Fortnightly Summary Of Top IT Security News-16th Feb,2016

New White House Cyber security Plan Creates Federal CISO - 9 Feb 2016

White House officials plan to enact a range of initiatives this year that they believe will strengthen computer networks against cyber attacks. Obama administration officials are instituting what they call a cybersecurity national action plan, which would create a federal chief information security officer, establish a new commission that looks for ways to protect computer networks, and increase coordination between federal officials who focus on privacy issues. The proposal includes $3.1 billion for an IT Modernization Fund to retire, replace and modernize legacy IT systems used within the federal government.
...Read More

How to Hack the Power Grid through Home Air Conditioners- 9 Feb 2016

Researchers have found another way to take down the power grid: by remotely manipulating home and office air conditioners to create a surge. It’s an attack that has the potential to be very serious impact. The hack targets remote shut-off devices that utility companies install on air conditioners to conserve energy during peak summer periods. A hacker could cut air conditioners during a heatwave—creating a potentially fatal condition for the elderly and sick—or turn air conditioners on during peak energy periods, causing a surge that creates a widespread blackout. Or a hacker could directly attack a group of specific homes or offices by taking advantage of the fact that unique IDs are assigned to groups of devices, allowing them to be singled out.
...Read More

( Read More: Checklist To Evaluate SIEM Vendors )

Researcher finds serious flaw in Chromium-based Avast Safe Zone browser- 5 Feb 2016

Avast SafeZone browser, internally known as Avastium, which is installed with the paid versions of Avast's antivirus and security suites. Google Project Zero researcher Tavis Ormandy found a vulnerability that could allow an attacker to take control of Avastium when opening an attacker-controlled URL in any other locally installed browser. By exploiting the flaw, an attacker could remotely read "files, cookies, passwords, everything and also attacker can even take control of authenticated sessions and read email, interact with online banking, etc.
...Read More

Newly Fired CEO of Norse Fires Back At Critics- 4 Feb 2016

Norse Corp, a Foster City, Calif. based cyber security firm that has attracted much attention from the newsmedia and investors alike this past year, fired its chief executive officer this week amid a major shakeup which may spell the end of the company. The remaining employees at the Foster City, Calif.-based threat intelligence firm were apparently informed they could continue showing up for work, but there would be no guarantee they would be paid, KrebsonSecurity reported but Critics have accused Norse of going to market too soon with the data in had, and of drawing conclusions not actually supported by the data.
...Read More

( Read More: Identity & Access Management (Workshop Presentation) )

Google issues Chrome update to fix Windows, Mac, and Linux bugs
- 10 Feb 2016

Google issued a Chrome update to address Windows, Mac, and Linux vulnerabilities that, if exploited, would allow remote attackers to take control of affected systems. The bugs were discovered by Mariusz Mlynski, lukezli, Jann Horn, and an anonymous security researcher working with HP's Zero Day Initiative. Google also announced it will no longer allow Flash display ads on AdWords or DoubleClick Digital Marketing campaigns, starting June 30
...Read More

IRS Hack Affects 101000 Tax Returns- 11 Feb 2016

The tax collection agency US Internal Revenue Service (IRS) was the target of a malware attack and that allowed the perpetrators to access the electronic tax-return credentials for 101,000 social security numbers. The attack was performed by an automated bot. It's objective was to extract PINs from the Electronic Filing PIN application on the website. The app creates 5-digit PIN codes for those who want to file their tax returns online, and the code is used to authenticate the filer's identity. 
...Read More

Java installer flaw shows why you should clear your Downloads folder- 8 Feb 2016

Oracle published a security advisory recommending that users delete all the Java installers they might have laying around on their computers in default download folder and use new ones for versions 6u113, 7u97, 8u73 or later. The reason is that older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files from the current directory. In the case of Java installers downloaded from the Web, the current directory is typically the computer's default download folder.
...Read More

Let us know which was your favorite news? Leave us your thoughts in the comments below

Views: 287

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service