What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-02-23 08:37:16 | Did you order those iTunes movies? Nope, it\'s just phishing for Canadian Apple users (lien direct) | Over the weekend, we encountered an interesting variation of a phishing email targeting Apple users. The email contained an alleged receipt for five movies purchased from the iTunes Store that was so detailed that the user who received it, and who knows better, still almost fell for the scam. Figure 1. Phishing Apple email Similar cases were reported in 2015 by users in the UK and Australia, except in those cases the fake receipt contained songs and books, respectively. Last year, similar emails targeting users in the US were also reported,... | |||
|
2017-02-22 16:58:28 | Keep Your Account Safe by Avoiding Dyzap Malware (lien direct) | Introduction Dyzap belongs to a family of malware designed to steal confidential information from enormous target applications by installing a “man in the browser†attack into common browsers. FortiGuard Researchers recently discovered a new variant of this Trojan virus. Stolen information may include, but is not limited to, system information and application credentials stored on infected systems. In this blog, we will explain how the malware steals user accounts, acts as a keylogger, and communicates with its C&C server. Stealing... | |||
|
2017-02-22 16:57:16 | Healthcare Digital Transformation & HIMSS17 (lien direct) | Healthcare systems spanning the globe are recognizing the potential of digital technologies and looking to leverage them to develop new business models, new revenue streams, and a better customer experience across the industry.  When speaking about “digital†technologies impacting the industry in 2017, we at Fortinet are focused on four principal technologies that are most responsible for change:  Cloud IoT Ubiquitous Broadband Data Analytics  We recently sat down at HIMSS17 in Orlando,... | |||
|
2017-02-21 15:55:32 | Looking Back at Fortinet\'s Security Research and Vulnerability Discoveries (lien direct) | In an effort to provide more proactive protections in Fortinet products and to more effectively identify and defeat network threats, the Fortinet security research team works on discovering potential threats in popular products. As a result, over the past year we have discovered 84 vulnerabilities that have been reported to their respective vendors as part of our responsible vulnerability disclosure process. Fortinet protections against these discoveries were released to Fortinet products at the same time these vulnerabilities were reported to their... | |||
|
2017-02-21 08:49:01 | FortiGuard Labs - Global Healthcare Threat Telemetry for Q4 2016 (lien direct) | This Global Healthcare Threat Telemetry report examines the threat landscape of the global healthcare industry in Q4 2016. It is based on threat telemetry obtained by FortiGuard Labs' research group from sensors located at 454 healthcare companies located in 50 countries around the globe. FortiGuard Labs, and its more than 200 researchers and analysts located around the world, logs over 400,000 hours of threat research every year by monitoring and analyzing threat telemetry gathered from over two million sensors. The resulting threat intelligence... | |||
|
2017-02-20 21:32:15 | Infographic: Protecting Patient Data in Today\'s Digital World (lien direct) | The healthcare industry continues to ride the digital wave to improve patient care and organizational efficiency in addition to reducing costs. Hospitals and health systems are relying on electronic health records (EHRs), the cloud, and the Internet of Things (IoT) more than ever. While these technologies are convenient, efficient, and enable a higher degree of patient-centric care, they can be jeopardized by cybercriminals. Stolen patient data can easily be sold on the dark web to criminals looking to extort money, commit identify fraud, spearphish,... | |||
|
2017-02-19 21:23:12 | Fortinet Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Flash Player (lien direct) | I discovered and reported multiple critical zero-day vulnerabilities in Adobe Flash Player last November. This Tuesday, Adobe released a security patch which fixed them. | ★★ | ||
|
2017-02-16 20:24:59 | RSA 2017 Roundup (lien direct) | RSA 2017 is a wrap. The final sessions are being recorded, the coat check area is filled with luggage, and the smell of propane is filling the show floors as forklifts begin to deliver packing crates to this year's crop of security vendors. As expected, the hottest security topics and offerings were related to IoT and the cloud. Threat intelligence and SOCs were also top of mind as companies try to get a handle on the deluge of data and devices flooding their networks. In spite of the veneer of innovation, however, for far too many vendors... | |||
|
