Sign up for our weekly newsletter!
REGISTER NOW
Larry Loeb
Latest Content
Page 1 / 2   >   >>
Enterprises Are Getting Smarter When It Comes to Patching Vulnerabilities – Study
Larry Loeb  
1/22/2019   1 comment
A joint analysis from Kenna Security and the Cyentia Institute finds that enterprises are getting better at patching vulnerabilities, specifically by focusing on critical flaws as opposed to trying to fix very problem that is published.
Microsoft Looks to Squash Bugs in its Azure DevOps Product
Larry Loeb  
1/21/2019   5 comments
Microsoft's latest bug-hunting program is targeting the company's Azure DevOps platform, which looks to make software development more secure.
Intel Patching SGX Flaw That Can Lead to Escalation of Privileges
Larry Loeb  
1/18/2019   3 comments
A security researcher has found another flaw in Intel's SGX software than can allow an attacker to escalate administrative privileges within an infected machine.
Federal Judge: Police Can't Force Suspects to Unlock Devices Using Biometrics
Larry Loeb  
1/16/2019   1 comment
A federal judge in California finds that police can't force suspects to unlock their smartphones or other mobiles using biometrics. The court found biometrics are protected much the same way passwords are.
US Government Shutdown Preventing SSL Certificates From Being Renewed
Larry Loeb  
1/14/2019   Post a comment
The shutdown of the federal government is not only affecting federal workers, but the websites that various departments run. Specifically, SSL certificates are not being renewed.
Iran Suspected of 'Stealthy & Sophisticated' DNS Hijacking Campaign
Larry Loeb  
1/11/2019   Post a comment
New research from FireEye suggests that a group working within Iran is behind a large-scale DNS hijacking scheme that involves web traffic all across the globe.
Wi-Fi 6 Bakes in Additional IoT Security
Larry Loeb  
1/10/2019   8 comments
At CES this week, the Wi-Fi Alliance offered new details on the new Wi-Fi 6 protocol, which bakes in some additional safeguards for IoT security.
Windows, Linux Susceptible to New Side-Channel Vulnerability
Larry Loeb  
1/9/2019   Post a comment
In a new paper co-authored by a researcher who discovered Spectre, it appears that Windows and Linux are susceptible to a new type of side-channel vulnerability that can target the page cache of an operating system.
Academics Look to Bolster the Optimization of Neural Networks
Larry Loeb  
1/7/2019   2 comments
A trio of academic papers looks at the current methods used to train neural networks and where the techniques can be improved in order to benefit the businesses that use them.
New USB Type-C Standards Offer Cryptographic-Based Security
Larry Loeb  
1/4/2019   19 comments
The USB-IF has published new guidelines that looks to bring tougher security protocols, including cryptography, to USB Type-C devices to better protect against attacks.
EU's FOSSA Project Launches New Bug Bounty Program
Larry Loeb  
1/3/2019   4 comments
The European Union's FOSSA project is launching its first-ever bug bounty program that will focus on 15 different software platforms starting later in January.
SOP Story: Why Protecting Web Browsers Remains a Security Cornerstone
Larry Loeb  
12/24/2018   22 comments
One of the oldest ways to protect content on the web is SOP. However, it's not always implemented in the same way on all browsers. This can complicate one of the main cornerstones of Internet security.
Huawei Routers Vulnerable to Simplified Credential Stuffing Attack
Larry Loeb  
12/21/2018   14 comments
Security researchers at NewSky have found a vulnerability in Huawei's HG routers that leave these devices open to a brute force attack. The company has been notified, but it's not clear what, if any fix, has been applied.
Jenkins Flaw Can Allow Attackers to Log In as Admins
Larry Loeb  
12/19/2018   4 comments
New research from CyberArk finds a critical flaw in Jenkins servers that can allow an attacker to log in as an administrator, which can lead to any number of compromises and malicious activity.
Russian-Backed Sofacy Group Used New Cannon Trojan in Recent Attacks
Larry Loeb  
12/17/2018   Post a comment
Palo Alto Networks' Unit 42 has documented two months of attacks from the Sofacy group, which also goes by Fancy Bear and APT28. Researchers found the attackers deployed a new Trojan called Cannon.
SQLite Vulnerability Could Put Thousands of Apps at Risk
Larry Loeb  
12/17/2018   6 comments
A significant bug in SQLite could allow for remote code execution, leaks of memory and program crashes within thousands of apps, according to new research.
Phishing Emails, Trojans Continued to Proliferate in Q3 – Report
Larry Loeb  
12/14/2018   6 comments
Researchers at Comodo Cybersecurity found that phishing emails continued to proliferate in the third quarter of this year, with PayPal as a major target. Malware, such as Trojans, also remain a top security issue.
