From Our Blog:
- Data Privacy – An Introduction by Latha Sunderkrishnan (Senior Consultant)
When companies and merchants use data or information that is provided or entrusted to them, this data should be used according to the agreed purposes. Companies must ensure data privacy because the information is an asset to the company.
Privacy concerns exist wherever personally identifiable information or other sensitive information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources…read more
- Windows Kernel Exploitation by Neelu Tripathy (SME)
A plethora of attacks have illustrated that attacker specific code execution is possible through user mode applications/software. Hence, lot of protection mechanisms are being put into place to prevent and detect such attacks in the operating system either through randomization, execution prevention, enhanced memory protection, etc. for user mode applications.
However little work has been done on the Kernel end to save the base OS from exploitation. In this article we will discuss the various exploit techniques and methods that abuse Kernel architecture and assumptions…read more
________________________________________________________________________________________________________
Vendor Patches:
- OpenSSL Releases Security Advisory
- Cisco Releases Security Update-RV220W Management Authentication Bypass Vulnerability
- Apple Releases Security Update for tvOS
- Google Releases Security Update for Chrome
- Cisco Releases Security Updates-Modular Encoding Platform D9036 Software Default Credentials Vulnerability
- ISC Releases Security Updates for BIND
- Oracle Releases Security Bulletin
- Apple Releases Security Updates for iOS, OS X El Capitan, and Safari
- WordPress Releases Security Update
- Mozilla Releases Security Updates
- FreeBSD Patches Kernel Panic Vulnerability
Security Breaches:
- Hackers Breach NASA Leaking Hundreds of Gigabytes While Trying to Crash a $222M Drone
- University of Virginia hit with Phishing scam, 1,400 affected
- Details of 325K Earbits.com users available on public database
- HSBC UK online banking operations disrupted by DDoS attack
- Ransomware 7ev3n extorts victims for 13 bitcoins
- Missing drives contained PHI on 950K Centene customers
Malware News:
- Israeli Electric Authority Hit by ‘Severe Cyber Attack,’ Likely Ransomware
- Asacub Transitions from Spyware to Banking Malware
- Dridex Borrows Tricks From Dyre, Targets U.K. Users
- Bot Fraud to Cost Advertisers $7 Billion in 2016
Security News:
- FireEye Acquires Security Orchestration Firm Invotas
- Google Wants to Fly Drones Over Your Head to Deliver High Speed 5G Internet
- WhatsApp to Share your Personal Data with Facebook
- Linux Kernel Vulnerability all you want to know
- Critical OpenSSL Flaw that Allows HTTPS-Traffic to be Decrypted Patched
- 2.5-Year-Old iOS Cookie Stealing Vulnerability that Allowed Hackers to Impersonate Users Patched
- Anonymous Knocks Nissan Japan Offline to Protest Whale Hunting
- Firebird CVE-2013-2492 Remote Code Execution Vulnerability
- eBay Flaw Exposes Users to Malware, Phishing Attacks
- Data Theft Hole Identified in LG G3 Smartphones
- Java Serialization Bug Crops Up At PayPal
- Hard-Coded Password Found in Lenovo File-Sharing App
- Oracle Java SE CVE-2015-4843 Remote Security Vulnerability
- Government Agencies Audit for Juniper Backdoor
- Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow Vulnerability
- OpenSSH Patches Critical Flaw that could Leak Private Crypto Keys
- Mozilla Network Security Services Memory Corruption and Heap Buffer Overflow Vulnerabilities
