Privilege escalation on Unix machines via plugins for text editors

Several of the most popular extensible text editors for Unix environments could be misused by attackers to escalate privileges on targeted systems, SafeBreach researchers have found. They tested Sublime, Vim, Emacs, Gedit, Pico and its clone Nano on machines running Ubuntu, and have managed to exploit the process of loading plugins to achieve privilege escalation […]

The Case for Integrating Physical Security & Cybersecurity

Early last year in “Grizzly Steppe and Carbanak: The Dangers of Miscalculation in Cyberspace,” TruSTAR researchers outlined the overlap of tactics, techniques, and procedures (TTP) between Russian state organizations and criminal organizations like the Carbanak hacking group. They found that Carbanak and attacks attributed to Russian state security agencies were utilizing some the same infrastructure to […]

Russian APT Compromised Cisco Router in Energy Sector Attacks

Yet another nation-state hacking team has been spotted compromising a network router to get to its ultimate targets: this time, it’s the infamous Russian APT known as DragonFly 2.0 that was called out by the US federal government last week for hacking into US energy networks. Researchers from Cylance this month revealed that they recently […]

Windows RDP flaw: ‘Install Microsoft’s patch, turn on your firewall’

Microsoft’s Patch Tuesday updates for March deliver fixes for 75 security bugs, including patches for 15 critical flaws and a serious vulnerability that exposes sysadmins to credential theft. In addition to new updates to mitigate Meltdown and Spectre, Microsoft has released fixes for 15 critical flaws affecting the scripting engine in Internet Explorer 11 and its […]

What’s the C-Suite Doing About Mobile Security?

For too long, too many companies have viewed security as an IT problem. Breaches are considered just another cost of doing business rather than a risk that requires proactive focus by the C-suite. But breaches are a risk to take seriously for C-suites and their companies. Just think about the recent Equifax breach, after which […]

Third-party security vetting: Do it before you sign a contract

If you’re talking about stopping security risks from an outside vendor already on-board, Jerry Archer says, “You’ve already failed.” Chief security officer for Fannie Mae, Archer contends that risk mitigation should begin before your company closes the deal. That’s why his team has a go or no-go vote for any vendor Fannie Mae brings on. […]

Understanding The Strengths And Weaknesses Of Biometrics

Biometrics are fast becoming an integral part of online security. From the familiar fingerprint to cutting-edge retina scanning and facial recognition technology, it is increasingly the go-to mechanism for protecting and providing access to sensitive data including money and confidential account information. Until recently, biometric authentication had been discussed on a largely theoretical basis. Today, […]

What is a virtual CISO? When and how to hire one

Chief information security officers (CISOs) are highly sought after, to the point where good ones are expensive and hard to come by. So this is a challenge when more and more organizations, reeling in the wake of CISO-less breaches like Target and the UK’s TalkTalk, recognize the value in having one in place. Could an on-demand virtual […]

Latvian mobile operator invites cyber attackers to have a go

Mobile telecommunications services in Latvia, a small republic on the frontier between the European Union and the old Soviet Union, may already have been the target of a cyber attack in August 2017. Now Latvijas Mobilais Telefons (LMT), the country’s largest mobile operator, is inviting would-be belligerents to test their cyber weapons on its network […]

‘Slingshot’ Cyber Espionage Campaign Hacks Network Routers

A newly discovered nation-state cyber espionage campaign targeting Africa and the Middle East infects network routers in order to snare administrative credentials from its targets and then move freely throughout the network. Kaspersky Lab researchers unearthed the stealthy and highly sophisticated operation – named “Slingshot” after a word found in the attack code – that […]