by CIRT Team
systemd Vulnerability Leads to Denial of Service on Linux [source: trendmicro]
Many Linux distributions are at risk due to a recently disclosed flaw in systemd: a flaw in its DNS resolver could cause a denial-of-service attack on vulnerable systems. The vulnerability is exploited by having the vulnerable system send a DNS query to a DNS server controlled by the attackers. The DNS server would then return a specially crafted query, causing systemd to enter an infinite loop that pins...
Read More
by CIRT Team
Only 12% or organizations are likely to detect a sophisticated cyber attack [source: helpnetsecurity]
Organizations believe that today’s cyber threat landscape places them at high risk of cyber attacks. The EY survey of nearly 1,200 C-level leaders of the world’s largest and most recognized organizations examines some of the most urgent concerns about cybersecurity and their efforts to manage them. Findings show that 56% of those surveyed are making or planning to make changes to their strategies and plans due to the increased...
Read More
by CIRT Team
5 information security threats that will dominate 2018 [source: cio]
If you thought 2017 was a dire year for data breaches, wait until 2018. The Information Security Forum (ISF), a global, independent information security body that focuses on cyber security and information risk management, forecasts an increase in the number and impact of data breaches, thanks in large part to five key global security threats that organizations will face in 2018. “The scope and pace...
Read More
by CIRT Team
Keystroke Logging – How it Affects the Online Privacy of Internet Users [source: alienvault]
Besides being a useful tool to study human-computer interaction, keystroke logging or keylogging is one of the most dangerous cyber threats for online users. Designed to covertly log everything a user types using the keyboard, keyloggers can silently steal and pass on your sensitive information to cybercriminals. Not just the websites you browse or the queries you google on, but your confidential details like online...
Read More
by CIRT Team
HP to Release Patch This Week for Printer Security Bugs
HP said it would release firmware patches later this week for several security bugs reported to the company by various cyber-security experts. The firmware patches address a slew of bugs, among which the most severe is a remote code execution (RCE) flaw discovered and reported by Stephen Breen of NTT Security. The RCE bug (CVE-2017-2750) affects HP’s top-of-the-line enterprise printer series such as LaserJet and...
Read More
by CIRT Team
October macOS Patch Fixes FAT/USB Vulnerability [source: trendmicro]
October’s macOS security update contained a fix for a vulnerability that Trend Micro privately disclosed to Apple earlier this year. The vulnerability (designated as CVE-2017-13811), was in the fsck_msdos system tool. This tool checks for and fixes errors in devices formatted with the FAT filesystem, and is automatically invoked by macOS when a device using FAT (such as a USB disk or an SD card) is inserted. The vulnerability...
Read More
by CIRT Team
How a Wi-Fi Pineapple Can Steal Your Data (And How to Protect Yourself) [source:motherboard]
In popular media, hackers are often portrayed as an elite cabal of ski mask aficionados and computer experts that can keyboard mash their way into any digital device. But what if I told you that you can also pwn almost any internet connected device around you, even if you can’t tell an SSL from an SSID? Yes, my friend, the device you are looking for...
Read More
by CIRT Team
Malicious Bankbot malware found hiding in to steal your bank details[source: ibtimes]
This isn’t the first time the notorious banking Trojan has made its way into Google Play Store. Security researchers have discovered that the notorious BankBot banking malware has once again snuck into Google Play store by hiding in seemingly trustworthy apps such as flashlight and Solitaire apps. According to a new report by cybersecurity firms Avast, ESET and SfyLabs, thousands of Android users have been...
Read More
by CIRT Team
Intel Fixes Critical Bugs in Management Engine, Its Secret CPU-On-Chip [source:bleepingcomputer]
Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). The vulnerabilities are severe enough to allow attackers to install rootkits on vulnerable PCs, retrieve data processed inside CPUs, and cause PC crashes —which should be the least of someone’s worries. One...
Read More
by CIRT Team
What Is Vulnerability Management? [source: tripwire]
Enterprise networks regularly see change in their devices, software installations and file content. These modifications can create risk for the organization. Fortunately, companies can mitigate this risk by implementing foundational security controls. For example, enterprises can monitor their important files for change using file integrity monitoring (FIM). This security measure enables IT security teams to determine when files change, how they change, who changed them, and what can...
Read More
