Friday, March 31, 2017

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

Threat Round-up for Mar 24 – Mar 31

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WikiLeaks Reveals 'Marble' Source Code that CIA Used to Frame Russia and China


WikiLeaks published hundreds of more files from the

Vault 7 series

today which, it claims, show how CIA can mask its hacking attacks to make it look like it came from other countries, including Russia, China, North Korea and Iran.

Dubbed "

Marble

," the part 3 of CIA files contains

676 source code files

of a secret anti-forensic Marble Framework, which is basically an obfuscator or a packer used to hide the true source of CIA malware.

The CIA's Marble Framework tool includes a variety of different algorithm with foreign language text intentionally inserted into the malware source code to fool security analysts and falsely attribute attacks to the wrong nation.

The leaked files indicate that the Marble's source code includes Chinese, Russian, Korean, Arabic and Farsi languages, as well as English, which shows that the CIA has engaged in clever hacking games.

"Marble is used to hamper[ing] forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA," says the whistleblowing site.

"...for example by pretending that the spoken language of the malware creator was not American English, but Chinese, but then showing attempts to conceal the use of Chinese, drawing forensic investigators even more strongly to the wrong conclusion," WikiLeaks explains.

The released source code archive also contains a deobfuscator to reverse CIA text obfuscation.

Since the Marble framework has now been made public, forensic investigators and anti-virus firms would be able to connect patterns and missing dots in order to reveal wrongly attributed previous cyber attacks and viruses.

So far, Wikileaks has revealed the "

Year Zero

" batch which uncovered

CIA hacking exploits

for and security bugs in popular hardware and software, and the "

Dark Matter

" batch which focused on exploits and hacking techniques the agency designed to target iPhones and Macs.

While WikiLeaks suggests that Marble was in use as recently as 2016, the organization does not provide any evidence to back this claim. Experts are still analyzing the Marble release, so there's no need to get too excited at this moment.

The White House has condemned the revelations made by Wikileaks, saying that those responsible for leaking classified information from the agency should be held accountable by the law.



from The Hacker News http://ift.tt/2oqb8Yg

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

Laptops and tablets banned? Here's how to stay productive in flight

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

IBM Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)

IBM Flex System Chassis Management Module (CMM) has addressed the following vulnerabilities.

CVE(s): CVE-2016-6318, CVE-2015-8605, CVE-2016-2774, CVE-2012-0876, CVE-2012-1147, CVE-2012-1148, CVE-2016-6313, CVE-2016-1000212

Affected product(s) and affected version(s):

Product Affected Version
IBM Flex System Chassis Management Module (CMM) 2PET

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2oppAA5
X-Force Database: http://ift.tt/2opoMes
X-Force Database: http://ift.tt/1TJL4PN
X-Force Database: http://ift.tt/1Vw2QKZ
X-Force Database: http://ift.tt/2aA9yyg
X-Force Database: http://ift.tt/2az7wLo
X-Force Database: http://ift.tt/2aAaouW
X-Force Database: http://ift.tt/2j0JmCQ
X-Force Database: http://ift.tt/2dv9kwS

The post IBM Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2oppAQB

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

IBM Security Bulletin: Vulnerabilities in ntp, libxml2, openssh, sqlite and python-base affect IBM BladeCenter Advanced Management Module (AMM)

IBM BladeCenter Advanced Management Module (AMM) has addressed the following vulnerabilities.

CVE(s): CVE-2016-4953, CVE-2016-4954, CVE-2016-4955, CVE-2016-4956, CVE-2016-4957, CVE-2015-8806, CVE-2016-3627, CVE-2016-4447, CVE-2016-4483, CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-6153, CVE-2016-0772, CVE-2016-5699, CVE-2016-1000110

Affected product(s) and affected version(s):

Product Affected Version
IBM BladeCenter Advanced Management Module (AMM) BPET

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2nr5sMX
X-Force Database: http://ift.tt/29qo5wa
X-Force Database: http://ift.tt/29qoU8g
X-Force Database: http://ift.tt/29hph1s
X-Force Database: http://ift.tt/29qopvc
X-Force Database: http://ift.tt/29hpzoT
X-Force Database: http://ift.tt/2dmXfFU
X-Force Database: http://ift.tt/2b1F6Qx
X-Force Database: http://ift.tt/29qofDU
X-Force Database: http://ift.tt/2cX854V
X-Force Database: http://ift.tt/2c8WB0w
X-Force Database: http://ift.tt/2bZYLgC
X-Force Database: http://ift.tt/2c8Vyh9
X-Force Database: http://ift.tt/2fVEdaJ
X-Force Database: http://ift.tt/2dv9ofZ
X-Force Database: http://ift.tt/2dNq4KV
X-Force Database: http://ift.tt/2dv8GPN

