TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 19, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 23 Feb 2018 15:44:45 +0000

Earlier this week, Trend Micro released its Security Roundup for 2017, which reveals an increase in ransomware, cryptocurrency mining and business email compromise (BEC) attempts over the past year as cybercriminals refined and targeted their attacks for greater financial return. Surprisingly, some of the biggest attacks still rely on known vulnerabilities that have available patches….

Read more

This Week in Security News: Bank Robberies and Whaling

Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 23 Feb 2018 14:29:52 +0000

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, business leaders share their tips on keeping their companies safe, hackers stole from a Russian central bank, and Google reveals a new Microsoft Edge flaw. Read on…

Read more

New non-security patches arrive for Win10 1607 and 1703; 1709 update likely soon

Credit to Author: Woody Leonhard| Date: Fri, 23 Feb 2018 04:26:00 -0800

Microsoft last night released a flood of unexpected patches. Yes, that’s a Thursday night dump. No, there weren’t any pressing security fixes – at least, none that were advertised. I have no idea why Microsoft’s pushing this offal out the Automatic Update chute.

In addition to a scattering of Preview patches for Win7, 8.1 and Server 2002 – which are usually posted on the third “Week C” Tuesday of the month – and the Surface Pro 3 firmware patch that was announced, but not delivered, Wednesday, we have two new cumulative updates: one for Win10 Anniversary Update (version 1607) and one for Win10 Creators Update (version 1703). Susan Bradley has a full list with links on the AskWoody site.

To read this article in full, please click here

Read more

Clever, redefined

Credit to Author: Sharky| Date: Fri, 23 Feb 2018 03:00:00 -0800

It’s the 1990s, and this pilot fish is hired at a big international company to maintain a group of Linux servers — and they definitely need help.

“My initial survey of the systems uncovered some serious security problems,” says fish. “Everything had been set up and users added with no regard to security.

“As a temporary holding action, I set all the users’ login shells to a custom restricted shell that allowed each user access to only the directories and commands necessary for their work while I analyzed all the systems, planned a decent security configuration for each, got approvals, did testing and, finally, implemented the new security.”

To read this article in full, please click here

Read more

Hiccups in HQ Trivia Game Point to Opportunity for Colocation Providers in Delivering Agile Data Centers at the Edge

Credit to Author: Greg Jones| Date: Thu, 22 Feb 2018 16:26:15 +0000

My family has caught the HQ trivia bug, but the app is also bugging us, with its tendency for glitches including stalled video. It appears to be an example of… Read more »

The post Hiccups in HQ Trivia Game Point to Opportunity for Colocation Providers in Delivering Agile Data Centers at the Edge appeared first on Schneider Electric Blog.

Read more

How extreme weather causes premature aging in medium voltage equipment

Credit to Author: Thierry Cormenier| Date: Thu, 22 Feb 2018 14:00:17 +0000

If you own or manage any large building, plant, or public infrastructure, you depend on reliable electrical distribution services. You also need equipment to be as sustainable as possible in… Read more »

The post How extreme weather causes premature aging in medium voltage equipment appeared first on Schneider Electric Blog.

Read more

Why use virtual reality for medium voltage equipment and safety training?

Credit to Author: Claude Houbart-Santini| Date: Thu, 22 Feb 2018 12:41:12 +0000

Could you make your medium voltage electrical installations safer? There could not be a more important goal. The latest digital training innovations can give students an edge and a perspective… Read more »

The post Why use virtual reality for medium voltage equipment and safety training? appeared first on Schneider Electric Blog.

Read more

Drive-by download campaign targets Chinese websites, experiments with exploits

Credit to Author: Jérôme Segura| Date: Thu, 22 Feb 2018 16:00:00 +0000

This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits.

Categories:

Tags:

(Read more…)

The post Drive-by download campaign targets Chinese websites, experiments with exploits appeared first on Malwarebytes Labs.

Read more

Securing IoT Networks

Credit to Author: William “Bill” Malik (CISA VP Infrastructure Strategies)| Date: Thu, 22 Feb 2018 15:28:10 +0000

The typical enterprise has more than 500 applications in place.Q: How do you segment a mesh? A: You can’t. Legacy IoT devices, Industrial Control Systems with custom networking, are exceptionally difficult to secure. Typically, these devices contain only enough compute capabilities to support their primary operational function. They have limited memory, low power, constrained CPU resources, and very little network bandwidth. They do not…

Read more