News

0 Comments
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6
0 Comments
The Facebook hack may be the work of spammers, not a nation-state affiliated group, according to a report. The Wall Street Journal reported earlier this week that, according to anonymous sources familiar with Facebook Inc.’s internal investigation, the hack of 30 million users was the work of spammers, not a nation-state as previously assumed. Facebook
0 Comments
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems
0 Comments
Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, is a set of C++ libraries companies and application
0 Comments
A libSSH vulnerability that went undisclosed for nearly five years can give malicious actors an easy access to administrative control over devices through SSH server processes. Peter Winter-Smith, security consultant at NCC Group, discovered the authentication bypass flaw (CVE-2018-10933) in libSSH — a library used to implement the SSH protocol in both client and server
0 Comments
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users’ accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses,
0 Comments
A 21-year-old Kentucky man who previously pleaded guilty to developing, marketing, and selling an infamous remote access trojan (RAT) called LuminosityLink has now been sentenced to 30 months in prison. According to a press release published Monday by U.S. Attorney’s Office, Colton Grubbs, who used online moniker ‘KFC Watermelon,’ was pleaded guilty for three counts–unlawfully
0 Comments
A security enthusiast who discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released last week. Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with
0 Comments
As the investigation into the recently disclosed Facebook breach continues, the number of affected accounts has gone down but questions remain. In a new update regarding the Facebook attack, Guy Rosen, vice president of product management for Facebook, said that the malicious attack affected 30 million accounts — 20 million fewer accounts than Facebook originally
0 Comments
Microsoft has just released its latest monthly Patch Tuesday updates for October 2018, fixing a total of 49 security vulnerabilities in its products. This month’s security updates address security vulnerabilities in Microsoft Windows, Edge Browser, Internet Explorer, MS Office, MS Office Services and Web Apps, ChakraCore, SQL Server Management Studio, and Exchange Server. Out of
0 Comments
NEW ORLEANS — As security professionals head to the Crescent City to focus on information security leadership and education, new survey data indicates promising labor force trends among millennials and underserved communities, including women. Professional development will take center stage this week when the International Information Systems Security Certification Consortium Inc. holds its eighth annual
0 Comments
Officials in the U.S., Canada, U.K. and the Netherlands formally accused seven officers of Russia’s GRU military intelligence agency with cyberattacks targeting individuals and organizations involved in international anti-doping efforts. The GRU indictment from the U.S. Department of Justice (DOJ) charged Aleksei Sergeyevich Morenets, Evgenii Mikhaylovich Serebriakov, Ivan Sergeyevich Yermakov, Artem Andreyevich Malyshev, Dmitriy Sergeyevich
0 Comments
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities. A recent study on the cost of cybercrime to organizations delved into growing concerns about the gray hat hacker — a security professional who participates in black hat activities. Researchers
0 Comments
An Active Directory deployment may seem straightforward, but it takes a bit of groundwork to set up a Windows Server 2016 domain controller. Active Directory Domain Services needs to be installed and managed by an IT administrator with a background in Windows Server 2016 and Windows environments. They should research the Active Directory (AD) domain