2017-02-16 18:32:03 | Ransomware-as-a-Service: Rampant in the Underground Black Market (lien direct) | Given the popularity and success of ransomware, it is no surprise that malware authors have been developing more ransomware than ever before. Last year's cost of ransomware attacks reached $1 billion, which not only shows how this affects businesses, but for cybercriminals the potential pay-out for cyber-extortion can be very lucrative. The rise of ransomware infections may also be attributed to the attractiveness growing availability of Ransomware-as-a-Service (Raas). Ransomware authors posts are now developing user-friendly... | |||
|
2017-02-16 17:55:21 | PHPMailer Powered – Use It, But Also Remember to Update It (lien direct) | At the end of last year, a critical vulnerability in PHPMailer that affected millions of websites – CVE-2016-10033 - was discovered by Polish security researcher Dawid. This vulnerability allows an attacker to compromise the target's web application by executing remote code on the vulnerable web server. There are numerous open source web applications that use PHPMailer as their main library for sending emails, including WordPress, Joomla, Yii, SugarCRM… More than a month after PHPMailer released a patch for this critical... | |||
|
2017-02-15 09:16:00 | The Challenge of Securing IoT (lien direct) | By now, everyone has heard the numbers. IoT is part of a networking revolution that is transforming the world. Experts predict that by 2020 there will be over 33 billion IoT devices deployed, or 4.3 Internet-connected devices for every man, woman, and child on the planet. Of course, IoT is more than just one thing. There are a variety of IoT devices and categories, each with their own implications. Consumer IoT includes the connected devices we are most familiar with, such as smart cars, phones, watches, laptops, connected appliances, and... | |||
|
2017-02-14 21:35:02 | REMCOS: A New RAT In The Wild (lien direct) | Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we've seen its payload being distributed in the wild for the first time. This article demonstrates how this commercialized RAT is being used in an attack, and what its latest version (v1.7.3) is capable of doing. Remcos is currently being sold from $58 to $389, depending on the license period and the maximum number of masters or clients... | |||
|
2017-02-13 20:18:43 | Fortinet Hits the Road with IDC and VMware to Help Enterprises with Agile Cloud Security
 (lien direct) | Fortinet, VMware, and International Data Corporation (IDC) are hitting the road with the Agile Cloud Security series of events across EMEA, with the aim of increasing awareness of the security challenges digital transformation and cloud present, along with the solutions available to address these challenges.  From February to June, this road show will visit seven countries across the Middle East, Europe, and Africa. | |||
|
2017-02-13 07:53:27 | Effectively Using Threat Intelligence (lien direct) | If we want to get ahead of cybercrime, we must share information. A collection of companies working together to collect and share intelligence will always have better visibility into the threat landscape than one organization on its own. Seeing new threats as soon as they emerge increases our ability to respond and protect valuable resources. There is a lot of raw data for organizations to use, from both global sources and within their own networks. Unfortunately, most security infrastructures were not designed to effectively consume, correlate,... | |||
|
2017-02-10 17:47:47 | Information Sharing in Cybersecurity Today Q&A with Derek Manky (lien direct) | Information sharing continues to be a topic that remains timely and vital in global cybersecurity. As an industry, it is well understood that turning the tide on cybercrime requires actionable information sharing across networks, borders, and vendors. Fortinet's Derek Manky offers some perspective ahead of RSA 2017 in San Francisco. Why is information sharing so important today? Sharing information proactively across all verticals and public or private organizations is essential moving forward. Organizations continue to struggle against... | |||
|
2017-02-09 09:49:47 | (Déjà vu) Byline: Solving IoT Security - Pursuing Distributed Security Enforcement (lien direct) | For many of us in the Security Industry, the possibility of using Internet of Things (IoT) devices as a launchpad for an attack has been mostly theoretical. However, information obtained after the massive distributed denial-of-service (DDoS) attack against the services offered by DYN.com appears to show that the threat is real and immediate. The definition of IoT is often a little vague. Generally speaking, I consider any device with an IP address associated with it to be some sort of an IoT device, though not all of them are problems. The ones... | |||
|
