securitymagazine.comSaint John's University campus in Collegeville, Minnesota went into a lockdown on Thursday for close to 10 hours while law enforcement searched for the suspect....

securitymagazine.comAccording to Menlo Security, Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome. Menlo Labs discovered that there are 49 different versions of Chrome being used by their customers as of November 17. Nearly two-thirds (61 percent) are running the latest build (.86) while just over a quarter (28 percent) are running one version prior (.85). Out of the customers running .86, a staggering 83 percent are running versions of Chrome that are vulnerable (...

securitymagazine.comDuke Energy, a Fortune 150 company headquartered in Charlotte, N.C.,  named Keith Butler as Senior Vice President and Chief Security Officer. He is currently senior vice president, global risk management and insurance, chief risk officer and acting chief ethics and compliance officer. The company also named new leaders in the critical areas of corporate security, risk management and ethics and compliance....

Heise Sicherheits NewsEs sind wichtige Sicherheitsupdates für IBM Db2 erschienen. Davon sind mehrere Plattformen betroffen....

Heise Sicherheits NewsDie Drupal-Versionsreihen 7, 8.8, 8.9 und 9.0 ermöglichten Remote Code Execution, und auch mehrere Module waren über kritische Lücken angreifbar....

Heise Sicherheits NewsDie VMware-Entwickler haben unter anderem eine kritische Lücke in Cloud Foundation, ESXi, Fusion und Workstation geschlossen....

securitymagazine.comNo matter how much you spend on your security infrastructure, it won’t do a bit of good if the people you employ aren’t using it correctly. For example, you could install the best antivirus in the world, but if an employee falls for a spear-phishing scam and inadvertently gives their password to a hacker, it’s all for nothing. That’s why it’s more critical than ever to have a culture of security....

securitymagazine.comBasketball can teach us a lot about managing the cybersecurity of an enterprise: it takes teamwork. This is perhaps most evident as organizations seek to adopt zero trust principles. The zero trust concept is not new, but I hear more organizations discussing it than ever before — driven by a desire for greater security, more flexible access, and accelerated by the shift to remote work due to COVID-19. At its core, zero trust focuses on providing least-privilege access to only those users who need it. Put it this way: don't trust anyone and even when you do, only give them what they need right now. This security philosophy would make Jordan proud, but in that vein, zero trust would not work without another player: identity management (perhaps it’s the Pippen factor!)....

securitymagazine.comIn a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post....

securitymagazine.comOn November 19 and 20, more than 200 industry and government officials exercised the energy sector’s response and recovery to a Wasatch earthquake during CESER’s Clear Path VIII. This year’s scenario impacted critical energy infrastructure within Utah and the surrounding states with cascading impacts across the Western United States. The regional, all hazards Clear Path Exercise series brings together energy sector partners on an annual basis to update policies and procedures, identify areas for collective improvement, and strengthen relationships and cooperation....

TheHackersNewsGO SMS Pro, a popular messaging app for Android with over 100 million installs, has been found to have an unpatched security flaw that publicly exposes media transferred between users, including private voice messages, photos, and videos. "This means any sensitive media shared between users of this messenger app is at risk of being compromised by an unauthenticated attacker or curious user,"...

Heise Sicherheits NewsDer schon in 2020.3 begonnene Wechsel zu ZSH wurde abgeschlossen. Zudem wurde(n) die Tool-Sammlung und dynamisch generierte Verweise auf die Kali-Doku ergänzt....

Heise Sicherheits NewsIm Server der deutschen Corona-App gab es eine Sicherheitslücke. Daten von Nutzern der Corona-App sind nicht betroffen. Die Lücke ist bereits geschlossen....

TheHackersNewsA critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/O applications in North America." "Successful exploitation of this vulnerability could cause a...

Heise Sicherheits NewsAngreifer könnten sich unter anderem Root-Rechte auf Cisco Systemen verschaffen, auf Back-End-Datenbanken zugreifen und Meetings kompromittieren....

Heise Sicherheits NewsSchwachstellen in Trend Micro InterScan Web Security Virtual Appliance und Worry-Free Business Security gefährden Systeme....

Heise Sicherheits NewsIntel und AMD veröffentlichen ihre Sicht auf kommende x86-Prozessoren mit eingebautem Microsoft-Pluton-Controller als Root of Trust....

TheHackersNewsApple is facing the heat for a new feature in macOS Big Sur that allows many of its own apps to bypass firewalls and VPNs, thereby potentially allowing malware to exploit the same shortcoming to access sensitive data stored on users' systems and transmit them to remote servers. The issue was first spotted last month by a Twitter user named Maxwell in a beta version of the operating system. "Some...

TheHackersNewsCisco has published multiple security advisories concerning critical flaws in Cisco Security Manager (CSM) a week after the networking equipment maker quietly released patches with version 4.22 of the platform. The development comes after Code White researcher Florian Hauser (frycos) yesterday publicly disclosed proof-of-concept (PoC) code for as many as 12 security vulnerabilities affecting the...

TheHackersNewsCybersecurity researchers today unveiled a complex and targeted espionage attack on potential government sector victims in South East Asia that they believe was carried out by a sophisticated Chinese APT group at least since 2018. "The attack has a complex and complete arsenal of droppers, backdoors and other tools involving Chinoxy backdoor, PcShare RAT and FunnyDream backdoor binaries, with...

Weiter