Trending Now
LATEST
ISC StormCast for Tuesday, October 23rd 2018
MSG Files: Compressed RTF https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/FreeRTOS TCP/IP Stack Vulnerabilities https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/VLC/Live555 RTSP
Japan Orders Facebook to Improve Data Protection
The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide.
read more
FTC Promotes International Charity Fraud Awareness Week
Original release date: October 22, 2018The Federal Trade Commission (FTC) has released an announcement promoting the first International Charity Fraud Awareness Week (ICFAW). FTC, the National Association of State Charities Officials, and state and international partners coordinated this effort...
If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?
According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites
Flaw present for the past eight years, easy to exploit, and there are thousands of forks A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to...
Watch how a Tesla Model S was stolen with just a tablet
Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away.
(But only after they struggled to unplug it.)
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
BrandPost: The Answer to Cyber Threats: People or Technology?
A new global survey by Ponemon and ServiceNow of nearly 3,000 cybersecurity professionals reveals that more than half the companies have experienced a breach in the past year. Compounding this issue: the volume of cyberattacks continue to increase, and...
BrandPost: Know the Facts – Today’s Cyberthreat Landscape
In the last two years, 48% of companies have experienced a data breach, and the severity and volume of cyberattacks continue to increase. A global survey of nearly 3,000 cybersecurity professionals shows that organizations can dramatically reduce the risk...
Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of...
Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.
In today's podcast we hear that the US has indicted a Russian accountant for conspiring to influence US midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of...
State of security: Missouri
Who’s in charge: Secretary of State John R. Ashcroft
Security in action: Missouri recently held a National Election Security Summit in St. Louis to discuss and share best practices as well as usable steps to mitigate threats and vulnerabilities concerning...
State of security: Utah
Who’s in charge: Lieutenant Governor Spencer Cox, Director of Elections Justin Lee
Security in action: Utah uses a vote by mail system in all but two counties (Carbon and Emery). The two outliers instead use direct-recording electronic (DRE) voting machines that...
US Tops Global Malware C2 Distribution
The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.
This Platform Is Making Management of Apple Devices Easy
Whether you’re just getting your small business off the ground or growing an already successful venture, onboarding and maintaining your employees’ tech gadgets are important steps. Unfortunately, IT can be expensive — and out of the question for many...
Some notes for journalists about cybersecurity
The recent Bloomberg article about Chinese hacking motherboards is a great example to talk about the problems with journalism.Journalism is about telling the truth, not a close approximation of the truth, but the true truth.Take, for example, a recent...
Amazon patches IoT and critical infrastructure security flaws
Amazon patched 13 security flaws affecting the operating systems of its IoT devices and Amazon Web Services (AWS) connection modules putting smart homes and critical infrastructure alike at risk.
Researchers at Zimperium identified the CVE vulnerabilities which included four remote...
Mozilla announces ProtonVPN partnership in attempt to diversify revenue stream
Selected Firefox users will be able to purchase a ProtonVPN version for $10. Some of the money will go to support Mozilla and Firefox.
Updated Azorult malware for sale on the Dark Web
A new and improved version of the info stealer and malware downloader Azorult was spotted being distributed by the RIG exploit kit.
Check Point researchers report the malware has been heavily upgraded, version 3.3 as labeled by its creators, and...
Get patching, if you can: Grave TCP/IP flaws in FreeRTOS leave IoT gear open to mass hijacking
AWS-stewarded platform has multiple remote code security vulnerabilities Serious security flaws in FreeRTOS – an operating system kernel used in countless internet-connected devices and embedded electronics – can be potentially exploited over the network to commandeer kit.…
2018 State of Cyber Workforce
Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
UK, US to Sign Accord on AI, Cybersecurity Cooperation
Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.
Who Is Agent Tesla?
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license...
Cisco, F5 Networks Investigate libssh Vulnerability Impact
Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations.
read more
Remember that dodgy Chinese spy chip story? We haven’t, says Super Micro. It’s still wrong
Server maker drags Bloomberg in note to customers, watchdog, still checking its motherboards The computer server maker at the center of a dramatic secret Chinese spy-chip story has again insisted the yarn is wrong, and called the whole thing...
LEADERS
If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?
According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
Watch how a Tesla Model S was stolen with just a tablet
Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away.
(But only after they struggled to unplug it.)
Who Is Agent Tesla?
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license...
Are the Police using Smart-Home IoT Devices to Spy on People?
IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer...
Weekly Update 109
Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesLast one before home time! But it has been an epic trip and as I say in the...
