Earlier Snowden leaks have already introduced us to XKeyScore. However, new documents highlighted in the latest Intercept article make it sound even worse than privacy advocates first suspected. Watch the video to learn more.
Original release date: June 30, 2015 Apple has released security updates for QuickTime, Safari, Mac Extensible Firmware Interface (EFI), OS X Yosemite, and iOS.
If you use Apple products — on Mac or PC — know that today is Apple Patch Day. The popular software company released six security advisories (originally five, but they had a late breaking advisory) fixing many security flaws in most of their most popular products. Watch today’s video to learn which products are affected, and what you should patch (or check the Reference section for a link to the page with all the details)
Original release date: June 30, 2015 US-CERT is aware of phishing campaigns masquerading as emails from the Office of Personnel Management (OPM) or the identity protection firm CSID. For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com
If you’re feeling behind on critical information security news, you’re not alone. There are so many new InfoSec stories each week that only a dedicated few can keep up with the latest.
I’ve mentioned ransomware repeatedly in my videos, but today the FBI warned business how dangerous ransomware can be. Watch our video to learn how much ransomware has cost US companies this year, and how to protect yourself from it
Original release date: June 25, 2015 Cisco has released security updates to address vulnerabilities in Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of the affected appliance. US-CERT encourages users and administrators to review the Cisco Security Advisory and apply the necessary updates
The goal of a penetration test is to report all identified vulnerabilities to the customer. Of course, every penetration tester puts most of his effort into finding critical security vulnerabilities: SQL injection, XSS and similar, which have the most impact for the tested web application (and, indeed, it does not hurt a penetration testers ego when such a vulnerability is identified However, I strongly push towards reporting of every single vulnerability, no matter how harmless it might appear (and my penetration team coworkers sometimes complain about this, but lets prove them wrong). Here well take a look at how two seemingly low risk vulnerabilities can be combined into a more dangerous one.
You would hope our governments only spy on or hack the bad guys, but apparently they target security companies too. The latest Snowden leaks cover how the NSA and GCHQ target foreign antivirus companies, and reverse engineer their products to presumably find weaknesses.