Phishing attacks are still one of the best ways to gain access to a system. While there are solutions that provide the ability to capture and detect those types of threats in the email, many are missed. (Food Engineering)
While people who have shown themselves to be untrustworthy in the past are certainly a gamble, even good people have the capacity to willfully misuse their data privileges, particularly when someone feels as though they have been mistreated or disrespected, an otherwise trustworthy person could develop the motivation and ability to retaliate. (Infosecurity)
Misconfigurations are most likely to occur during security change processes – that is, when new rules are added, or existing ones changed or removed on a firewall. (Infosecurity)
Computer automation can both track potential intruders and use advanced algorithms to replicate human behavior online by using deception techniques to lure and then track attackers. (Defence Systems)
The radioactive material had been packaged for ground transport, but by mistake was shipped via a commercial air cargo service. (Homeland Security News Wire)
Slowing down the trains will reduce the number of derailments, and that will have a direct effect on reducing the number of injuries and deaths. (Homeland Security News Wire)
”The Windows DNS client doesn’t do enough sanity checking when it processes a DNS response that contains an NSEC3 record,” Freeman wrote in a report released today. ”Malformed NSEC3 records can trigger this vulnerability and corrupt the memory of the DNS client. If this is done carefully, it can result in arbitrary code execution on the target system.” (Threatpost)
The vulnerabilities were found in a native web interface on the devices and allow an attacker on the same local network to change router settings, steal Wi-Fi passwords or leak system information. (Threatpost)
Swift on Security said the developer used Cyrillic Unicode characters in the extension name allowing the malicious plugins to again sidestep Google’s malware filters. (Threatpost)
There are three major causes: code quality, complexity, and trusted data inputs. (Dark reading)
One text file contained more than four million records with information like user names, Mac accesses, serial numbers, account numbers, and transaction IDs. Other databases had addresses and phone numbers for TWC customers. (Dark reading)
Small and midsize companies are tempting targets because often they are armed less with heavy tech investments, services, and staff. (Dark reading)
Many mobile network operators were under the impression that all their security problems would be fixed with LTE/diameter-based protocol. (Dark reading)
Fundamental deficiencies in the Evolved Packet Core could allow the disconnection one or more subscribers, the interception of Internet traffic and text messages, operator equipment malfunction, and other illegitimate actions. (Dark reading)