Category Archives: Security News

DoS technique lets a single laptop take down an enterprise firewall

ICMP Type 3 Code 3 packets can overload firewalls, researchers warn.

DoS technique, enterprise firewall

Credit: Gerd Altmann / Pixabay

At a time when the size of distributed denial-of-service attacks has reached unprecedented levels, researchers have found a new attack technique in the wild. That allows a single laptop to take down high-bandwidth enterprise firewalls.

The attack, dubbed BlackNurse, involves sending Internet Control Message Protocol (ICMP) packets of a particular type and code. ICMP is commonly used for the ping network diagnostic utility. And attacks that try to overload a system with ping messages, known as ping floods. Use ICMP Type 8 Code 0 packets.

Microsoft patches 68 vulnerabilities in Windows, Office, Edge, and more

Microsoft has patched 68 vulnerabilities in Windows, Office, Edge, Internet Explorer and SQL Server, two of which have already been exploited by attackers and three that have been publicly disclosed.

Microsoft patch

Two of the patched flaws are already being exploited and three have been publicly disclosed.

The patches are covered in 14 security bulletins, one dedicated to Adobe Flash Player which is upgraded through Windows Update in Windows 10 and 8.1. Six of the bulletins are rated critical and eight are rated important.

Personal data of 550,000 Red Cross blood donors was breached

The leak in Australia happened because a file was left unsecured by a third party provider.

Personal data of Red Cross blood donors

Credit: IDGNS

The Australian Red Cross said its blood donor service has found that registration information of 550,000 donors had been compromised, which the agency blamed on human error by a third-party contractor.

The moot issue at this point, which may decide how the breach unfolds, is that nobody knows how many people have the data. The information from 2010 to 2016 was available on the website from Sept. 5 to Oct. 25. this year.

Easy-to-exploit rooting flaw puts Linux PCs at risk

The flaw allows attackers with limited access to Linux computers to gain root privileges.

Linux PCs at risk

Tux, the Linux mascot. Credit: Larry Ewing and Garrett LeSage via Wikimedia Commons

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that’s already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.

The vulnerability, tracked as CVE-2016-5195, has existed in the Linux kernel for the past nine years. This means that many kernel versions that are used in a variety of computers, servers, routers, embedded devices and hardware appliances are affected.

Half of U.S. adults are profiled in police facial recognition databases

The use of police photo databases raises questions about a lack of regulation and the accuracy of results.

facial recognition databases

States in dark blue use drivers license photos in police facial recognition databases. States in light blue use criminal mug shots. Red dots represent other jurisdictions using facial recognition. Credit: Center on Privacy & Technology, Georgetown Law

Photographs of nearly half of all U.S. adults—117 million people—are collected in police facial recognition databases across the country with little regulation over how the networks are searched and used, according to a new study.

Along with a lack of regulation, critics question the accuracy of facial recognition algorithms. Meanwhile, state, city, and federal facial recognition databases include 48 percent of U.S. adults, said the report from the Center on Privacy & Technology at Georgetown Law.