U.S. retailers are digging in their heels over their need for PIN authentication for Europay MasterCard Visa (EMV) smartcard use here.
Ukraine's top security body said on Saturday that it and the national news agency had been hit by cyber attacks, the latest suffered by state organizations since the start of the crisis over Crimea. The Ukrainian authorities said last week the country's telecommunications system had come under cyber attack, with equipment installed in Russian-controlled Crimea used to interfere with the mobile phones of members of parliament. "There was a massive DoS-attack on communication channels of the National Security and Defence Council of Ukraine, which was apparently aimed at hindering a response to the challenges faced by our state," the Security and Defence Council said.
Microsoft plans to release five security bulletins next week for this month's Patch Tuesday, including a fix for a security vulnerability used in attacks against Internet Explorer 10.
That vulnerability, which was described in Security Advisory 2934088, was spotted being used in watering hole attacks during the past few weeks. The bug also affects Internet Explorer 9, and could be exploited if the victim is tricked into visiting a compromised Website. Customers using other versions of IE are not impacted, Microsoft noted.
In addition to the IE bulletin, Microsoft will release one other critical bulletin for Windows. The other three bulletins are rated 'important' and affect Microsoft Windows and Microsoft Silverlight.
"The March patch list is small, with only five bulletins, but they are certainly significant," said Ken Pickering, director of engineering at CORE Security. "There are two bulletins listed as 'critical' with remote code executions, one on Internet Explorer and one on a series of Windows versions. These types of bulletins need immediate attention and a reboot, which is always a headache for IT teams. Bulletin 5 only affects Silverlight, and aside from using it to stream House of Cards on Netflix, doesnâ€™t have a big impact."
"Windows XP is affected by all five updates, and there is really no reason to expect this picture to change; Windows XP will continue to be impacted by the majority of vulnerabilities found in the Windows ecosystem, but you will not be able to address the issues anymore," blogged Wolfgang Kandek, CTO of Qualys. "Windows XP is getting its penultimate update and is now very close (just over 30 days) to its declared end-of-life date...so you need a strategy for the XP machines remaining in your infrastructure."
The Patch Tuesday updates will be released March 11.Tweet Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:Microsoft to Release Critical IE Patch Next WeekRussia, Ukraine Conflict Enters Cyberspace TOR Network Increasingly Being Abused by Cybercriminals: Kaspersky LabBitcoin Exchanges Hit By Hackers Fewer Than Half of RSA Attendees Think NSA Overstepped: Survey sponsored links Tags:
- NEWS & INDUSTRY
1 day ago MS14-016 - Important : Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) - Version: 1.0Microsoft View Synopsis+1
BETHESDA, Md., March 11, 2014 /PRNewswire-USNewswire/ -- SANS Institute today announced its return to San Diego on May 8-17 forÂ SANS Security West 2014. SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning ...
Third party business connections often provide attackers easy, unfettered access to bigger, richer networks.
While President Obama can't get no "RSPECT," the retail world is scrambling in the wake of the Target breach (and yet, my wife shopped there for hours today), even Iran can't stop Facebook, and Brazil wants to build an undersea cable.
Report in Japan says '150,000 hits per second'
A Japanese newspaper is reporting that during the spectacular collapse of the Mt Gox Bitcoin exchange, the operation's servers were also suffering a large-scale DDOS attack.
A lot of these technology tools require constant updates. This mandates the need for an IT workforce that can ensure these updates are made on time. It?s important because outdated hardware is one of the leading causes of malware attacks. There are a number of tools that can help you keep your software updated without the need for a dedicated IT workforce. Here are some of them.
Matt Gunn, an independent model aircraft or drone operator in Cleveland, says the recent court ruling barring the Federal Aviation Administration from enforcing rules prohibiting the commercial use of drones amounts to â€œmud being flung in their face.â€ Gunn is ...
Apple has improved its security in recent years, but is it enough?
Anonymous hackers on Sunday claimed to have published evidence that Mt. Gox CEOÂ Mark Karpeles lied about the theft of more than $500 million worth of bitcoin. According to the hackers, Karpeles still controls all of the cryptocurrency he says was stolen recently in the biggest heist of bitcoinâ€™s brief history. Mt. Gox was the worldâ€™s largest bitcoin exchange until about 850,000 bitcoin were allegedly stolen during a breach, forcing the exchange to shut down and file for bankruptcy protection. According to new claims from anonymous hackers, however, the heist never occurred andÂ Karpeles still controls nearly 1 million bitcoin worth approximately $596 million at Mondayâ€™s exchange rate. According to a report from Forbes, the anonymous hackers took overÂ Karpelesâ€™s blog and published
23 minutes ago Senator's Spy Claims Chill CIA-Congress RelationsSecurityWeek View Synopsis+1
WASHINGTON - A top US lawmaker's hotly disputed charge that the CIA illegally spied on Senate staff has roiled the intelligence community, fraying ties between the agency and its overseers in Congress.
Senator Dianne Feinstein brought what had been a behind-the-scenes spat into the public glare Tuesday with her furious broadside against the Central Intelligence Agency, saying its agents searched computers used by staffers investigating its interrogation methods.
"I have grave ...
25 minutes ago High-Bandwidth NTP Amplification DDoS Attacks Escalate 371 Percent in the Last 30 daysDark Reading View Synopsis+1
Prolexic Issues High Alert DDoS Attack Threat Advisory
Security researchers from from BAE Systems and G-Data recentlyt shared research on a cyber-espionage toolkit called Snake (also referred to as Turla or Uroburos) that was used in attacks against targets in the Ukraine, Lithuania, Great Britain, the United States and other nations.
