This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT).
About Security Incident Response Team
This author has yet to write their bio.Meanwhile lets just say that we are proud Security Incident Response Team contributed a whooping 38 entries.
Entries by Security Incident Response Team
This blog post is a summary of this weeks Information Security News put together by our Security Incident Response Team (SIRT). Thousands of breached websites turn up on MagBo Black market The research team said it has shared its findings with law enforcement and victims are being notified. A newly-discovered underground marketplace has been peddling […]
Check for the Security-First Mindset Across All Teams “Embedding security as a way of life is not a one-time event. It requires ongoing education through a variety of channels. Setting the tone from executive leadership is key, but this must be reinforced by direct management and across peer groups.” Read more.. Top 5 Security […]
Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company. “Security is not a one-person job. It can’t be accomplished with one person, it can’t be accomplished with one company,” says Walls. “So we need partners, and we need friends in the industry to work […]
Huge Cryptomining Attack on ISP-Grade Routers Spreads Globally Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker. A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability. So far, Censys.io has reported more than 170,000 active […]
Chrome Now Features Site Isolation to Defend Against Spectre A new feature called site isolation is being tapped to protect Chrome users against Spectre. Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants. The new security feature, called site isolation, essentially isolates different browser work processes between various browser […]
Ticketmaster chat feature leads to Credit-Card Breach Tens of thousands of people have been caught up in a data breach at Ticketmaster UK, which exposed credit-card and personal information for UK and some international customers. The ticket-selling giant said that on Saturday it found malware within a customer chat function for its websites, hosted by […]
Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. It is a widespread vulnerability which typically results in remote command execution. The vulnerability affects thousands of projects, including ones from HP, Amazon, Apache, […]
BUG in GIT opens developers systems up to attack. Git repository hosting services GitHub, GitLab and Microsoft VSTS each patched a serious vulnerability on Tuesday that could lead to arbitrary code execution when a developer uses a malicious repository. Developers behind the open-source development Git tool pushed out Git 2.17.1, addressing two bugs (CVE-2018-11233 and […]
VIRGINIA TECH AND DASHLANE ANALYSIS FIND RISKY, LAZY PASSWORDS THE NORM Dashlane analyzed over 61 million passwords and uncovered some troubling password patterns. The analysis was conducted with research provided by Dr. Gang Wang, an Assistant Professor in the Department of Computer Science at Virginia Tech. The Virginia Tech project, described as “the first large-scale empirical analysis […]