Saturday, September 23, 2017
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
Joomla Patches Eight-Year-Old LDAP Injection Vulnerability Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.
What Triggers HTTPS Chrome Browser Warnings? Researchers combed through 2,000 Chrome error reports to better classify HTTPS error warnings.
Malware Steals Data From Air-Gapped Network via Security Cameras Proof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network.
iOS 11 Update includes Patches for Eight Vulnerabilities Apple released a number of patches, including a security update for iOS 11, which is available today.

Latest News

Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket

Verizon is the latest company to leak confidential data through an exposed Amazon S3 bucket.

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

Banking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware.

2016 SEC Hack May Have Benefited Insider Trading

The U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading.

Samba Update Patches Two SMB-Related MiTM Bugs

Samba released three security updates, including two related to SMB connections that could be abused by an attacker already on the network to hijack connections and manipulate traffic or data sent from a client.

What’s New In Android 8.0 Oreo Security

Google’s Android security team has turned a corner with 8.0 Oreo, reducing the attack surface, compartmentalizing components and beefing up protection against rogue apps.

Threatpost News Wrap, September 22, 2017

The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.

Iranian APT33 Targets US Firms with Destructive Malware

APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill.

Deep-Learning PassGAN Tool Improves Password Guessing

A deep-learning network known as a GAN has been applied to passwords, and a tool called PassGAN significantly improves the ability to guess user passwords over tools such as Hashcat or John the Ripper.

Cloud-Focused Firms Earn High Marks for Software Security in BSIMM8 Report

Businesses that are cloud-focused tend to run the most secure software, while the healthcare sector is struggling the most when it comes to accomplishing the same goal, according to the BSIMM8 Report.

Equifax Suffered Earlier Breach in March

Equifax suffered another breach of its systems, back in March, the company revealed Monday.