Security News

• No recent updates.

• Salesforce Woes Linger as Admins Clean Up After Service Outage
  An accidental permissions snafu caused a massive outage for all Salesforce customers that continues to affect some businesses.
  
• Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws
  A lot of thought and meaning goes into the naming of infamous CPU side channel flaws, like ZombieLoad, Spectre and Meltdown.
  
• Slack Bug Allows Remote File Hijacking, Malware Injection
  An attacker can supply a malicious hyperlink in order to secretly alter the download path for files shared in a Slack channel.
  
• ZombieLoad: How Intel’s Latest Side Channel Bug Was Discovered and Disclosed
  Daniel Gruss, the researcher behind Spectre, Meltdown - and most recently, ZombieLoad - Intel CPU side channel attacks, gives an inside look into how he discovered the flaws.
  
• WordPress WP Live Chat Support Plugin Fixes XSS Flaw
  A cross-site scripting flaw in a popular WordPress plugin enables an unauthenticated attacker to insert JavaScript payloads into impacted websites.
  
• Ransomware ‘Remediation’ Firm Exposed: Researchers Weigh in on Paying
  The decision to pay a ransom in the case of a ransomware attack can be a complex one for businesses.
  
• How Decoding Network Traffic Can Save Your Data Bacon
  The importance of reading the network tealeaves of a company’s network traffic to head off an attack.
  
• News Wrap: WhatsApp, Microsoft, Intel and Cisco Flaws
  From a zero day flaw in WhatsApp, to Patch Tuesday fixes, Threatpost breaks down the top vulnerabilities of this week.
  
• Mobile Risks Boom in a Post-Perimeter World
  The bloom is on mobile, whether it be the enterprise, employees or the cybercriminals plotting new ways to slip past a corporate defenses in a post-parameter world.
  
• Forbes Becomes Latest Victim of Magecart Payment Card Skimmer
  The web skimming script was recently found stealing payment data on the websites of Forbes Magazine as well as seven others.