
Oracle on Tuesday released its first Critical Patch Update (CPU) for 2017. The software update addresses 270 security issues across its products, 121 of which were found in Oracle E-Business Suite.
read more
Facebook Awards $40,000 Bounty for ImageTragick Hack
A researcher claims to have received a $40,000 bounty from Facebook for finding a remote code execution vulnerability introduced by the ImageMagick image processing suite.
read more
Security Bug Lurked in Nexus 9 Kernel for Two Years
A security vulnerability that allowed a privileged attacker to arbitrary write values within kernel space lurked in Nexus 9’s kernel for two years before being patched, IBM security researchers reveal.
read more
Responsible Disclosure – Critical for Security, Critical for Intelligence
Not Adhering to Responsible Disclosure has the Potential to Amplify the Threats Posed by Certain Vulnerabilities and Incidents
read more
Critical Infrastructure Security: Risks Posed by IT Network Breaches
read more
Continue readingCredential Stuffing: a Successful and Growing Attack Methodology
With a database of 1 million stolen credentials, criminals using a credential stuffing attack with a tool such as Sentry MBA could expect to compromise roughly 10,000 accounts on a targeted but uncompromised site. In 2016, 3.3 billion user credentials were spilled onto the internet, according to figures from Shape Security's just released 2017 Credential Spill Report.
read more
Windows 10 Blocks Zero-Days Before Patches Arrive: Microsoft
Unknown to vendors but exploited by cybercriminals, zero-day vulnerabilities are the most threatening security issues, but Microsoft's Windows 10 can block exploitation of these vulnerabilities before they are even patched, Microsoft says.
read more
App Stores Must Register With State: China
Shanghai – App stores in China must register with the state from Monday, a government statement said, as China tightens its control over the internet.
App stores are "not strict" when they examine and approve apps, the China Cyberspace Administration, the country's internet watchdog, said in a statement.
read more
Security Audit Finds No Major Flaws in Dovecot
Germany-based security services provider Cure53 has conducted a security audit of Dovecot and determined that the software lives up to its reputation of being highly secure.
read more
