Security Alerts & News
by Tymoteusz A. Góral

History
#1529 Cisco warns of critical flaw in email security appliances
Cisco Systems released a critical security bulletin for a vulnerability that allows remote unauthenticated users to gain complete control of its email security appliances. The vulnerability is tied to Cisco’s IronPort AsyncOS operating system.

isco first issued a security bulletin last week for the IronPort AsyncOS, but on Wednesday updated that alert with more information including a software update that addresses the security flaw. Cisco also indicated a workaround exists that can halt remote access to affected email appliances.

Cisco says the vulnerability (CVE-2016-6406) is tied to the presence of the company’s own internal testing and debugging interface; accessible on the IronPort AsyncOS operating system. “An attacker could exploit this vulnerability by connecting to this testing and debugging interface. An exploit could allow an attacker to obtain complete control of an affected device with root-level privileges,” Cisco explains.
#1528 The psychological reasons behind risky password practices
Despite high-profile, large-scale data breaches dominating the news cycle – and repeated recommendations from experts to use strong passwords – consumers have yet to adjust their own behavior when it comes to password reuse.

A Lab42 survey, which polled consumers across the United States, Germany, France, New Zealand, Australia and the United Kingdom, highlights the psychology around why consumers develop poor password habits despite understanding the obvious risk, and suggests that there is a level of cognitive dissonance around our online habits.
#1527 Backdoored DLink router should be trashed, researcher says
A researcher who found a slew of vulnerabilities in a popular router said it’s so hopelessly broken that consumers who own them should throw them away.

Pierre Kim said attackers could easily exploit the vulnerabilities and use the device as a spamming zombie or a man-in-the-middle tool. “I advise users to trash their routers because it’s trivial for an attacker to use this router as an attack vector,” Kim said.
#1526 ‘Money Mule’ gangs turn to Bitcoin ATMs
Fraudsters who hack corporate bank accounts typically launder stolen funds by making deposits from the hacked company into accounts owned by “money mules,” willing or unwitting dupes recruited through work-at-home job scams. The mules usually are then asked to withdraw the funds in cash and wire the money to the scammers. Increasingly, however, the mules are being instructed to remit the stolen money via Bitcoin ATMs.
#1525 Data breach statistics 2016: First half results are in
So far, 2016 hasn’t been great in terms of data breach statistics. Based on newly released findings from the Breach Level Index (BLI), there were 974 publicly disclosed data breaches in the first half of 2016, which led to the successful theft or loss of 554 million data records.
#1524 Meet Apache Spot, a new open source project for cybersecurity
Hard on the heels of the discovery of the largest known data breach in history, Cloudera and Intel on Wednesday announced that they've donated a new open source project to the Apache Software Foundation with a focus on using big data analytics and machine learning for cybersecurity.

Originally created by Intel and launched as the Open Network Insight (ONI) project in February, the effort is now called Apache Spot and has been accepted into the ASF Incubator.

"The idea is, let's create a common data model that any application developer can take advantage of to bring new analytic capabilities to bear on cybersecurity problems," Mike Olson, Cloudera co-founder and chief strategy officer, told an audience at the Strata+Hadoop World show in New York. "This is a big deal, and could have a huge impact around the world."
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12