Weekly InfoSec Roundup 10/20/17

Welcome to a weekly round-up of the most relevant and interesting happenings and events at Brinqa and from across the Information Security industry.
 

  • WPA2 security flaw puts almost every Wi-Fi device at risk of hijack, eavesdropping
  • “A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack.”
    Read More
     

  • Users Report Fraudulent Transactions After Pizza Hut Admits Card Breach
  • “Pizza Hut has suffered a data breach, and a hacker has stolen payment card details for a small number of clients, the company admitted on Saturday in an email sent to affected customers.”
    Read More
     

  • Adobe Patches Zero Day Vulnerability Used to Plant Government spying Software
  • “On Monday, researchers from Kaspersky Lab revealed the new, previously unknown vulnerability, which has been actively used in the wild by advanced persistent threat (APT) group BlackOasis. In a security advisory, Adobe said Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge, and Internet Explorer 11 are affected by the vulnerability.”
    Read More
     

  • Microsoft kept quiet about 2013 bug
  • “A cyber-attack by a notorious hacking group back in 2013 compromised highly sensitive information on unfixed Microsoft vulnerabilities, data which could have been used to devastating effect, it has emerged. Microsoft’s statement at the time downplayed the seriousness of the attack.”
    Read More
     

  • Oracle swats 252 bugs in patch update
  • “On Tuesday, Oracle’s security advisory said the latest Critical Patch Update (CPU) addresses a total of 252 security fixes for hundreds of products. Oracle Fusion Middleware, Oracle Hospitality, Oracle MySQL, and PeopleSoft have received the most fixes in the latest update.”
    Read More
     

  • Report: 88% of Java Apps Vulnerable to Attacks from Known Security Defects
  • “A new report from CA Veracode has exposed the pervasive risks companies face from vulnerable open source components. In its 2017 State of Software Security Report the firm reviewed application security testing data from scans of its base of 1400 customers, discovering that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.”
    Read More
     

  • New Locky Ransomware Strain Emerges
  • “The latest Locky strain, which began appearing on Oct. 11 and goes by the .asasin extension, is collecting information on users’ computers such as the operating system used, IP address, and other such information, says Brendan Griffin, PhishMe threat intelligence manager.”
    Read More
     

  • Domino’s Australia Blames Former Supplier for Info Leak
  • “The firm explained that the information potentially leaked by this third party did not include financial information but most likely did feature: Domino’s store name, customer order name and customer email address.”
    Read More
     

  • The US Offers Black Hats Zero-Day Opportunities with Lagging CVE Reporting
  • “When it comes to software vulnerability (CVE) disclosure, the US lags China when it comes to turnaround time. Recorded Future, which had previously uncovered unexpectedly large gaps between public disclosure of a vulnerability and its inclusion in the US National Vulnerability Database (NVD), found that on any given day, there’s more current information about software vulnerabilities on China’s National Vulnerability Database (CNNVD) than on NVD.”
    Read More
     

  • Cisco warns 69 products impacted by krack
  • “Cisco said Wednesday that multiple Cisco wireless products are vulnerable to the recently identified Key Reinstallation Attacks (KRACK). On Monday, researchers revealed how the KRACK vulnerabilities plagued the WPA2 protocol used to secure all modern Wi-Fi networks. In their report, researchers demonstrated how the KRACK vulnerabilities can be abused to decrypt traffic from enterprise and consumer networks with varying degrees of difficulty.”
    Read More
     

  • Brinqa @ Qualys Security Conference 2017
  • Brinqa attended the Qualys Security Conference in Vegas this week. Part of the conference focused on moving away from the mentality of cybersecurity as an afterthought which aligns perfectly with Brinqa’s risk centric approach to security. The Brinqa team hosted as session and connected with many members in the Qualys community. Building a comprehensive risk and vulnerability management program is an important aspect of cyber risk management programs and we appreciate Qualys efforts and advancements in this field.
    
    QSC17

Stay updated with our blog posts

Enter your email address and you'll be notified about our new posts

  • This field is for validation purposes and should be left unchanged.
© 2019 BRINQA | Legal | Terms