SERIOUS VULNERABILITIES DISCLOSED IN MODEMS USED BY AT&T'S U-VERSE SERVICE

Five vulnerabilities have been found in Arris-manufactured home networking equipment supplied in AT&T's U-verse service. The vulnerabilities are considered so trivial to exploit that they have been disclosed to the public without waiting for remedial work from either Arris or AT&T....
SECURITY WEEK
READ MORE

GOOGLE ENCRYPTS CONNECTIONS BETWEEN ITS SERVERS

Now it has made two announcements. Firstly, use of HTTPS is now mandatory for all Gmail users all of the time, and secondly, HTTPS is also used between its data centers. On the first, Nicolas Lidzborski, Gmail security engineering lead explained in a blog, "Today's change means that no one can listen in on your messages as they go back and forth between you and Gmail’s servers—no matter if you're using public WiFi or logging in from your computer, phone or tablet.
...
INFOSECURITY-MAGAZINE
READ MORE

HAS GDPR IMPACTED INSIDER THREATS?

According to new research from Clearswift, the introduction of GDPR has led to a slight drop in insider threats in both the UK and Germany. Survey respondents said that insider threats make up 65% of reported incidents in 2018, compared to 73% last year. German companies reported similar declines, with insider error incidents at 75% this year, down from 80% last year. The research surveyed 400 senior IT decision makers from global organizations with more than 1,000 employees and found that 38% o...
INFOSECURITY MAGAZINE
READ MORE

US TAKES DOWN HUGE BOTNET AS SPAIN ARRESTS NOTORIOUS RUSSIAN HACKER

US authorities moved Monday to take down a global computer botnet behind the massive theft of personal data and unwanted spam emails, as Spain arrested the notorious Russian hacker who operated it. US authorities say the Russian, Piotr or Peter Levashov, had operated the Kelihos network of tens of thousands of infected computers, stealing personal data and renting the network out to others to send spam emails by the millions and extort ransom from computer owners....
SECURITYWEEK
READ MORE

SHADOW IT FEEDS 'MAN IN THE CLOUD' ATTACKS

Shadow IT -- the use of unauthorized online services by company employees -- is a concern of cyberwarriors charged with defending business systems against network attacks. There's new evidence that those concerns are justified....
TECHNEWSWORLD
READ MORE

#INFOSEC15: UK FIRMS URGED TO STEP UP TO COMBAT NEW BREED OF SOCIAL ENGINEERS

Social engineering as we know it is dead, replaced by a new breed of ‘psychological hackers,’ laser-focused on specific target organizations, who use the latest techniques to outwit current mitigations, according to a leading social engineer....
INFOSECURITY MAGAZINE
READ MORE