Windows Search Bug Worth Watching, and Squashing

Patches are available—and should be applied—that address a critical vulnerability in Windows Search that some are calling the next WannaCry. Others aren’t so ready to do that. Continue reading Windows Search Bug Worth Watching, and Squashing

Insurance regulators pitched on FICO-style score for cybersecurity

In the fast growing cybersecurity insurance market, underwriters face a uniquely complex problem — measuring or estimating the risk their policy-holders face from cybercrooks, online spies and other hackers. The insurance industry “doesn’t have … a set of baseline tools or metrics … to quantify their customers’ risks,” Anand Paturi, vice president of security research and engineering at RiskSense told CyberScoop. In life insurance for instance, depending on the value of the policy, risk might be measured by reference to actuarial tables which predict life expectancy, or by a medical examination measuring a wide range of physical risk factors. “That [risk] data is how you set the price of the policy,” he explained. But, in a presentation Monday to the National Association of Insurance Commissioners 2017 National Meeting, Paturi argued that the question is much more complicated in cybersecurity. He gave as an example the potentially massive losses from the WannaCry and Petya outbreaks earlier this year. In […]

The post Insurance regulators pitched on FICO-style score for cybersecurity appeared first on Cyberscoop.

Continue reading Insurance regulators pitched on FICO-style score for cybersecurity

Windows SMB Zero Day to Be Disclosed During DEF CON

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON. Continue reading Windows SMB Zero Day to Be Disclosed During DEF CON

Windows 10 Mitigations Make Future EternalBlue Attacks Difficult

Now that researchers have built a port of EternalBlue to Windows 10, they’ve probably only now caught up to what the NSA has had for a long while. Continue reading Windows 10 Mitigations Make Future EternalBlue Attacks Difficult

NSA’s EternalBlue Exploit Ported to Windows 10

Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack. Continue reading NSA’s EternalBlue Exploit Ported to Windows 10

New infosec products of the week​: January 27, 2017

Prevent DNS-based data exfiltration and detect malware Delivered as a service, Infoblox ActiveTrust Cloud addresses the needs of global enterprises with a mobile workforce and growing branch offices which often don’t have dedicated IT staff or adequate security measures in place. The new solution provides protection for devices on or off the premises, prevent DNS-based data exfiltration, automatically stops device communications with command-and-control servers, and allows rapid investigation of threats. Aegis Secure Key 3z hardware-encrypted … More Continue reading New infosec products of the week​: January 27, 2017