Social Network For Security Executives: Help Make Right Cyber Security Decisions
( Read More: Checklist To Evaluate SIEM Vendors )
Researcher finds serious flaw in Chromium-based Avast Safe Zone browser- 5 Feb 2016
Avast SafeZone browser, internally known as Avastium, which is installed with the paid versions of Avast's antivirus and security suites. Google Project Zero researcher Tavis Ormandy found a vulnerability that could allow an attacker to take control of Avastium when opening an attacker-controlled URL in any other locally installed browser. By exploiting the flaw, an attacker could remotely read "files, cookies, passwords, everything and also attacker can even take control of authenticated sessions and read email, interact with online banking, etc.
Newly Fired CEO of Norse Fires Back At Critics- 4 Feb 2016
Norse Corp, a Foster City, Calif. based cyber security firm that has attracted much attention from the newsmedia and investors alike this past year, fired its chief executive officer this week amid a major shakeup which may spell the end of the company. The remaining employees at the Foster City, Calif.-based threat intelligence firm were apparently informed they could continue showing up for work, but there would be no guarantee they would be paid, KrebsonSecurity reported but Critics have accused Norse of going to market too soon with the data in had, and of drawing conclusions not actually supported by the data.
( Read More: Identity & Access Management (Workshop Presentation) )
Google issues Chrome update to fix Windows, Mac, and Linux bugs- 10 Feb 2016
Google issued a Chrome update to address Windows, Mac, and Linux vulnerabilities that, if exploited, would allow remote attackers to take control of affected systems. The bugs were discovered by Mariusz Mlynski, lukezli, Jann Horn, and an anonymous security researcher working with HP's Zero Day Initiative. Google also announced it will no longer allow Flash display ads on AdWords or DoubleClick Digital Marketing campaigns, starting June 30
IRS Hack Affects 101000 Tax Returns- 11 Feb 2016
The tax collection agency US Internal Revenue Service (IRS) was the target of a malware attack and that allowed the perpetrators to access the electronic tax-return credentials for 101,000 social security numbers. The attack was performed by an automated bot. It's objective was to extract PINs from the Electronic Filing PIN application on the IRS.gov website. The app creates 5-digit PIN codes for those who want to file their tax returns online, and the code is used to authenticate the filer's identity.
Java installer flaw shows why you should clear your Downloads folder- 8 Feb 2016
Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers in default download folder and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.
Let us know which was your favorite news? Leave us your thoughts in the comments below