Synopsys Buys Tinfoil

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2012-3821PUBLISHED: 2020-01-10 A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. CVE-2012-4284PUBLISHED: 2020-01-10 A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code…

January 11, 2020
Read More >>

Major Brazilian Bank Tests Homomorphic Encryption on Financial Data

The approach allowed researchers to use machine learning on encrypted data without first decrypting it. Banco Bradesco, S.A., a prominent Brazilian financial institution, has for the past year been working with IBM Research to apply a technique called homomorphic encryption to banking data. The pilot showed it was possible to apply machine learning algorithms to encrypted data without decrypting it, creating a new level of privacy that could be applied…

January 10, 2020
Read More >>

6 Unique InfoSec Metrics CISOs Should Track in 2020

You might not find these measurements on a standard cybersecurity department checklist. But they can help evaluate risks you haven’t even considered yet. (image by Brad Nixon, via Adobe Stock) A regular audience with executive management and the board is part of the CISO role now. And security leaders know they need to bring measurable information to the conversation to explain and justify their performance and spending. Metrics are no longer…

January 10, 2020
Read More >>

5 Tips on How to Build a Strong Security Metrics Framework

The carpentry maxim “measure twice, cut once” underscores the importance of timely, accurate, and regular metrics to inform security leaders’ risk decisions. When designed appropriately and measured objectively, metrics are an indispensable part of a mature security program. Solid metrics can help an organization measure and track risk and performance as well as make educated adjustments and decisions as required. While most security professionals recognize and understand this, in practice,…

January 10, 2020
Read More >>

Study Points to Lax Focus on Cybersecurity

Despite ranking at the top of respondents’ concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds. Organizations obviously are aware of the need to address security and privacy needs, but many seem to be only moderately ready on this front. That is one of the takeaways from the Society for Information Management’s (SIM) recently released IT Issues and Trends Study for 2019. The results…

January 10, 2020
Read More >>

Attackers Increase Focus on North American Electric Utilities: Report

Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm. The companies responsible for the generation, transmission, and distribution of electricity have attracted the attention of an increasing number of cyberattack groups, industrial-control system security firm Dragos said in a report published on Jan. 9. In recent months, four groups have expanded their activities…

January 10, 2020
Read More >>

Chinese Malware Found Preinstalled on US Government-Funded Phones

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless. Budget Android smartphones offered through a US government initiative for low-income Americans come with preinstalled, unremovable Chinese malware, researchers report. These low-cost smartphones are sold by Assurance Wireless, a federal Lifeline Assistance program under Virgin Mobile. Lifeline, supported by the federal Universal Service Fund, is a government program launched in 1985 to provide…

January 10, 2020
Read More >>

TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal

PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says. Russia’s infamous TrickBot organized cybercrime group has a new trick up its sleeve for high-value targets — a custom fileless PowerShell-based backdoor designed for stealth, persistence, and reconnaissance inside infected networks. SentinelOne, which has been tracking the malware, has dubbed it PowerTrick. In a blog post Thursday, the vendor described the…

January 9, 2020
Read More >>

AWS Issues ‘Urgent’ Warning for Database Users to Update Certs

Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority. Amazon Web Services has issued an “important” warning to users of its Amazon Aurora, Amazon Relational Database Service (RDS), and Amazon DocumentDB (with MongoDB compatibility) databases, urging them to update their certificates by January 14, 2020. Those who use SSL/TLS certificate validation when they connect to database instances are urged…

January 9, 2020
Read More >>

Operationalizing Threat Intelligence at Scale in the SOC

Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing. Today’s security operations centers (SOCs) are struggling. Cyber threats are ever-increasing and growing daily in sophistication. Massive volumes of data created every second lead to new vulnerabilities and attack vectors. How do SOCs keep pace with the threats happening across the landscape and better understand them to increase their…

January 9, 2020
Read More >>