The post IBM Security Bulletin: Vulnerabilities in ntp, libxml2, openssh, sqlite and python-base affect IBM BladeCenter Advanced Management Module (AMM) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2nqZTya

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

Cisco Securely Connects the Rio 2016 Olympic Games

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL and Samba affects IBM Netezza Host Management

Open Source OpenSSL and Samba are used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVEs

CVE(s): CVE-2017-3731, CVE-2017-3732, CVE-2016-2126, CVE-2016-2125

Affected product(s) and affected version(s):

IBM Netezza Host Management 5.2.1.0 – 5.4.10.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2nqWdMQ
X-Force Database: http://ift.tt/2knsB3D
X-Force Database: http://ift.tt/2kDymIW
X-Force Database: http://ift.tt/2k8JxsZ
X-Force Database: http://ift.tt/2jmyxeh

The post IBM Security Bulletin: Multiple vulnerabilities in Open Source OpenSSL and Samba affects IBM Netezza Host Management appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2mVMeCT

IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center

Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center (October 2016 CPU and January 2017 CPU)

CVE(s): CVE-2016-5548, CVE-2016-5549, CVE-2016-5547, CVE-2017-3259, CVE-2016-2183, CVE-2016-5542

Affected product(s) and affected version(s):

IBM Control Center 6.1.0.0 through 6.1.0.1 iFix03
IBM Control Center 6.0.0.0 through 6.0.0.1 iFix08
IBM Sterling Control Center 5.4.2 through 5.4.2.1 iFix10

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mVDfSc
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2msIPqs
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2e5s2Ku

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling Control Center appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2nr0T58

IBM Security Bulletin: Multiple vulnerabilities in IBM® Java Runtime affect IBM Cognos Command Center

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates in October 2016 and January 2017.

CVE(s): CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-5597

Affected product(s) and affected version(s):

IBM Cognos Command Center 10.2 All Editions

IBM Cognos Command Center 10.2.1 All Editions

IBM Cognos Command Center 10.2.2 All Editions

IBM Cognos Command Center 10.2.3 All Editions

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mVFvc9
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2lA4akm
X-Force Database: http://ift.tt/2msBF5I
X-Force Database: http://ift.tt/2lAx183
X-Force Database: http://ift.tt/2msD77U
X-Force Database: http://ift.tt/2lAiqcB
X-Force Database: http://ift.tt/2e5pD2s

The post IBM Security Bulletin: Multiple vulnerabilities in IBM® Java Runtime affect IBM Cognos Command Center appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2mVC7y4

IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Cognos Controller

This bulletin addresses several security vulnerabilities. OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM Cognos Controller. IBM Cognos Controller has addressed the applicable CVEs. There are multiple vulnerabilities in IBM® WebSphere Application Server Liberty. Liberty is used by IBM Cognos Controller version 10.2.1. These issues were disclosed as part of the IBM WebSphere Application Server Liberty updates. IBM Cognos Controller has addressed a vulnerability with Apache CommonsFileUpload affecting IBM Cognos Controller version 10.2.1 .

CVE(s): CVE-2016-0359, CVE-2016-6302, CVE-2016-6304, CVE-2016-6305, CVE-2016-6303, CVE-2016-2182, CVE-2016-2180, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-2181, CVE-2016-2183, CVE-2016-6309, CVE-2016-7052, CVE-2016-3092, CVE-2016-5983, CVE-2016-5986

Affected product(s) and affected version(s):

IBM Cognos Controller 10.1.0

IBM Cognos Controller 10.1.1

IBM Cognos Controller 10.2.0

IBM Cognos Controller 10.2.1

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2mVySGJ
X-Force Database: http://ift.tt/28YBUiZ
X-Force Database: http://ift.tt/2dR4fNY
X-Force Database: http://ift.tt/2dmY7tO
X-Force Database: http://ift.tt/2dR3XX1
X-Force Database: http://ift.tt/2dmXjFz
X-Force Database: http://ift.tt/2dR45pA
X-Force Database: http://ift.tt/2dmWOvf
X-Force Database: http://ift.tt/2aPXjQq
X-Force Database: http://ift.tt/2asKHex
X-Force Database: http://ift.tt/2dR5fBu
X-Force Database: http://ift.tt/2dmYpRr
X-Force Database: http://ift.tt/2dR3Smm
X-Force Database: http://ift.tt/2dmYa8Y
X-Force Database: http://ift.tt/2dmXLUk
X-Force Database: http://ift.tt/2dR3VyC
X-Force Database: http://ift.tt/2fn8D82
X-Force Database: http://ift.tt/2dTp6vD
X-Force Database: http://ift.tt/2bozrA8
X-Force Database: http://ift.tt/2cX6Wuu
X-Force Database: http://ift.tt/2ccJKps

The post IBM Security Bulletin: Multiple vulnerabilities have been identified in IBM Cognos Controller appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team http://ift.tt/2nqMtlI

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

CASB Is Eating the IDaaS Market

By Rich Campagna, Senior Vice President/Products & Marketing, Bitglass

In the past 6-9 months, I’ve noticed a trend amongst Bitglass customers where more and more of them are opting to use the identity capabilities built into our CASB in lieu of a dedicated Identity as a Service (IDaaS) product. As CASB identity functionality has evolved, there is less need for a separate, standalone product in this space and we are seeing the beginnings of CASBs eating the IDaaS market.