2017-02-08 08:27:19 | Fortinet at RSA 2017 (lien direct) | We are proud to be a Gold Sponsor at this year's RSA event. We are located at Booth# 3627 in the North Hall. This year we will have an in-booth theater featuring Fortinet experts presenting on such topics as enterprise FW, cloud security, FortiGuard, Advanced Threat Protection, and our Security Operations Center solution. The theater will also feature presentations from a number of our Fabric-Ready Partners showcasing the unique interoperability, scope, and flexibility of the Fortinet Security Fabric. | |||
|
2017-02-07 11:53:16 | Cloud is the New Normal: The Challenge of Securing Workloads in the Cloud – Are You Ready? (lien direct) | Microsoft Ignite – Australia – Gold Coast Convention and Exhibition February 14-17th https://msftignite.com.au/ Is cloud the new normal for your enterprise? Are you moving more and more applications into the cloud? Have you asked yourself how you are securing your data in this new world of cloud? Scalability and flexibility are the key drivers of Cloud networking and computing. With more and more business transitioning to public cloud environments, the cloud is becoming an increasingly attractive target for hackers... | |||
|
2017-02-06 15:07:32 | Byline: Protecting Connected Cars (lien direct) | I recently bought a new car with all the bells and whistles. It warns me if I stray out of my lane. It warns me if there is a car in my blind spot. It has adaptive cruise control that slows down if a car pulls in front of me. When I back up, it alerts me of cross traffic, even pedestrians and dogs. It monitors road conditions and automatically enables all-wheel drive if roads are wet or conditions are cold or icy. And that's just the start. It has collision detection, and automatic braking, and a fully connected entertainment and communications... | |||
|
2017-02-06 13:36:10 | The Analysis of ISC BIND Response Authority Section RRSIG Missing DoS (CVE-2016-9444) (lien direct) | Domain Name System Security Extensions (DNSSEC) secures the Domain Name System (DNS), right? Yes, but that's not the whole story. DNSSEC can also introduce troubles into your DNS server. Recently, a BIND bug caused by a missing RRSIG record, which is a part of DNSSEC, was fixed by a patch from the Internet Systems Consortium (ISC). This bug affects all versions of BIND recursive servers, and can cause a denial of service (DoS.) This potential DoS vulnerability is caused by a RUNTIME CHECK error in Resolver.c when handling the DNS... | |||
|
2017-02-06 13:34:17 | Watch Out For Fake Online Gaming Sites And Their Malicious Executables (lien direct) | Every year during holiday seasons, the number of phishing websites increases. This is particularly true for online gaming distribution platforms. In some cases, users not only have their login credentials stolen, but they also end up downloading and executing malicious executables. As expected, the more popular a platform is, the more targeted it will be, which is why this research blog focuses on two malware samples obtained from fake Origin and Steam websites. Figure 1. Fake Origin phishing website Origin Malware Sample In addition... | |||
|
2017-02-06 09:45:43 | Q&A: Predicted Threats to the Healthcare Industry in 2017 (lien direct) | Fortinet recently sat down with Derek Manky, Global Security Strategist at Fortinet, to learn about the biggest cybersecurity threats to healthcare in 2017. | |||
|
2017-02-03 08:30:59 | Fortinet\'s Partnership with the NHS Alliance in the UK – a Q&A (lien direct) | At a time when the UK's National Health Service (NHS) faces increasing cyber threats, Fortinet has partnered with the new NHS Alliance to help raise awareness of these threats and better protect our health service moving forwards. Launched in 1948, the NHS has provided free health care, at the point of need, to residents of England, Northern Ireland, Scotland, and Wales for more than 65 years. Over the years, the NHS has faced many challenges and adversities, with cyber crime being one of the latest and most topical. Like most healthcare... | |||
|
2017-02-02 01:53:09 | A Closer Look at Sage 2.0 Ransomware along with Wise Mitigations (lien direct) | Sage 2.0 is the new kid on an already crowded block of ransomware, demanding hefty ransom of 2.22188 bitcoins (roughly 2000 USD) per infection. We have recently begun seeing this malware being distributed by the same malicious spam campaigns that serve better-known ransomware families, such as Cerber and Locky. In this article we will take a closer look at some notable characteristics of this new threat, and provide some simple ways to mitigate it. Spam Campaign Sage ransomware has been seen spreading through the usual spam email channels... | |||
|
