Unpatched vulnerabilities related to how Java and Python handle file transfer protocol (FTP) URLs can be exploited for various purposes, including for sending unauthorized emails and bypassing firewalls, researchers warned.
Take these steps to protect your Mac from infection by the recently identified Xagent malware.
US Election Interference Highlights Ongoing Dangers, Industry Leaders SayAmidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.
1 day ago Four Disruptive 'Cyber Trends' At RSAForbes View Synopsis+1
Perhaps the broadest disruption: vendors are improving their ability to understand how bad actors behave, and can thus take steps to prevent, detect, or mitigate their malicious activities. In particular, today's vendors understand the "˜Cyber Kill Chain.'
Critical infrastructure, media, and scientists targeted by suspected nation state.
3 hours ago 11 Takeaways From RSA Conference 2017InfoRiskToday View Synopsis+1
Mirai Botnets, Breach Response Basics, a Security Guru Cocktail and MoreResponding to disruptive data breaches, dealing with Mirai botnets, hacking back and the need for enterprises to segment their backup environments were just some of the topics dominating this year's RSA Conference in San Francisco.
Remote-control app hijacked for use as snooping tool - again
Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.
In the case of SAP UK Ltd v Diageo Great Britain Ltd  EWHC 189 (TCC) (16 February 2017) - the courts found in favour of SAP regarding indirect use of SAP via Salesforce.
Cybercriminals are increasingly targeting mobile devices with malicious software, as more and more people use them to store their most personal data.
"There is a reasonable probability the world will experience such an outbreak in the next 10 to 15 years."
Company knocks $350 million off its purchase price.
In a blog post published Sunday, former Uber engineer Susan Fowler Riggetti details her experiences working for the company. Sadly, given she's a female engineer working at a thrusting, big-name Silicon Valley startup, the experiences are exactly what you'd expect.
In the post, Riggetti details numerous instances of overt sexist behaviour. She reportedly sent evidence, including email and chat logs to HR, but ran into a brick wall multiple times. In the end, she says that her attempts to quietly report sexist behaviour were turned against her:
I forwarded this absurd chain of emails to HR, and they requested to meet with me shortly after. I don't know what I expected after all of my earlier encounters with them, but this one was more ridiculous than I could have ever imagined. The HR rep began the meeting by asking me if I had noticed that *I* was the common theme in all of the reports I had been making, and that if I had ever considered that I might be the problem. I pointed out that everything I had reported came with extensive documentation and I clearly wasn't the instigator (or even a main character) in the majority of them - she countered by saying that there was absolutely no record in HR of any of the incidents I was claiming I had reported (which, of course, was a lie, and I reminded her I had email and chat records to prove it was a lie). She then asked me if women engineers at Uber were friends and talked a lot, and then asked me how often we communicated, what we talked about, what email addresses we used to communicate, which chat rooms we frequented, etc. - Â an absurd and insulting request that I refused to comply with. When I pointed out how few women were in SRE, she recounted with a story about how sometimes certain people of certain genders and ethnic backgrounds were better suited for some jobs than others, so I shouldn't be surprised by the gender ratios in engineering. Our meeting ended with her berating me about keeping email records of things, and told me it was unprofessional to report things via email to HR.
Beyond the reports to HR, Riggetti also details a company overrun with internal politics and management problems:
In the background, there was a game-of-thrones political war raging within the ranks of upper management in the infrastructure engineering organization. It seemed like every manager was fighting their peers and attempting to undermine their direct supervisor so that they could have their direct supervisor's job. No attempts were made by these managers to hide what they were doing: they boasted about it in meetings, told their direct reports about it, and the like.
Shortly after the blog post was published, Uber CEO Travis Kalanick issued a statement promising a (secret, internal) investigation into the matter, and reaffirmed Uber's committment to a equitable workplace where everyone isn't trying to stab each other in the back:
"I have just read Susan Fowler's blog. What she describes is abhorrent and against everything Uber stands for and believes in. It's the first time this has come to my attention so I have instructed Liane Hornsey our new Chief Human Resources Officer to conduct an urgent investigation into these allegations. We seek to make Uber a just workplace and there can be absolutely no place for this kind of behavior at Uber -- and anyone who behaves this way or thinks this is OK will be fired."
This isn't the first time that Uber has run into human resources problems within its internal teams and management. In 2014, an Uber exec famously suggested digging up dirt on journalists to discredit them. That statement came in response to a journalist who had accused Uber of sexism once again.
More recently, #DeleteUber trended on Twitter after Uber removed surge pricing at JFK airport during a taxi strike -- a strike that was in protest of President Trump's Muslim travel ban. The same hashtag is trending again tonight following Riggetti's blog post.
26 minutes ago The Evolution of Ransomware: Part 2SecurityWeek View Synopsis+1
For most, ransomware attacks are the byproduct of uninformed users opening malicious attachments sent by devious and anonymous criminals.
Company knocks $350 million off its purchase price.
44 minutes ago CompTIA Offers New Security Analyst CertificationSecurityWeek View Synopsis+1
An ISACA survey released during RSA week sought to illustrate the state of cyber security workforce development and its current trends. The results would surprise no-one in the industry: recruiting security talent is hard.
58 minutes ago TeamSpy Malware Spotted in New CampaignSecurityWeek View Synopsis+1
TeamSpy, the data-stealing malware that was associated with a decade-long cyber-espionage operation several years ago, has resurfaced in a new attack campaign, Heimdal Security researchers warn.
Attacks of great concern to Russian financial institutions
Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.
A recent report stated that, over the past year, Android ransomware detections rose more than 50%, with many attacks occurring in the first half of 2016.
To help prepare for ever-evolving cyber threats, healthcare entities need to learn from the security practices of other sectors, says Lucia Savage, former chief privacy officer at the Office of the National Coordinator for Health IT.
$1.55 may sound like small change, but $350 million overall for two of the largest data breaches on record remains the steepest financial ding in history.
2 hours ago Megaupload Founder Kim Dotcom Can Be ExtraditedInfoRiskToday View Synopsis+1
Dotcom Says He Will Appeal New Zealand High Court RulingMegaupload Founder Kim Dotcom plans to appeal a New Zealand High Court ruling that found him and three colleagues eligible for extradition to the U.S. The four men are charged with profiting by allowing the trade of copyright-protected content on their file-sharing platform.
While Linux might be on millions of IoT devices, Kaspersky says there's no trace of it on its new secure OS.
Too many small and medium-sized businesses think they're not going to be targeted by ransomware. They're wrong.
6 hours ago Data Integrity in the Era of Fake NewsInfoRiskToday View Synopsis+1
An analysis of integrity - a core foundation of cybersecurity - in the era of fake news leads the latest edition of the ISMG Security Report. Also, a new initiative aims to secure medical devices, and new cybersecurity regulations for financial institutions in New York State.
Knowing what customers and audiences want and how they react to products and services is an important aspect of all business enterprises, particularly for companies operating in the business sector.