A few years back, Bitglass’ initial identity capabilities consisted solely of our SAML proxy, which ensures that even if a user goes direct to a cloud application from an unmanaged device and on a public network, they are transparently redirected into Bitglass’ proxies – without agents!

From there, customer demand lead us to build Active Directory synchronization capability for group and user management, authentication directly against AD, and native multifactor authentication. Next came SCIM support and the ability to provide SSO not only for sanctioned/protected cloud applications, but any application.

So what’s left? If you look at Gartner’s Magic Quadrant for Identity and Access Management as a Service, Worldwide*, Greg Kreizmann and Neil Wynne break IDaaS capabilities into three categories:

  • Identity Governance and Administration – “At a minimum, the vendor’s service is able to automate synchronization (adds, changes and deletions) of identities held by the service or obtained from customers’ identity repositories to target applications and other repositories. The vendor also must provide a way for customers’ administrators to manage identities directly through an IDaaS administrative interface, and allow users to reset their passwords. In addition, vendors may offer deeper functionality, such as supporting identity life cycle processes, automated provisioning of accounts among heterogeneous systems, access requests (including self-service), and governance over user access to critical systems via workflows for policy enforcement, as well as for access certification processes. Additional capabilities may include role management and access certification.”
  • Access – “Access includes user authentication, single sign-on (SSO) and authorization enforcement. At a minimum, the vendor provides authentication and SSO to target applications using web proxies and federation standards. Vendors also may offer ways to vault and replay passwords to get to SSO when federation standards are not supported by the applications. Most vendors offer additional authentication methods — their own or through integration with third-party authentication products.”
  • Identity log monitoring and reporting – “The vendor logs IGA and access events, makes the log data available to customers for their own analysis, and provides customers with a reporting capability to answer the questions, ‘Who has been granted access to which target systems and when?’ and ‘Who has accessed those target systems and when?’”

Check, check, and check! Not only do leading CASBs offer these capabilities as part of their cloud data protection suites, in some cases, they go quite a bit farther. Take logging and reporting for example. An IDaaS product sees login and logout events, but nothing that happens during the session. CASBs can log and report on every single transaction – login, logout and everything in between.

Another example is multifactor authentication. Whereas an IDaaS can trigger MFA at the beginning of a session due to a suspicious context, a CASB can trigger MFA at any time – such as mid-session if a user starts to exhibit risk behaviors.

Since these capabilities have evolved as part of CASBs, which offer comprehensive data protection capabilities for cloud applications, I expect that 2017 will be a year with a lot more enterprises considering CASB platforms for both cloud identity and cloud data protection.

*Magic Quadrant for Identity and Access Management as a Service, Worldwide, Greg Kreizmann and Neil Wynne, 06 June 2016

The post CASB Is Eating the IDaaS Market appeared first on Cloud Security Alliance Blog.



from Cloud Security Alliance Blog http://ift.tt/2ogPMQb

Custom phishing attacks grow as crooks create fake flight confirmations, receipts

Didn't we offer you enough? Google's $350,000 Project Zero prize attracts junk entries

Threat Spotlight: Sundown Matures


Archives



from Cisco Blog » Security http://ift.tt/2oGBapF

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

Telegram Messenger Adds AI-powered Encrypted Voice Calls


Joining the line with rival chat apps WhatsApp, Viber, Facebook Messenger, and Signal, the Telegram instant messaging service has finally rolled out a much-awaited feature for the new beta versions of its Android app:

Voice Calling

.

And what's interesting?

Your calls will be secured by Emojis, and quality will be better using Artificial Intelligence.

No doubt the company brought the audio calling feature quite late, but it's likely because of its focus on security — the voice calls on Telegram are by default based on the same end-to-end encryption methods as its Secret Chat mode to help users make secure calls.

Unlike Signal or WhatsApp, Telegram does not support end-to-end encryption by default; instead, it offers a 'Secret Chat' mode, which users have to enable manually, to completely secure their chats from prying eyes.

However, the voice calling feature in Telegram supports end-to-end encryption by default, enabling users to secure their chats in a way that no one, not even Telegram or law enforcement, can intercept your calls.

Emoji-Based Secure Key Exchange Mechanism

Telegram features an interesting key exchange mechanism to authenticate users and make sure their calls are even more secure: Users are required just to compare four emoji.

