drupla-cross-site-scripting-vulnerability
drupal-CKEditor-enhanced-image-plugin

Another Critical Flaw Found In Drupal Core—Patch Your Sites Immediately

It’s time to update your Drupal websites, once again. For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Discovered by the Drupal security team, the open source content management framework is vulnerable to cross-site scripting …

microsoft-azure-sphere-iot-security
microsoft-azure-sphere-iot-security-chips
Azure-Sphere-certified-microcontrollers
Microsoft-Azure-Sphere-Linux-OS
Microsoft-Azure-Sphere-Security-Cloud-Service

Microsoft built its own custom Linux OS to secure IoT devices

Finally, it’s happening. Microsoft has built its own custom Linux kernel to power “Azure Sphere,” a newly launched technology that aims to better secure billions of “Internet of things” devices by combining the custom Linux kernel with new chip design, and its cloud security service. Project Azure Sphere focuses on protecting microcontroller-based IoT devices, including smart appliances, connected toys, and …

Yes, You Can Get Burned When it’s Cloudy

Yes, You Can Get Burned When it’s Cloudy Presented by 2018 Dallas Fraud & Breach Prevention Summit Public and hybrid cloud adoption is exploding, but so are cloud hacks and breaches. Cloud assets are at risk from the same types of threats targeting physical networks, however traditional security protecting premises-based networks doesn’t work in dynamic and elastic cloud environments. What’s …

Deception Technology: Expect a Trickle Down to MSSPs

As deception technology becomes more mature, it’s likely that managed security service providers will incorporate a deception offering into their packages, says Rik Turner, a principal analyst with the IT security and technology team at the consultancy Ovum. “I would say at that point it should become available then to a much larger community of enterprise users,” Turner says in …

Using Outlook? You should probably do some patching

It’s 2018 and previewing an email can flash your privates at the world Microsoft emitted a patch for all supported versions of Outlook on Patch Tuesday this month to prevent attackers harvesting credentials from users who simply preview a carefully crafted Rich Text (RTF) email. The vulnerability (CVE-2018-0950) exploited Outlook’s unfortunate habit of retrieving remotely hosted Object Linking and Embedding …

New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds

It’s been a terrible new-year-starting for Intel. Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally. As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to …

Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers

It’s the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not know precisely how many customers were affected by the data breach, Nissan …

email-spoofing
mailsploit
mailsploit-1

MailSploit — Email Spoofing Flaw Affects Over 30 Popular Email Clients

If you receive an email that looks like it’s from one of your friends, just beware! It’s possible that the email has been sent by someone else in an attempt to compromise your system. A security researcher has discovered a collection of vulnerabilities in more than 30 popular email client applications that could allow anyone to send spoofed emails bypassing …

Patch Tuesday: Microsoft Releases Update to Fix 53 Vulnerabilities

It’s Patch Tuesday—time to update your Windows devices. Microsoft has released a large batch of security updates as part of its November Patch Tuesday in order to fix a total of 53 new security vulnerabilities in various Windows products, 19 of which rated as critical, 31 important and 3 moderate. The vulnerabilities impact the Windows OS, Microsoft Office, Microsoft Edge, …

Equifax Hack Exposes Personal Info of 143 Million US Consumers

It’s ironic—the company that offers credit monitoring and ID theft protection solutions has itself been compromised, exposing personal information of as many as 143 million Americans—that’s almost half the country. Equifax, one of the largest credit reporting firm in the US, admitted today that it had suffered a massive data breach somewhere between mid-May and July, which was discovered on …