2017-02-01 16:59:45 | Ransomware And The Boot Process (lien direct) | Since its discovery in early 2016, we have tracked a number variations of Petya, a ransomware variant famous for multi-stage encryption that not only locks your computer, but also overwrites the Master Boot Record. Petya continues to persist, and in this blog we will take a deeper look at its more complex second stage of attack. Petya overwrites the Master Boot Record (MBR), along with its neighboring sectors using its boot code and a small kernel code. The MBR contains the master boot code, the partition table,... | |||
|
2017-01-31 07:23:06 | Innovation Insights: Defining and Securing IoT (lien direct) | Sometimes it's helpful to characterize the IoT with some more precision; I like to place them in three categories. The first, Consumer IoT, which includes the connected devices we are most familiar with, such as smart phones, watches, and connected appliances and entertainment systems. The other two, Commercial IoT and Industrial IoT, are made up of things many of us never see. Commercial IoT includes things like inventory controls, device trackers, and connected medical devices, and the Industrial IoT covers... | |||
|
2017-01-30 18:58:30 | Saudi Organizations Targeted by Resurfaced Shamoon Disk-Wiping Malware (lien direct) | FortiGuard is currently investigating a new wave of attacks targeting kingdom of Saudi Arabia organizations that use an updated version of the Shamoon malware (also known as DistTrack.) We described this malware in detail a few months ago in a previous article. The key features of that version remain the same, yet some voluntary changes are taking place: Images used. Shamoon still overwrites files with an image of the drowned Syrian toddler Alan Kurdi, but this time the picture size is different. In November 2016 it was using a picture... | |||
|
2017-01-30 08:54:25 | Not Concerned About Web Application Attacks in Financial Services? Well, You Should Be (lien direct) | IT teams in the financial services industry have historically invested in, and deployed, web application firewalls (WAFs) to comply with Payment Card Industry Data Security Standards (PCI DSS). However, many of today's data security professionals recognize that unprotected web applications have become attractive targets for cybercriminals looking for easy entry points into their networks. In fact, according to recent data, 83 percent of enterprise IT executives believe application security is critical to their IT strategy. Additionally,... | |||
|
2017-01-27 12:29:28 | CISO Customer Panel - Accelerate 2017 (lien direct) | I recently wrote about the general sessions held on the first day of Fortinet's Accelerate 2017. There was so much great information presented that I couldn't do justice to it in the general overview I posted of the morning's events. So I wanted to take a few minutes and provide some deeper information around one of the best sessions of the day – the customer panel. | |||
|
2017-01-27 09:47:24 | Multiple XSS Vulnerabilities Discovered In IBM Infosphere BigInsights (lien direct) | Summary Last year, I discovered and reported two Cross-Site Scripting (XSS) vulnerabilities in IBM's Infosphere BigInsights. This week, IBM released a security bulletin which contains the fix for these vulnerabilities. CVE numbers CVE-2016-2924 and CVE-2016-2992 are assigned to them respectively. InfoSphere BigInsights is an analytics platform for analyzing massive volumes of unconventional data in its native format. The software enables advanced analysis and modeling of diverse data, and supports structured, semi-structured, and unstructured... | |||
|
2017-01-27 08:58:22 | Fortinet at HIMSS 2017: Two Sessions to Attend (lien direct) | HIMSS 2017 will be held in Orlando from February 19-23. Read this post to learn about Fortinet's involvement in the convention. | |||
|
2017-01-26 11:17:31 | Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java (lien direct) | Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part II: Analysis of The Scope of Java By Kai Lu  In part I of this blog, we have finished the analysis of native layer and gotten the decrypted secondary dex file. Next, we continue to analysis it. For the sake of continuity, we keep continuous section number and figure number with part I of the blog.   The secondary dex file The following is the decrypted file, which is a jar format file. It is loaded... | |||
|
2017-01-26 10:41:31 | Deep Analysis of Android Rootnik Malware Using Advanced Anti-Debug and Anti-Hook, Part I: Debugging in The Scope of Native Layer (lien direct) | Recently, we found a new Android rootnik malware which uses open-sourced Android root exploit tools and the MTK root scheme from the dashi root tool to gain root access on an Android device. The malware disguises itself as a file helper app and then uses very advanced anti-debug and anti-hook techniques to prevent it from being reverse engineered. It also uses a multidex scheme to load a secondary dex file. After successfully gaining root privileges on the device, the rootnik malware can perform several malicious behaviors, including app and ad... | |||
