Shadow IT increases vulnerability to cyber-attacks say most IT depts

Most (88 percent) IT decision makers in UK and German organisations believe that shadow IT makes them more vulnerable to cyber-attacks.[...]
http://www.scmagazineuk.com/shadow-it-increases-vulnerability-to-cyber-attacks-say-most-it-depts/article/509159/ via @scmagazineuk

These Top 10 Programming Languages Have Most Vulnerable Apps on the Internet

A new research showed that Scripting languages, in general, give birth to more security vulnerabilities in web applications, which raised concerns over potential security bugs in millions of websites. The app security firm Veracode has released [...]

Patch Report: All Versions of Windows affected by Critical Vulnerability

 Microsoft has rolled out six security updates this Patch Tuesday, out of which three are considered to be "critical," while the rest are marked as "important." Bulletin MS15-106 is considered to be critical for Internet Explorer (IE) and affects absolutely all versions of Windows operating system. The [...]

Critical OS X Flaw Grants Mac Keychain Access to Malware.

Back in July, a security researcher disclosed a zero-day vulnerability in Mac OS X that allowed attackers to obtain unrestricted root user privileges with the help of code that even fits in a tweet. The same vulnerability has now been upgraded to again infect Mac OS X machines even after Apple [...]

PayPal Vulnerability Allows Hackers to Steal All Your Money.

A critical security vulnerability has been discovered in the eBay owned global e-commerce business PayPal that could allow attackers to steal your login credentials, and even your credit card details in unencrypted format. Egypt-based researcher Ebrahim Hegazy discovered a Stored Cross Site [...] 




  

iOS Sandbox Vulnerability Puts Enterprise Data at Risk.

 

 "Change is the only constant thing," as it is known could be now modified as "Change is the only constant thing*," where the * means Terms and conditions apply! A change (Mobile Device Management solutions-MDM, Bring Your Own Device-BYOD) was brought to the organizations, (which later became [...] 

Your GPS Location and Calls Can be Spied Using Network Vulnerability.

Yes, you heard it right. It's the dirty truth that’s featuring what is being called the largest privacy breach ever. Billions of cell phone users are at risk of a vulnerability in the SS7 inter-carrier network that allows hackers and spies agencies to track locations and intercept all voice [...]

Bug in OpenSSH Opens Linux Machines to Password Cracking Attack

A simple but highly critical vulnerability recently disclosed in the most widely used OpenSSH software allows attackers to try thousands of password login attempts per connection in a short period. OpenSSH is the most popular software widely used for secure remote access to Linux-based systems. [...]

OpenSSL to Patch Undisclosed High Severity Vulnerability this Thursday.

Attention Please! System Administrator and anyone relying on OpenSSL should be prepared to switch to a new version of the open-source crypto library that will be released this Thursday 9th July. OpenSSL is a widely used open-source software library that provides encrypted Internet connections [...]

Report: Vulnerability Risk Correlates to Exposure on Social Media.

 The type of coverage a vulnerability receives on social media often correlates to that threat’s level of risk, reveals a recent report.

This is just one of the findings of the 2015 State of Vulnerability Risk Management, a study issued earlier this month by NopSec Labs, a data science and research company that specializes in analyzing malware, exploit, vulnerability and other cyber threat risk patterns.[...]. 

Apple Mac OSX Zero-Day Bug Allows Hackers to Install RootKit Malware.

A zero-day software vulnerability discovered deep in the firmware of many Apple computers could allows an attacker to modify the system’s BIOS and install a rootkit, potentially gaining complete control of the victim’s Mac. The critical vulnerability, discovered by well-known OS X security researcher [...] - See more at: http://thehackernews.com/#sthash.8nvBQ6hM.dpuf

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But [...] See more at: http://thehackernews.com/#sthash.iQBfGwu8.dpuf

MacKeeper Zero Day Remote Code Execution Vulnerability

A controversial piece of security and maintenance software for Mac OS X computers, known as MacKeeper, has been found to be vulnerable to a critical remote code execution vulnerability. MacKeeper antivirus software for Mac OS X is designed to improve Mac performance and security, but it is infamous [...]

Hacking Aviation Technology: Vulnerability Disclosure and the Aviation Industry

You know what I don’t want to talk about any more? Responsible disclosure. The problem is that, as old as that discussion is for information security, it and the adjacent topics, remain relevant for many other industries.[...]

[Video] PayPal Remote Code Execution Vulnerability Demonstrated by Hacker

A critical remote code execution vulnerability has been reported in the eBay owned global e-commerce business PayPal that could be exploited by an attacker to execute arbitrary code on the PayPal's Marketing online-service web-application server. The remote code execution flaw, discovered by [...]

Hackers Could Crash Trains by Hacking Rail Traffic System

After reaching heights in cyber attacks by targeting SCADA systems, hackers are looking forward to crash trains. It isn't only assumptions; it could actually happen in real. A new hi-tech railway signalling system being tested in the United Kingdom could potentially be hacked by cyber criminals [...]

iOS 8 Vulnerability Lets Hackers Crash Any iPhone and iPad Within Wi-Fi Range

Security researchers have uncovered a zero-day vulnerability in iOS 8 that could repeatedly crash users' Apple iPhones, iPads and iPods when the devices connect to a malicious wireless hotspot. It’s like Denial of Service (DoS) attack on Apple's iOS devices that results in crashing either individual [...]