Our new weekly security roundup series covers the week’s trending topics in the world of information security. In this compilation, we’ll let you know of the latest announcements, reports and controversies that the industry has been talking about recently. Here’s what you don’t want to miss from the week of July 27, 2015: A major password-reset...

Black Hat USA – one of the most anticipated security events of the year, and recently ranked among our top information security conferences – returns to Las Vegas this August for its 18th year. With an expected 9,000 attendees, this year's conference will offer over 100 briefings on the latest and most innovative security research from industry...

"Honey... Did you make sure you locked the basement door and activated the security system? I can't wait to get to the Big Rock Campground, the kids are going to love the waterslide..." Sound familiar? The majority of new homes today have some sort of physical security system protecting the property while the family is away, but are these security...

Yahoo announced that it has paid security researchers one million dollars as part of its bug bounty program. According to a post written by Ramses Martinez, Senior Director and Interim CISO at Yahoo, the company's bug bounty program, which The State of Security named one of our 11 Essential Bug Bounty Programs in 2015, has shown significant growth...

Apple has patched an application-side input validation web vulnerability in iTunes and the App Store that allowed attackers to inject malicious code into user invoices. The vulnerability received a 'High' severity level and a CVSS rating of 5.8. It allows for session hijacking, persistent phishing attacks, and other malicious activities. Benjamin...

In September of 2014, private photos of a number of celebrities, including Kate Upton and Jennifer Lawrence, were leaked onto the image-based bulletin board 4chan. It was soon discovered that this leak occurred as a result of a brute force attack against Apple's iCloud, which until then had not limited the number of login attempts for each user...

Democratic Senators Ed Markey and Richard Blumenthal introduced on Tuesday new legislation, which would require automakers to adhere to certain standards of protection against privacy and hacking. The new bill, entitled the SPY Car Act, would call on the Federal Trade Commission (FTC) and the National Highway Traffic Safety Administration (NHTSA) to...

Following from a recent post on ‘Escalation of Commitment’, a topic studied by both Economists and Psychologist, I could not resist writing a follow-up to explore the consequences for third parties that do not have the preparation and/or resources of the parties involved in scenarios of escalation of commitment in the IT security field. In the...

Late last week, UCLA Health – the Californian university’s hospital – announced it had suffered a cyber attack on its network, potentially exposing the personal and medical information of nearly 5 million patients. In a statement, the hospital said it had determined the attacker had accessed parts of...

Oracle has released its July 2015 Critical Patch Update that provides fixes for 193 security vulnerabilities, including a zero-day vulnerability recently discovered in Java. According to a post published on Oracle's blog, the update contains patches for a number of applications, such as Oracle Database, for which there are provided 10 security fixes...

Today’s VERT Alert addresses 14 new Microsoft Security Bulletins. VERT is actively working on coverage for these bulletins in order to meet our 24-hour SLA and expects to ship ASPL-623 on Wednesday, July 15th. MS15-058 SQL Server Elevation of Privilege Vulnerability CVE-2015-1761 SQL Server Remote Code Execution...

Mozilla has blocked every version of Adobe Flash Player running in its Firefox web browser and will continue to do so until Adobe has patched certain publicly known security vulnerabilities. Firefox users who seek to view videos, adverts, and other Flash-based content will now be required to dismiss a warning that reads, "Flash is known to be...

Yet another zero-day Flash exploit has been found in the massive data dump that is the result of a major compromise of Italian espionage software maker Hacking Team. Vulnerabilities CVE-2015-5122 and CVE-2015-5123 are similar to the previous Flash vulnerability (CVE-2015-5119 ) found in the Hacking Team arsenal CVE-2015-5119, however there is...

A cyber attack on the United States power grid, causing outages and damage to infrastructure, could have a major impact on the country’s economy, costing up to $1 trillion in the most extreme scenario. A recent report, produced by the University of Cambridge’s Centre for Risk Studies and Lloyd’s of London insurance, outlines the potential implications...

Earlier this year, the PCI Security Standards Council officially released PCI DSS 3.1 only months after its predecessor (version 3.0) came into effect. With a typical three-year period between standard revisions, the out-of-band update caught many off guard, especially organizations still in the process of complying with the changes from the...

OpenSSL has released an advisory urging users to update their systems in the wake of a high-severity alternative chains certificate forgery bug. "During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails," the advisory...

Cisco has released a patch for a password vulnerability that was recently discovered in its Unified Communications Domain Manager (Unified CDM) Platform Software. According to a security advisory released by the company, "A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote...

Commercial Virtual Private Network (VPN) services, claiming to provide users enhanced privacy and anonymity, may not be as secure as users think. A group of researchers from Queen Mary University of London and the University of Rome disclosed their findings today, revealing that many of the most widely used VPN services are susceptible to DNS...

The Magnitude exploit kit (EK) is leveraging a recently patched zero-day vulnerability found in Adobe Flash Player to drop CryptoWall ransomware. Early last week, Adobe released a security update for the critical vulnerability CVE-2015-3113, which affects Windows, Macintosh, and Linux. If unpatched, the flaw allows for an attacker to take control of...

Cisco has released patches for SSH keys vulnerabilities affecting several of its virtual appliances. The vulnerabilities were discovered during internal security testing and have been found to affect Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv). ...