|
2017-01-26 10:21:07 | 2017 Cybersecurity Predictions for Financial Services: What to Watch For (lien direct) | As technology within the financial services industry continues to evolve, so too does the threat landscape. Fortinet offers cybersecurity predictions for 2017. | |||
|
2017-01-25 09:49:32 | The Analysis of ISC BIND NSEC Record Handling DoS (CVE-2016-9147) (lien direct) | The latest patch for BIND from the Internet Systems Consortium (ISC) fixes a NESC record-related bug. Remote BIND recursive servers may crash when attempting to handle the specifically-crafted query response with NESC record sent by attackers, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by a RUNTIME CHECK error in Resolver.c when caching the DNS response with NSEC Record. In this post we will examine the BIND source codes and expose the root cause of this vulnerability. The NSEC record (record type... | |||
|
2017-01-23 08:13:52 | The Move to Consolidation and Integration: Simplifying Security in Financial Services (lien direct) | In meeting with large financial institutions, the single biggest thing we keep hearing about is the need to simplify and consolidate their security infrastructure. As Financial Services has evolved from person-to-person transactions to a fully digital business model, the industry's networks have evolved as well, become increasingly complex and more difficult to defend. During this evolution, as new threats have emerged, financial organizations have gone out and purchased a host of different security products, often from different vendors,... | |||
|
2017-01-20 10:04:06 | Linux Gafgyt.B!tr Exploits Netcore Vulnerability (lien direct) | Over the past few months we have seen a lot of malware activity around the Netcore vulnerability, so we decided to take closer look at its exploitation. The following screen shot shows attack traffic captured through Wireshark. Figure 1 Figure 2 shows a quick enumeration of the sample. (There are different versions of the sample for several architectures. We chose to analyze the MIPS one) Figure 2 My analysis shows that this sample is a variant of the Gafgyt family, with some changes which I will discuss in detail later in this... | |||
|
2017-01-18 09:39:55 | Analysis of ISC BIND TKEY Query Response Handling DoS (CVE-2016-9131) (lien direct) | Another TKEY record-related bug in BIND has been fixed with a patch from the Internet Systems Consortium (ISC) that was released just after the New Year. This bug may take down BIND recursive servers by sending a simple query response with TKEY record, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by an assertion failure in Resolver.c when caching the DNS response with TKEY Record. In this post we will analyze the BIND source codes and expose the root cause of this vulnerability. The TKEY record... | |||
|
2017-01-17 15:01:48 | Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player (lien direct) | Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is a memory corruption vulnerability found in Flash Player's engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom... | |||
|
2017-01-16 16:06:46 | Android Locker Malware uses Google Cloud Messaging Service (lien direct) | Last month, we found a new android locker malware that launches ransomware, displays a locker screen on the device, and extorts the user to submit their bankcard info to unblock the device. The interesting twist on this ransomware variant is that it leverages the Google Cloud Messaging (GCM) platform, a push notification service for sending messages to registered clients, as part of its C2 infrastructure. It also uses AES encryption in the communication between the infected device and the C2 server. In this blog we provide a detailed analysis... | |||
|
2017-01-16 11:09:11 | Accelerate 2017 Update General Sessions Overview – Day Two (lien direct) | The second day of Accelerate continued to raise the bar on both content and vision. Here is a quick overview of the general sessions: Opportunities – Phil Quade, Fortinet CISO Phil Quade recently joined Fortinet after three decades of service in the intelligence community, where he most recently served as the head of the Cyber Task Force at the National Security Agency. After examining key trends in the growth of cyber technologies, Phil provided the Accelerate audience with a unique view into where the accelerating transformation of... | |||
|
