Lenovo Patches Networking OS Vulnerability Dating Back to 2004

Threatpost

Vulnerabilities Web Security authentication bypass BladeCenter ENOS Enterprise Networking Operating System Lenovo OS Vulnerability RackSwitchA bug in Lenovo’s Enterprise Networking Operating System could allow an attacker to launch an authentication bypass attack.

Top Database Security Solutions for 2021

eSecurity Planet

Naturally, database vendors are leading providers of database security tools, and a growing number of cloud-based database providers are moving deeper into the data security space. Security is paramount. Read our in-depth review of the McAfee Data Center Security Suite.

Cloud 76
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

States Need Way More Money to Fix Crumbling Voting Machines

WIRED Threat Level

“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers. Security

Microsoft Out-of-Band security patch fixes Windows privilege escalation flaws

Security Affairs

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 Microsoft released this week an out-of-band security update for Windows 8.1 The IT giant urges users to apply the security updates as soon as possible.

CVE-2021-31166 Windows HTTP flaw also impacts WinRM servers

Security Affairs

Microsoft Patch Tuesday for May 2021 security updates addressed 55 vulnerabilities in Microsoft including a critical HTTP Protocol Stack Remote Code Execution vulnerability tracked as CVE-2021-31166.

Risk 107

Security Keys

Imperial Violet

The first instance of this that Google can find is from Bill Gates in 2004 , although I suspect it wasn’t the first. Security Keys are another attempt address this problem—initially in the form of a second authentication factor but, in the future, potentially as a complete replacement. Security Keys have gotten more traction than many other attempts to solve this problem and this post exists to explain and, to some extent, advocate for them to a technical audience.

US will help Baltic states to secure baltic energy grid

Security Affairs

The three states joined both the European Union and NATO in 2004, but they are still part of a power grid controlled by Russia. Suspected Russia-backed hackers have launched exploratory cyber attacks against the energy networks of the Baltic states, sources said, raising security concerns inside the West’s main military alliance, NATO.” The post US will help Baltic states to secure baltic energy grid appeared first on Security Affairs.

Expert released PoC exploit code for Windows CVE-2021-31166 bug

Security Affairs

A security researcher has published a working proof-of-concept exploit code for a wormable Windows IIS server vulnerability tracked as CVE-2021-31166. The flaw is wormable and affects different versions of Windows 10, Windows Server 2004 and Windows Server 20H2.

Q&A: How cutting out buzzwords could actually ease implementation of powerful security tools

The Last Watchdog

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Why have organizations, of all sizes and in all sectors, failed to make more progress shrinking a security gap that appears, in fact, to be inexorably widening? Juniper has been in the vanguard of integrating security deeper into the plumbing of modern business networks.

Microsoft Patch Tuesday, July 2021 Edition

Krebs on Security

Microsoft today released updates to patch at least 116 security holes in its Windows operating systems and related software. “Both core and full installations are affected back to Windows Server 2008, including versions 2004 and 20H2,” said Aleks Haugom , also with Automox.

IT 183

Tianfu Cup 2020 – 5 minutes to hack Windows 10, Ubuntu iOS, VMWare EXSi, and others

Security Affairs

11 out of 16 targets cracked with 23 successful demos: Chrome, Safari, FireFox Adobe PDF Reader Docker-CE, VMware EXSi, Qemu, CentOS 8 iPhone 11 Pro+iOS 14, GalaxyS20 Windows 10 2004 TP-Link, ASUS Router — TianfuCup (@TianfuCup) November 8, 2020.

Turla APT group used a new backdoor in attacks against Afghanistan, Germany and the US

Security Affairs

The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2004 targeting diplomatic and government organizations and private businesses in the Middle East, Asia, Europe, North and South America, and former Soviet bloc nations.

Sophos Sandboxie is now available as an open-source tool

Security Affairs

” The sandbox was developed by Ronen Tzur and released on June 26, 2004, he sold the solution to Invincea in 2013. The security firm confirmed that all restricted features have been made completely free in this version.

Introducing Behavioral Information Security

The Falcon's View

The focus of the boot camp was around "behavior design," which was suggested to me by a friend who's a leading expert in modern, progress security awareness program management. Suddenly, it occurred to me, "Hey, you know what we really need is a new sub-field that combines all aspects of security behavior design, such as security awareness, anti-phishing, social engineering, and even UEBA." I recently had the privilege of attending BJ Fogg's Behavior Design Boot Camp.

