Home Tags Insecure

Tag: insecure

VMware Patches Multiple Security Issues in Workstation

VMware fixed two bugs in its VMware Workstation late Thursday night, including an insecure library loading vulnerability and a NULL pointer dereference vulnerability.

Windows 10 tip: Stop using the horribly insecure SMBv1 protocol

For years, Microsoft has been recommending that you disable the vulnerable SMBv1 protocol.

The recent WannaCry ransomware outbreak underscores the need to take this important step. Here's how.

Microsoft finally bans SHA-1 certificates in Internet Explorer, Edge

The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure.

The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005.

The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.To read this article in full or to leave a comment, please click here

Paranoid Android: Antivirus app-makers resolve MitM vulnerability

Attack loophole in Panda app sealed An Android anti-malware application from Panda Mobile Security has been updated after researchers discovered that an insecure update mechanism left users vulnerable to man-in-the-middle attacks.…

Intercede announces Secure Login for WordPress

RapID Secure Login enables WordPress users to easily access their accounts without insecure and cumbersome passwords Lutterworth, England/Reston, VA, 8th May 2017 – Today, digital identity and credentials expert, Intercede announced the launch of RapID Secure Login (RapID-SL), a Plugin for WordPress that enables administrators and subscribers to log into websites and blogs with fingerprints instead of usernames and passwords.

By eliminating the use of insecure passwords, users are provided with superior usability and more... Source: RealWire

How to remote hijack computers using Intel’s insecure chips: Just use...

Exploit to pwn systems using vPro and AMT now public You can remotely commandeer and control workstations and servers that use vulnerable Intel chipsets – by sending them empty authentication strings.…

Microsoft’s novel approach to securing IoT

One of the main problems facing industrial internet of things deployments is that perennial issue: security. When you’re deploying and managing hundreds or thousands of devices around an organization, how can you ensure that your devices are running the right firmware, are running the right software, or even that they’re communicating with the right servers? You have only to browse Shodan, a search engine for unsecured IoT hardware endpoints, to see how insecure the devices used to build our future on have become.It’s no surprise then that Microsoft is talking about its latest updates to Azure’s IoT tools, focusing on securing and managing devices. More important, it’s testing a novel approach to IoT security that could change the game enough to remove the brakes from IoT deployments.To read this article in full or to leave a comment, please click here

Google Chrome to Mark More HTTP Pages as Insecure Later This...

HTTP pages that accept any kind of user data will be marked as "Not secure" starting in October, the company says.

Facebook helped advertisers target teens who feel “worthless”

Leaked 2017 document reveals FB Australia's intent to exploit teens' words, images.

Punching holes in nomx, the world’s “most secure” communications protocol

Extraordinary claims require extraordinary proof, and nomx implodes under scrutiny.

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution...

Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.

FBI allays some critics with first use of new mass-hacking warrant

Judge authorized order allowing US to change data in thousands of infected devices.