While making a call, you will see four emoji on your mobile screen and so the recipient. If the emoji on your screen match the recipient's, your connection is secure!

"The key verification UI we came up with in 2013 to protect against man-in-the-middle attacks served well for Telegram (and for other apps that adopted it), but for Calls, we needed something easier," Telegram said in a blog post published Thursday.

"That's why we've improved the key exchange mechanism. To make sure your call is 100% secure, you and your recipient just need to compare four emoji over the phone. No lengthy codes or complicated pictures!"

Voice Calls — Encrypted, Super-Fast and AI-Powered

What's more? Telegram ensures its users that the audio quality of the voice calls has kept as high as possible by using a peer-to-peer connection, the best audio codecs, and Artificial Intelligence.

Developers say that audio quality of the call is "superior to any of our competitors" by including an AI neural network.

So, each time you make a Voice Call, your Telegram app's AI neural network will optimize dozens of parameters based on technical information of your device and network such as network speed, ping times, packet loss percentage, to adjust the quality of your call and improve future calls on the given device and network.

"These parameters can also be adjusted during a conversation if there's a change in your connection," the company states. "Telegram will adapt and provide excellent sound quality on stable WiFi — or use less data when you walk into a refrigerator with bad reception."
Note:

AI doesn't have access to the contents of the conversation, so your calls are completely secure.

Telegram Offer Complete Control & Video Compression

Unlike WhatsApp and Facebook, Telegram lets you control

"who can and who can't call you with granular precision."

If you don't want anyone bothering you, you can simply switch voice calls off altogether, blocking anyone and even everyone from calling you.

Telegram also offers users direct control over the quality of videos they shared over the platform. You can adjust the compression and see the quality of the video before sending it to your friends.

You can also set the video compression rate as the default setting for all your future video uploads.

Telegram version 3.18 which includes new features, such as Voice Calling, is free to download for iPhone on the

App Store

and Android phone on the 

Google Play Store

.



from The Hacker News http://ift.tt/2ooy0Yp

​Google to users: Keep an eye out for our new sign-in page. It's faster, simpler

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

Samsung Galaxy S8's Facial Unlocking Feature Can Be Fooled With A Photo


Samsung launched its new flagship smartphones, the Galaxy S8 and Galaxy S8 Plus, at its Unpacked 2017 event on Wednesday in New York, with both IRIS and Facial Recognition features, making it easier for users to unlock their smartphone and signing into websites.

All users need to do is simply hold their Galaxy S8 or S8 Plus in front of their eyes or their entire face, as if they were taking a selfie, in order to unlock their phone.

Biometric technology – that involve person's unique identification (ID), such as Retinal, IRIS, Fingerprint or DNA – is now being integrated into more consumer devices for improved security.

But, we have seen a number of hacks involving Biometric security systems in the past, which prove that

fingerprint scanner

and

IRIS scanner

 are less secure than a passcode and can be fooled by anyone, perhaps, using a photograph of the user.

But how secure is the built-in sensor from Samsung to allow for facial recognition? Not so much...at least for now.

I was wondering if the new facial recognition integrated into Samsung's Galaxy S8 and S8 Plus can be fooled into unlocking a device using a photograph of the device owner, and somebody just made it possible.

Video Demonstration

YouTube vlogger iDeviceHelp posted a video on his channel, in which

Marcianotech

demonstrated that unlocking a Galaxy S8 or Galaxy S8 Plus is as simple as getting the device owner's picture from Facebook and waving that photo at the phone.

It is unclear, at this moment, as to how precise the photo used in the demonstration should be compared to the real face? Or at what distance the phone was held from the camera? Or what angle they chose during the registration of the recognition?

But what's clear is the fact that a gap remains in the security system of the Samsung's new facial recognition feature.

The company ha yet to comment on this issue, so we hope that this is because the software is still in a demo state for now, or maybe it is just a bug that Samsung will be addressing before the device ships out on April 21.

Whatever be the case, the Galaxy S8 and S8 Plus do offer other security tools, including IRIS scanning and fingerprint scanning, as well, so you'd rather use these security features to unlock your device, or simply your passcode; instead of the facial recognition, for now.



from The Hacker News http://ift.tt/2nGFcAE

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

WordPress Releases Security Update

Original release date: January 26, 2017 | Last revised: February 01, 2017

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

US-CERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT National Cyber Alert System http://ift.tt/2jagZ51

無料の Nintendo Switch エミュレータを謳う詐欺にご注意

任天堂から新しい家庭用ゲーム機が発売されたのをきっかけに、そのエミュレータがあるかのように偽装して、アンケートの入力を求めたり、潜在的に迷惑なアプリケーション(PUA)をダウンロードさせたりする詐欺が確認されています。

Read More

from Symantec Connect - Securi... http://ift.tt/2nm6Hw1