'Novidade' Exploit Changes DNS Settings in Home & Small Business Routers
Larry Loeb  
12/12/2018   Post a comment
Trend Micro has picked up on a new exploit dubbed 'Novidade,' which targets small business and home routers and changes their DNS settings to redirect the traffic as part of an attack.
ESET Researchers Find 12 New Linux Malware Families
Larry Loeb  
12/11/2018   Post a comment
A report from ESET finds 12 new Linux backdoor malware families in the wild that had previously been undocumented.
Google Chrome 71: Bugs Squashed & New Ways to Block 'Abusive Experiences'
Larry Loeb  
12/7/2018   7 comments
The latest version of the Google Chrome browser squashes numerous bugs and adds in a feature to help block what the company calls 'abusive experiences.'
Kubernetes Vulnerability Can Turn Containers Into Zombies
Larry Loeb  
12/4/2018   4 comments
For years, Kubernetes was considered secure. However, a newly published vulnerability can turn enterprise containers into zombies without proper patching.
Marriott's Due Diligence Failure Led to Massive Data Breach
Larry Loeb  
12/4/2018   5 comments
After acquiring Starwood, Marriott failed to conduct a proper review of the company's security issues. This lack of due diligence led directly to 500 million records being compromised in a data breach.
UPnProxy Still Infecting Thousands of Home & Small Business Routers
Larry Loeb  
11/30/2018   12 comments
An analysis by Akamai finds that UPnProxy is still out in the wild and still targeting routers mainly used in homes and by small businesses.
New Worm Helps Spread Fileless Version of Bladabindi RAT
Larry Loeb  
11/28/2018   10 comments
An updated version of the Bladabindi RAT is fileless and can now be spread through removable USB and other storage devices.
Rowhammer Vulnerability Can Bypass ECC Memory Chips
Larry Loeb  
11/27/2018   17 comments
New research finds that the Rowhammer vulnerability can be adjusted to bypass ECC memory chips, exposing processors to an attack.
Perceptual Ad Blockers Have Security Flaws, Too
Larry Loeb  
11/22/2018   15 comments
Blocking ads is more than stopping annoying pop-ups. There's a security component as well. However, a crop of perceptual ad blockers that use machine learning have their own flaws and shortcomings.
Geoblocking, Even at Low Levels, Restricts Internet Freedom – Study
Larry Loeb  
11/21/2018   Post a comment
A new research paper from the University of Michigan and Cloudflare finds that geoblocking or geofencing is not as extensive as some believe. However, even at low levels, this practice can restrict Internet freedom.
Employees Traveling This Holiday? Don't Forget Good Security Practices
Larry Loeb  
11/19/2018   Post a comment
A survey finds that employees are more likely to bypass good security practices when they travel during the holiday season, but still log onto the corporate network to work.
New Spectre & Meltdown Attacks Show Limits of CPU Vulnerabilities
Larry Loeb  
11/16/2018   8 comments
A group of researchers from Belgium, Austria and the US have uncovered more Spectre and Meltdown flaws in CPU architectures, but their paper also shows the limits of these vulnerabilities in real-world attacks.
Google Data Center Traffic Rerouted to Nigeria, China & Russia
Larry Loeb  
11/14/2018   4 comments
For over an hour this week, some Internet traffic from Google's data centers was rerouted through a Nigerian ISP and possibly sent to Russia and China.
Metamorfo Trojan Revamped to Evade Antivirus Protections
Larry Loeb  
11/12/2018   1 comment
The Metamorfo Trojan, which has targeted banks and other financial institutions in Brazil, has been revamped by threat actors to better evade antivirus and other security protections.
DJI Drones Buzzed Over Security Flaw in Company's User Forum
Larry Loeb  
11/9/2018   3 comments
Check Point researchers found a flaw in the DJI's online user forum that could allow an attacker to access and steal information from one of the company's drones.
'Outlaw' IRC Bot Roughs Up Windows & Open Source Environments
Larry Loeb  
11/7/2018   Post a comment
Trend Micro is having a showdown with a IRC bot developed by a group dubbed 'Outlaw,' which is targeting Windows, Ubuntu and even Android environments.
'BLEEDINGBIT' Bluetooth Vulnerability Leaves Enterprises Exposed to Attacks
Larry Loeb  
11/5/2018   5 comments
Security firm Armis has found two, zero-day vulnerabilities in the BLE protocol of Texas Instrument chips that researchers call 'BLEEDINGBIT.'
RDP Attacks Prompt New Slate of Security Warnings
Larry Loeb  
11/2/2018   3 comments
Following a warning by the FBI, Trend Micro has issued its own alert about an increase in RDP attacks that have targeted enterprises all around the world.
Google's reCAPTCHA Version 3 Offers Better Bot-Fighting Capabilities
Larry Loeb  
10/31/2018   17 comments
Google is rolling out the third version of reCAPTCHA software, which the company claims can better fight spam and bots with less user input.
