Network Security News Weekly

Current cybersecurity news to keep you informed.
IT Services | Government | Financial | Healthcare | Non-Profit

Articles of interest from the week of July 2, 2018


Office 365 users targeted by phishers employing simple HTML tricks
Phishers are using a simple but effective trick to fool Microsoft’s NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages. The phishing emails landing in targets’ inboxes warn potential victims that their email account has reached a “maximum quota limit” and that they should upgrade their account. To the casual observer, the emails appear to be “signed” by Microsoft. (By: , Help Net Security)

With Internet of Things, Devices become Insider Threat
Connected devices present unique challenges to enterprises and consumers alike. The very nature of these devices — connected TVs, personal assistants like Alexa, or security cameras — calls for seamless connectivity and easy access. The vulnerability of connected devices has been proven time and again, and there is growing concern regarding cyberthreats. Today, IoT devices are often targeted by hackers, infected with malware and used to mine cryptocurrency, populate botnets and launch denial of service attacks. But there is another, more subtle and insidious threat that IoT devices pose: the insider threat. (By: , Security Ledger)

Marketing Firm Exposes 340 Million Records on US Consumers
A computer security researcher has discovered a vast marketing database containing 340 million records on U.S. consumers, including such information as credit worthiness, political donations, stock ownership and the ages of their children. In the case of the Exactis data exposure, each exposed record contains up to 150 fields describing a person: the number of children in a household, the ages of those children, what type of payment cards a person holds, an estimation of their home's value, whether they own stock, their hobbies, their mortgage company, credit rating, ethnic group, political donations and religion, among many others. (By: , Bank Info Security)

Is User Training the Weakest Link for Your Email Security Approach?
The days of only deploying an email security gateway to block viruses, spam and other threats from reaching user email accounts are gone. Even though gateways no doubt have their place in a comprehensive security strategy, in most cases they are paired with supplementary technologies to ensure the most effective layered email protection. This is critical because gateways aren’t designed to sniff out attacks such as social engineering, phishing, spear phishing, and business email compromise (BEC). (By: , Infosec Island)

Unpatched WordPress file deletion vulnerability could allow site takeover and code execution
Seven months ago, security experts discovered a critical file deletion vulnerability that affects all WordPress versions, currently, the issue is still unpatched. The vulnerability could be exploited to complete takeover of the websites running the popular CMS and gain arbitrary code execution. The issue is severe if we consider the potential impact, WordPress is the most popular CMS and according to w3tech, it is used by approximately 30% of all websites. (By: , Security Affairs)

Seven Ways to Protect Your Organization’s Privileged Accounts
Many high-profile breaches have one thing in common: They were accomplished through the compromise of passwords. In many cases, end-user passwords are initially hacked through various social engineering techniques. Then permissions are escalated to gain access to more privileged accounts — the keys to the kingdom. This unauthorized access can easily go undetected for weeks or even months, allowing hackers to see and steal information at their convenience. (By: , CSO)

The Wi-Fi Alliance announced the launch of the WPA3 security standard
The Wi-Fi Alliance officially launched the WPA3, the new Wi-Fi security standard that will address all known security issues affecting the precious standards and will mitigate wireless attacks such as the KRACK attacks and DEAUTH attacks. The Wi-Fi Alliance includes tech giants like Apple, Cisco, Intel, Qualcomm, and Microsoft. (By: , Security Affairs)



Sign Up For Netsec News Weekly

Ingalls Information Security
TOP