HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
If you run a mainstream distribution of Linux on a desktop computer, there's a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you're running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.
The last email service we’ll cover in the 12 Days of 2FA is Outlook.com. If we haven’t covered your email service here, check twofactorauth.org’s more extensive list of email platforms that offer two-factor authentication. If you only enable 2FA for one account, email is a good choice for most users. Email is often a golden key to all of your other online accounts. When you forget or lose your password, services will often email you to confirm your identity and reset it.
A vulnerability in some popular Netgear routers has gone unpatched for months. Left unchecked, it leaves thousands of home networking devices exposed to full control by hackers, who can then ensnare them in havoc-wreaking botnets. While Netgear has finally released a tentative fix for some models, the delays and challenges in patching all of them help illustrate just how at risk the Internet of Things is—and how hard it is to patch up when things go wrong.
Cyber attacks targeting banks using the global transfer service SWIFT have successfully stolen funds in the months following February's Bangladesh central bank heist, according to a recently discovered letter sent to banks in November.
In the letter, sent on the 2 November to banks worldwide and uncovered today by Reuters, SWIFT warned that due to increasingly sophisticated attacks, there was an escalating threat against banks' systems. It read: "The threat is very persistent, adaptive and sophisticated - and it is here to stay."
Security researcher Andrew Fasano from MIT Lincoln Laboratory said this week that a total of 10 security flaws, if chained together, allows the execution of code remotely as a root user.
"At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time," the security advisory reads. "When I noticed all these, I decided to take a look."