DemonBot Botnet Takes Advantage of Hadoop Flaw to Create DDoS Attacks
Larry Loeb  
10/29/2018   4 comments
Radware has found a new botnet called DemonBot that is taking advantage of a flaw in Hadoop servers to create large-scale DDoS attacks.
IoT Device Adoption Hampered by Consumer's Security Concerns
Larry Loeb  
10/26/2018   53 comments
For companies looking to jump on the IoT bandwagon, the adoption of these devices is being slowed by consumers' concerns over safety and security, a new report finds.
Industrial Systems Suffer From Poor Patching, Bad Password Practices – Study
Larry Loeb  
10/24/2018   Post a comment
Industrial control systems are riddled with outdated software that is in need of patching, while passwords are stored in plain text and endpoints are left open to attack, according to a report from CyberX.
Unpatched MikroTik Routers Vulnerable to Cryptomining Malware
Larry Loeb  
10/22/2018   1 comment
An alert from Avast Threat Labs finds that a vast majority of MikroTik routers don't have the last firmware update to block a cryptomining campaign.
MIT Researchers Have a DAWG in the Fight Against Spectre & Meltdown
Larry Loeb  
10/19/2018   7 comments
In the fight against Spectre and Metldown vulnerabilities, MIT is pitting its DAWG solution against Intel's CAT.
Why Killing Off TLS 1.0 & 1.1 Is a Good Thing
Larry Loeb  
10/17/2018   Post a comment
All good things must come to an end. Apple, Microsoft, Mozilla and Google have decided that's the case for the 1.0 and 1.1 versions of TLS.
Intel's 9th Gen Processors Offer Protections Against Spectre & Meltdown
Larry Loeb  
10/12/2018   10 comments
While talking up its 9th Gen processors this week, Intel offer some subtle hints about plans to protect its CPUs against the Spectre and Meltdown vulnerabilities that have plague x86 processors.
DHS Raps Juniper Over the Knuckles for 40 Junos OS Vulnerabilities
Larry Loeb  
10/12/2018   3 comments
The Department of Homeland Security felt it necessary to take Juniper Networks to the woodshed for 40 vulnerabilities, many critical, that affected the company's Junos OS.
Gemalto: 4.5B Records Breached in First Half of 2018
Larry Loeb  
10/10/2018   1 comment
Gemalto's Breach Level Index showed a staggering 133% increase in data breaches between the first half of 2017 and the first six months of this year. However, most of this malicious activity is attributable to two incidents – one involving Facebook.
US Voting Machines Riddled With Vulnerabilities & Security Flaws
Larry Loeb  
10/5/2018   7 comments
The highly anticipated report form the DEF CON Voting Machine Hacking Village finds that any number of voting machines used in US elections are vulnerable to any number of attacks or hacks.
Microsoft Is Waking Up to 'Fileless' Malware Threats
Larry Loeb  
10/3/2018   Post a comment
It took a while, but Microsoft's security engineers are starting to address concerns about 'fileless' malware. Redmond is looking to build additional defenses into Windows Defender ATP.
Torii Is a New Evolution in Botnet Malware
Larry Loeb  
10/1/2018   Post a comment
Move over Mirai. A Bulgarian security researcher and Avast have found a new botnet dubbed Torii, which can bring these types of attacks to a new level.
Magecart Group Likely Behind Increase in Formjacking Attacks
Larry Loeb  
9/28/2018   4 comments
A recent analysis by Symantec researchers has found a significant increase in formjacking attacks. The reason, according to some, is an increase in activity from the Magecart group.
Adwind RAT Squeaks Past Linux, Windows, macOS Defenses
Larry Loeb  
9/26/2018   6 comments
A newer version of the Adwind 3.0 Trojan can elude the AV defenses of Linux, Windows and macOS systems, according to Talos and ReversingLabs.
Page 1 / 2   >   >>




Latest Articles
A joint analysis from Kenna Security and the Cyentia Institute finds that enterprises are getting better at patching vulnerabilities, specifically by focusing on critical flaws as opposed to trying to fix very problem that is published.
Microsoft's latest bug-hunting program is targeting the company's Azure DevOps platform, which looks to make software development more secure.
Epic Games, the developer of Fortnite, fixed vulnerabilities in its web infrastructure that researchers said exposed the sensitive information of users of the wildly popular online game.
A security researcher has found another flaw in Intel's SGX software than can allow an attacker to escalate administrative privileges within an infected machine.
A federal judge in California finds that police can't force suspects to unlock their smartphones or other mobiles using biometrics. The court found biometrics are protected much the same way passwords are.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading - an Informa business, trading within KNect365 US, Inc. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with