Microsoft releases updates to fix bug that froze systems when IIS handled malformed HTTP/2 requests. The Microsoft Security Response Center published yesterday a security advisory about a denial of service (DOS) issue impacting IIS (Internet Information Services), Microsoft's web server technology. According to Microsoft, IIS servers shipped with Windows 10 and Windows Server 2016 are impacted by a vulnerability when processing HTTP/2 requests. Source: ZDNet
Read moreGroup FaceTime calls on the iPhone and other Apple products are still not working properly, after the company rushed to fix a major bug. Earlier this month, it emerged that it was possible to listen in on people through their iPhone by exploiting a bug in FaceTime, the app used to make audio and video calls over the internet. By adding someone into a group conversation, their phone would start ringing – and during that entire...
Read morePrivacy warriors have filed fresh evidence in their ongoing battle against real-time web ad exchange systems, which campaigners claim trample over Europe's data protection laws. The new filings – submitted today to regulators in the UK, Ireland, and Poland – allege that Google and industry body the Interactive Advertising Bureau (IAB) are well aware that their advertising networks' business models flout the EU's privacy-safeguarding GDPR, and yet are doing nothing about it. The IAB, Google – which is...
Read moreThe majority of vulnerabilities in 2018 were associated with network vulnerabilities, while less than 20% were associated with web applications and APIs, according to the fourth annual Vulnerability Stats Report from edgescan. When it comes to breaches, though, web application security remains the area of greatest risk. “The percentage of high and critical risks combined, compared to all discovered risks is still high at 19.2% for public internet-facing (external) applications and 24.9% for non-public or internal applications,”...
Read moreMicrosoft has expanded the reach of its cyber security service for political organisations in Europe, after detecting a fresh wave of attacks from Russian hackers. The firm's vice president for customer security and trust Tom Burt said Microsoft's Threat Intelligence Centre (MSTIC) had discovered attacks on employees of the German Council of Foreign Relations, and European offices of the Aspen Institute and the German Marshall Fund. Source: CityAM
Read moreThousands of websites are being hit by cyber-thieves who implant code to scoop up payment card numbers, research suggests. Security giant Symantec found more than 4,800 websites were being hit by these "form-jacking" attacks every month. High-profile victims of these attacks include airline BA and Ticketmaster. Online crime groups had turned to the attacks as other more established techniques proved less and less lucrative, Symantec said. Source: BBC
Read moreOrganisations and governments are progressively putting resources into enhancing their cyber security conventions as the recurrence of attacks rises. Actually, every one of them is attempting to remain on track against the most recent cyber-attacks, yet there are a few nations committing most to cyber security. Source: Analytics Insight
Read moreA third of workers used own email for work, and 24% shared files with family and friends. Employees are still the weak link in the security system, with poor habits that potentially put organisations at risk of critical data and intellectual property loss, and severe legal and reputational repercussions, new research from Microsoft has found. Source: Irish Times
Read moreLandMark White has claimed that the data inadvertently leaked by the property valuation firm and subsequently posted on a ‘darkweb’ forum is “relatively benign”. Earlier this month the ASX-listed company revealed details of a data breach. It subsequently entered a trading halt to assess the impact on its business, after major banks paused their use of its services. Source: ComputerWorld
Read moreAustralia’s major political parties have been targeted by a “sophisticated state actor”, according to Scott Morrison, as part of a breach of the Parliament House computer network. The head of the Australian Cyber Security Centre, Alistair MacGibbon, says agencies were unsure what material had been taken in the incident because the rapid remediation efforts had removed some of the forensic evidence. Source: Guardian
Read more