Britain’s information commissioner fines British Airways for 2018 Hack

Security Affairs

The ICO fined the airline because the company failed in implementing adequate security measures, the company detected the security breach to months later the initial compromise.

GDPR 98

Mozilla offers bigger rewards for Firefox flaws under its bug bounty program

Security Affairs

Mozilla announced some major changes to its bug bounty program that was first launched in 2004. ” Last November, Mozilla announced that the top reward for security holes affecting its critical and core websites and services increased to $15,000.

IT 94

FireEye, Mandiant to Split in $1.2 Billion Deal

eSecurity Planet

FireEye’s products span network, email, endpoint and cloud security , and the vendor has been pursuing an XDR platform approach to unite them all. Mandia will become CEO of Mandiant, the company he founded in 2004 and sold to FireEye in late 2013.

Sales 58

SMBleed could allow a remote attacker to leak kernel memory

Security Affairs

” The SMBleed flaw impacts Windows 10 and Windows Server, versions 1903, 1909 and 2004, previous versions of the Microsoft OS are not affected. The post SMBleed could allow a remote attacker to leak kernel memory appeared first on Security Affairs.

One year into the Hightail and OpenText collaboration

OpenText Information Management

Founded in 2004 as YouSendIt, Hightail was originally designed to help individuals and businesses easily and securely transfer large files from one person to another. The solution pioneered a new file sharing industry, set to displace the frustrations faced with attempting to email large documents, uploading to a clunky FTP site, or passing off thumb … The post One year into the Hightail and OpenText collaboration appeared first on OpenText Blogs.

Episode 162: Have We missed Electric Grid Cyber Attacks for Years? Also: Breaking Bad Security Habits

The Security Ledger

» Related Stories Spotlight Podcast: Security Automation is (and isn’t) the Future of Infosec Episode 159: Deep Fakes and Election (in)Security with ZeroFOX Spotlight Podcast: Rethinking Your Third Party Cyber Risk Strategy. Also: Rachel Stockton of the firm LastPass * joins us to talk about changing users troublesome password behavior to make companies more secure. But what is the role of users in ensuring the security of modern organizations?

Domestic Kitten has been conducting surveillance targeting over 1,000 individuals

Security Affairs

In 2018, researchers at security firm CheckPoint uncovered an extensive surveillance operation conducted by Domestic Kitten aimed at specific groups of domestic individuals that were considered a threat to the Iranian regime.

Best Third-Party Risk Management (TPRM) Tools of 2021

eSecurity Planet

Cyberattacks caused by supply chain vulnerabilities mean organizations need a renewed perspective on how to address third-party security. BitSight Security Ratings Platform. The tool also includes periodic vendor performance reviews to ensure ongoing security posture.

Risk 86

Spam Kingpin Peter Levashov Gets Time Served

Krebs on Security

In this paid ad from 2004, Severa lists prices to rent his spam botnet. In 2010, Microsoft — in tandem with a number of security researchers — launched a combined technical and legal sneak attack on the Waledac botnet, successfully dismantling it.

A sad story of pedophilia on how disgusting images fed the web

Security Affairs

This is the story of the LS-Studios, by Alexander Chursin , who had to close his business in 2004 after an FBI raid. The post A sad story of pedophilia on how disgusting images fed the web appeared first on Security Affairs.

Italian Garante Publishes Updated Guidelines on Cookies and Other Tracking Technologies

Hunton Privacy

4 of January 9, 2004). Behavioral Advertising European Union Information Security International Marketing Cookies Data Controller Data Protection Authority GDPR Italy

Kazakhstan wants to intercept all HTTPS Internet traffic of its citizens

Security Affairs

Once installed the root certificate (“trusted certificate” or “national security certificate) the ISPs will be able to spy on citizens’ encrypted HTTPS and TLS connections. Since April, the Kazakh ISPs ar e informing users to install the “national security certificate” to access “allowed” HTTPS websites. The certificates are issued in compliance with the Law on Communications 2004 passed in November 2015.

Kaspersky

InfoGovNuggets

Questions as to the Kaspersky antivirus software company were raised by military intelligence in 2004, well before the 2013 threat assessment issued Pentagon-wide. IT Security Information Value Governance Communications Duty of Care Controls Oversight Access Duty Government Supervision“Russian Firm Was Long Seen as Threat,” The Wall Street Journal , November 18, 2017 A2.

