New Vulnerability Found in All Modern Intel CPUs Another security vulnerability has been discovered in Intel chips that affects the processor’s speculative execution technology. Dubbed Lazy FP State Restore, the vulnerability (CVE-2018-3665) within Intel Core and Xeon processors has just been confirmed by Intel, and vendors are now rushing to roll out security updates in […]
Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. It is a widespread vulnerability which typically results in remote command execution. The vulnerability affects thousands of projects, including ones from HP, Amazon, Apache, […]
BUG in GIT opens developers systems up to attack. Git repository hosting services GitHub, GitLab and Microsoft VSTS each patched a serious vulnerability on Tuesday that could lead to arbitrary code execution when a developer uses a malicious repository. Developers behind the open-source development Git tool pushed out Git 2.17.1, addressing two bugs (CVE-2018-11233 and […]
VIRGINIA TECH AND DASHLANE ANALYSIS FIND RISKY, LAZY PASSWORDS THE NORM Dashlane analyzed over 61 million passwords and uncovered some troubling password patterns. The analysis was conducted with research provided by Dr. Gang Wang, an Assistant Professor in the Department of Computer Science at Virginia Tech. The Virginia Tech project, described as “the first large-scale empirical analysis […]
In hybrid cloud environments you can actually setup higher security than needed. A balanced level of security is a matter of overview, expertise and costs.
Not So Pretty: What You Need to Know About E-Fail and the PGP Flaw Don’t panic! But you should stop using PGP for encrypted email and switch to a different secure communications method for now. A group of researchers released a paper today that describes a new class of serious vulnerabilities in PGP (including GPG), […]
Log your IT activities in a SOC to comply with GDPR and in a local private cloud to comply with NIS.
TWITTER URGES USERS TO CHANGE PASSWORDS DUE TO GLITCH Twitter said Thursday that a glitch caused account passwords to be stored in plain text on an internal log, sending users across the platform scrambling to change their passwords. The social media company said that it found and has fixed the glitch, and its investigation shows […]
Know what Instagram knows – here’s how you download your data Instagram, the visual story-centric social media platform owned by Facebook, has now added a long-requested feature: the ability for users to download their data – including images, posts and comments. Not to be cynical, but Instagram is not making this move out of the […]
Have you opened the front door for anyone who came knocking or made way for an unknown contractor? If so, you might have been victim of social manipulation-based hacking. Training, exercise and countermeasures can help, and this also applies to the Next Big Corporate hack which surely can strike even you.