2017-01-12 09:13:31 | Recognizing Fortinet\'s Partner of the Year Winners (lien direct) | Fortinet just announced the winners of their annual Partner of the Year awards. 2016 continued Fortinet's growth in both revenue and market share, and saw us capture the attention of the security market with our debut of the Fortinet Security Fabric. Our thousands of dedicated partners, who work tirelessly to provide security solutions and services to their customers, has fueled this success. Which is why each year we take the opportunity to thank our entire partner community at our Accelerate conference, and to single out a handful of... | ★★ | ||
|
2017-01-11 09:08:09 | Accelerate 2017 Update General Sessions Overview – Day One (lien direct) | If anyone was unsure of Fortinet's vision for the future of the digital world, or the impact they plan to have on the cybersecurity industry, the first day of Accelerate 2017 left no doubt in anyone's mind. Network Security Evolution– Ken Xie, Fortinet Founder and CEO The morning kicked off with the primary Keynote from Ken Xie, founder and CEO of Fortinet. He started by walking everyone through the transformation of the Internet and networking over the past 40 years, and drove home a couple of critical points: 1. The... | |||
|
2017-01-10 11:57:49 | Innovation Insights: Protecting A Hyperconnected World (lien direct) | People, things, and ideas, connected together by IoT and the cloud, are driving the new digital economy. This new hyperconnected world is not only changing how companies do business, but also how people work, live, and learn. It is changing the world at an unprecedented rate. What does this hyperconnected world look like? It is estimated that by 2020 we will have deployed over 50 billion networked devices and over 20 billion connected IoT endpoints. That is about 4.3 connected devices for every person on the planet. And each of these devices... | |||
|
2017-01-10 07:12:49 | Extending the Security Fabric: FortiOS 5.6 and Intent-Based Network Security (lien direct) | The financial potential of the new digital economy is driving the rapid evolution of today's networks. For decades, the substructure of the network remained relatively unchanged: data traffic was routed from point A to point B over a predictable array of devices, cables, and ports using well established protocols and commands. Over the past couple of years, however, things have begun to change dramatically. Virtualization, Software Defined Networks (SDN), and the cloud have fundamentally changed where data is stored and how it is accessed.... | |||
|
2017-01-10 07:09:44 | Extending the Security Fabric: Refining the Security Operations Center (lien direct) | Monitoring, managing, and protecting the formless scope and scale of today's highly distributed and dynamically changing digital enterprise network is a daunting task for IT and Security Operations Teams. The proliferation of IoT and mobile devices, the convergence of IT and OT, and adoption of cloud-based networking and services is making detection and response to threats increasingly difficult, if not impossible with today's tools. When the network around you is constantly adapting to shifting demands, how do you effectively track... | |||
|
2017-01-08 07:45:54 | Welcome to Accelerate 2017 (lien direct) | Happy New Year! And for those of you heading to Las Vegas, welcome to Accelerate 2017! Every year Fortinet brings together thought leaders, technical experts, and IT professionals to share and learn the latest in network security technology. We're looking forward to welcoming over 1500 partners, users, Fortinet experts, and executives to the Accelerate conference. And for the first time, Fortinet end users have been invited to participate in this annual event. Accelerate always provides a unique opportunity to gain hands-on technical... | Guideline | ||
|
2017-01-06 10:54:59 | The Role of Endpoint Security in Today\'s Healthcare IT Environment (lien direct) | The shift towards deploying and managing a more patient-friendly healthcare environment that includes the myriad of devices being accessed by patients and employees can be very challenging, especially when it comes to endpoint security. | |||
|
2017-01-05 13:12:04 | Analysis of PHPMailer Remote Code Execution Vulnerability (CVE-2016-10033 (lien direct) | PHP is an open source, general-purpose scripting language used for web development that can also be embedded into HTML. It has over 9 million users, and is used by many popular tools, such as WordPress, Drupal, Joomla!, and so on. This week, a high-level security update was released to fix a remote code execution vulnerability (CVE-2016-10033) in PHPMailer, which is an open source PHP library for sending emails from PHP websites. This critical vulnerability is caused by class.phpmailer.php incorrectly processing user requests. As a result, remote... | |||
|
2017-01-05 08:09:42 | IoT is the Weakest Link for Attacking the Cloud (lien direct) | The cloud has seen immense growth over the last couple of years. But the security risks that arise from such a profound change are not to be taken lightly. |
To see everything:
Our RSS (filtrered)