Up to Georgia 2,000 websites have been hit by cyber attacks

Security Affairs

” Mikheil was the third President of Georgia for two consecutive terms from 25 January 2004 to 17 November 2013. The post Up to Georgia 2,000 websites have been hit by cyber attacks appeared first on Security Affairs. Breaking News Hacking Georgia hacking news information security news Pierluigi Paganini Security Affairs Security NewsA wave of cyber attacks hit 2,000 websites in Georgia, including the sites of the president, courts, and local media.

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

and Israel get Stuxnet onto the highly secured Natanz plant? In 2004, CIA and Mossad requested help to the the Dutch intelligence to get access to the plant, only in 2007 the mole, who posed as a mechanic working for a front company doing work at Natanz, dropped the virus into the target systems. “[T In 2004, Mossad and the CIA asked for help from AIVD. Security Affairs – Stuxnet, ICS).

The Updates Must Go Through

Adam Shostack

Microsoft has been trying to get folks to apply critical security patches to address a problem that’s being actively exploited. For example, see our Timing the Application of Security Patches for Optimal Uptime , Usenix Lisa 2002). In 2004, Microsoft shipped the Blaster removal tool to remove a virulent worm. Current Events government human factors Legal microsoft Security

IT 46

Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims

Krebs on Security

And in 2004, it emerged that identity thieves masquerading as customers of data broker Choicepoint had stolen the personal and financial records of more than 145,000 Americans.

Liability for Data Security Auditors

Hunton Privacy

A lawsuit that will soon commence in Arizona has the potential to alter the data breach liability landscape by making data security auditors liable for data breaches experienced by the companies they audit. The offer was contingent upon CardSystems achieving certification under VISA’s Cardholder Information Security Program (“CISP”), which is the predecessor to the Payment Card Industry Data Security Standard (“PCI DSS”).

Part 2: OMG! Not another digital transformation article! Is it about the evolution from RIM to Content Services?

ARMA International

In 2004, Giovanni Bisignani, CEO of the International Air Transport Association (IATA), made the case for the travel industry to reimagine its future: “Internet savvy travelers appreciate the convenience … Our mission is to keep the value and eliminate the cost. 2004). Abstract.

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

One of the most single-minded of these security vendors is startup CyCognito. I first wrote about criminal botnets at USA TODAY in 2004. This sets up a much more complex security challenge than setting up trip-wire alarms around an on-prem data center.

Cloud Bucket Vulnerability Management in 2021

eSecurity Planet

But, while cloud providers boast that their storage services — or “buckets” — offer added application security , they have also consistently proven vulnerable. Since 2004, there have been 11,000 US data breaches. Also Read: What is Cloud Access Security Broker (CASB)? .

Cloud 76

Best Digital Forensics Tools & Software for 2021

eSecurity Planet

Since the inception of data forensics almost forty years ago, methods for investigating security events have given way to a market of vendors and tools offering digital forensics software (DFS). Under their Security Suite products, OpenText provides industry-renowned EnCase.

Why you should be concerned about payment card data breaches

IT Governance

In this blog, we look at the ongoing threat of debit and credit card fraud, explaining why it appeals to cyber criminals, what they do with the stolen information and how implementing the requirements of the PCI DSS (Payment Card Industry Data Security Standard) can thwart crooks’ schemes. Stay secure with the PCI DSS. It was unveiled in 2004 to facilitate the broad adoption of consistent data security measures involved in payment card processing.

Paper 41

PCI DSS: Lessons to learn from recent payment card breaches

IT Governance

Over the past month or so, we’ve been discussing the threats associated with payment card breaches, and why it’s important to comply with the PCI DSS (Payment Card Industry Data Security Standard). Stay secure with the PCI DSS. It provides a detailed list of best practices for staying secure. Security testing and the PCI DSS unpacks the complexities of the Standard, and helps organisations understand how they can achieve and maintain compliance.

Sandboxing: Advanced Malware Analysis in 2021

eSecurity Planet

To fill this gap and aid in the analysis, detection, and testing of malware, sandboxing is widely used to give organizations the setting, isolation, and security tools needed to preserve the integrity of the host network. Most include common security tools like: Threat analysis.

EU : New SCCs published

DLA Piper Privacy Matters

The New SCCs repeal the existing SCCs (dating from 2001, 2004 and 2010) and aim to address the entry into force of the General Data Protection Regulation (“ GDPR ”) and the decision of the European Court of Justice (“ CJEU ”) in Schrems II.

GDPR 57