According to BAE Systems, the malware is the work of a technically sophisticated and well-organized group. However, BAE did not say exactly who is behind the campaign or who might be paying them despite evide...
An annual study on patient privacy and security marked improvements on the data breach front, though organizations voiced concerns with health information exchanges (HIEs).
56 minutes ago IT Security Pros Abandoning Traditional Security Measures In Favor Of SMS-Based Two-Factor AuthenticationDark Reading View Synopsis+1
Ponemon and Tyntec survey finds 68% believe username/passwords not enough
1 hour ago Hybrid DIMMs And The Quest For SpeedNetwork Computing Security View Synopsis+1
SanDisk's UltraDIMM technology and Viking's ArxCis meld flash with DRAM for super-fast performance and could prove game changers for the storage industry.
The Sarbanes-Oxley Act of 2002 (SOX), which is administered by the Securities and Exchange Commission, is record-retention legislation specifying which records are to be kept and for how long (at least five years). It doesn’t describe how to retain those records, just that they must be retained. IT departments of companies that fall under SOX are affected by it because these days, most records
1 hour ago Why It's Time to Get On Board with the CloudIT Toolbox Blogs View Synopsis+1
Cloud computing is a mainstream technology tool used across several industries ranging from education to financial institutions and law offices. Using the Internet to deliver hardware and software services instead of maintaining physical hardware saves space and money. Software companies offer cloud services to businesses looking to jump on the latest technology trend so much that the cloud computing
Message history is wide open to theft and decryption by rogue apps, consultant says.
The World Wide Web turned 25 on Wednesday, and what better way to commemorate the occasion than by envisioning the Internet of the future? TheÂ Pew Research Center asked a group of what The Wall Street Journal refers to as â€œthinkers in science and technologyâ€ about what the Internet might look like in 2025. Their responses carry forth many of the concept of the Internet of Things we have seen so often recently, but they also take things much further. What follows below is a collec...
Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.
The Dutch Military Intelligence and Security Service (MIVD) illegally shared data with foreign services and hacked Web forums without ministerial approval, according to a report made at the request of the Dutch House of Representatives.
The Timken Company stored the personal information of nearly 5,000 current and former associates, as well as past applicants, on an insecure server, during which time one unauthorized party accessed the file containing the data.
The only way to ensure privacy in the cloud era is to shift to a model in which the cloud customer controls encryption keys, not the cloud provider.
Imagine this happy occasion. On his girlfriendâ€™s birthday a man announces he has a special gift. She unwraps the box to find a sleek new Android phone. She throws her arms around him and lands a warm kiss for his kindness.
Justin Bieber's 50 million follower strong Twitter account was hijackedÂ briefly a couple of days ago and now the dust has settled it seems like a good opportunity to review how these attacks happen and what all of us (pop stars included) should learn about Twitter security. I'll briefly recount the attack, but if you just want the advice skip to the later section of this article for the top Twitter (and general social media) security tips.
There's new proof that Wi-Fi is capable of propagating malware that transmits malcode wirelessly. Find out how to stop these attacks.
Two months before Mt. Gox filed for bankruptcy it was sued by a customer seeking the return of funds in a case that highlights some of the red flags raised in the run-up to the collapse of what was once the world's biggest bitcoin exchange. New York resident Marko Simovic filed a civil action at the Tokyo District Court on December 24, seeking to recover $105,000 he had on deposit at Mt. Gox and about $14,000 in interest, court filings show. Simovic, who described himself as a software develo...
6 hours ago Retail Breaches: The Malware SourceInfoRiskToday View Synopsis+1
Attackers likely purchased malware in underground "cybercrime-as-a-service" markets to use in recent credit card breaches, including the Target Corp. attack, a new report from McAfee Labs asserts. Adam Wosotowsky explains the report's findings.
Well, it's statistically reasonably likely. Just update to 3.8.1, OK?
Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks.
It's refreshing to hear Dianne Feinstein express outrage over warrantless and illegal government spying, But sadly to say, thereâ€™s some dark humor of sorts here, too. Feinstein is perhaps the biggest congressional cheerleader of domestic surveillance, including the telephone snooping ...
10 hours ago BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry â€“ researcherThe Register View Synopsis+1
BEAST will attack your sensitive web traffic, warns poster
BlackBerry BB10 OS uses dated protocols that leave users at risk to known cryptographic attacks, according to a security researcher.
14 hours ago Tim Berners-Lee calls for an online bill of rightsZDNet View Synopsis+1
The British founder of the world wide web has called for an "Internet Users Bill of Rights".
16 hours ago Huawei aims for $10B enterprise revenue via cloudZDNet View Synopsis+1
But its 2017 goal will face challenges, particularly in data security, given the Chinese networking vendor's links to spying allegations.
20 hours ago Rogers Declines to Call Snowden a TraitorInfoRiskToday View Synopsis+1
But NSA Designee Says Snowden Has Caused Harm to NationAt his March 11 Senate confirmation hearing, Navy Vice Adm. Michael Rogers, chosen by President Obama to be the next director of the National Security Agency, declines to characterize NSA leaker Edward Snowden as a traitor.
Technique allows lone attacker hidden in the shadows to wage crippling attacks.