Updating antimalware solutions in industrial control systems
Credit to Author: Matvey Voytov| Date: Wed, 07 Feb 2018 16:01:26 +0000
How can we keep antimalware solutions up to date without compromising the ICS environment?
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
Month: February 2018
Multi-risks in the Multi-cloud: An Industry Perspective
Credit to Author: John Maddison| Date: Wed, 07 Feb 2018 13:45:59 +0000
Even if the enterprise security team has a handle on its individual clouds, multiple secure clouds are not the same thing as a secure multi-cloud. This requires a single secure enterprise network that spans the data center (physical or software defined) and all the private and public clouds to which an organization subscribes.
Read MoreAn analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)
Credit to Author: Quick Heal Security Labs| Date: Wed, 07 Feb 2018 13:59:42 +0000
Important update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in…
Read MoreFortinet Highlights Agile Security at Mobile World Congress
Credit to Author: Ronen Shpirer| Date: Wed, 07 Feb 2018 09:00:59 +0000
In this blog post, I’d like to zero in on what we’re planning around the Agile Security theme. In two subsequent blog posts, I’ll expand on our Advanced Security and Mobile Security-Managed Security Services themes.
Read MoreSSD安全公告-GitStack未经验证的远程代码执行漏洞
Credit to Author: SSD / Maor Schwartz| Date: Tue, 06 Feb 2018 08:44:21 +0000
漏洞概要 以下安全公告描述了在GitStack中存在的一个未经身份验证的动作,允许远程攻击者添加新用户,然后用于触发远程代码执行。 GitStack是一个可以让你设置你自己私人Git服务器的软件。 这意味着你可以创建一个没有任何内容的版本控制系统。GitStack可以非常容易的保持你的服务器是最新的。它是真正Git for Windows,并与任何其他Git客户端兼容。GitStack对于小团队来说是完全免费的。 漏洞提交者 一位独立的安全研究人员 Kacper Szurek向 Beyond Security 的 SSD 报告了该漏洞 厂商响应 自2017年10月17日起,我们多次尝试联系GitStack,已经收到回应,但未提供有关解决方案或解决方法的详细信息。 CVE:CVE-2018-5955 漏洞详细信息 用户可控的输入没有经过充分的过滤,未经身份验证的攻击者可以通过发送以下POST请求在GitStack服务器中添加新用户: [crayon-5a7a29f09ace6671375808/] 一旦攻击者将用户添加到服务器,他就可以启用web repository功能。 现在,攻击者可以从远程创建一个repository,并禁止其他人访问我们新的repository。 在repository中,攻击者可以上传后门并使用它来执行代码: 漏洞证明 [crayon-5a7a29f09acf2853583590/]
Read MoreOn tests and awards
Credit to Author: Kaspersky Team| Date: Tue, 06 Feb 2018 18:31:43 +0000
A list of the most important awards given to our security solutions by independent testing labs, and why the awards are important.
Read MoreSafer Internet Day 2018: ad blockers and anti-trackers
Credit to Author: William Tsing| Date: Tue, 06 Feb 2018 18:00:00 +0000
 | |
| Today, on Safer Internet Day, we’re going to look at some of the easiest, fastest, completely free things you can do to have a safer Internet experience. Starting with ad blockers and anti-tracking browser extensions. Categories: Tags: adblockermalvertisingprivacysafer internet daysafety |
The post Safer Internet Day 2018: ad blockers and anti-trackers appeared first on Malwarebytes Labs.
Read More5 Ways Public-Private Partnerships Can Enable the Vision of Your Community — No Matter What the Size
Credit to Author: Marcus Craig| Date: Tue, 06 Feb 2018 17:10:34 +0000
When it comes to size, Dallas County and Elmore County couldn’t be more different. With 2.5 million residents and 56 facilities, sprawling Dallas County is a giant compared to Elmore… Read more »
The post 5 Ways Public-Private Partnerships Can Enable the Vision of Your Community — No Matter What the Size appeared first on Schneider Electric Blog.
Read More