- Several critical remotely exploitable flaws found in Drupal module
The Drupal Security Team has announced that critical patches to address several security issues in Drupal contributed modules, including several highly critical Remote Code Execution (RCE) vulnerabilities, will be released today at 16:00 UTC. According to an advisory, the critical arbitrary remote PHP code execution vulnerability (PSA-2016-001) affects up to 10000 Drupal websites. However, Drupal core is not affected. Not all sites will be affected. Although technical details about the critical flaws have not released yet due to security reasons, the team has warned its users to apply upcoming patches without giving opportunities to hackers who are desperately waiting for the bug details to develop exploits within hours or days.
Cyber Security Tips: If you own a Drupal website, you are advised carefully to review the list of affected contributed modules and apply the security patches as soon as possible.
- One- third of enterprises have suffered from an insider incident
The BYOD ecosystem makes Insider Threat even more vulnerable. 78 % of cyber threats are from negligent employees. In an interview with ETCIO.COM, Surendra Singh, Country Director, Forcepoint India talks about the severity of the situation and how organizations can enhance their preparedness against insider threats. There are lots of mistakes done by employee related to information security like speaking in public, writing information anywhere, use business systems for personal use.
Cyber Security Tips: Educate employee about your infrastructure security, protection of data, monitor employee activities, strong authentication for employee, check for devices employee carrying during working hour.
- Chinese national jailed for hacking US defense firms
A Chinese national was sentenced in Los Angeles to three years and 10 months in prison for hacking American defense contractors to steal trade secrets on Beijing’s behalf. Su Bin, 51, who went by the names Stephen Su and Stephen Subin, was also ordered by a federal judge to pay a $10,000 fine. Su in March had admitted in a plea agreement with US authorities to conspiring with two unnamed military officers in China to try to acquire plans for F-22 and F-35 fighter jets and Boeing’s C-17 military transport aircraft. According to court documents, the trio managed to steal sensitive data by hacking into the computer networks of major defense contractors and sent the information to China Su, who ran a China-based aviation and aerospace company from Canada, was arrested in July 2014 and after waiving extradition was transferred to the United States to face charges. According to court documents, Su travelled to the United States at least 10 times between 2008 and 2014, working with his co-conspirators to steal the data
Cyber Security Tips: US defense firm’s needs to check how much data he hacked and leaked, investigation of Stephan’s airways company, also improve security of defense employee.