Monday, September 23, 2019

New clues show how Russia’s grid hackers aimed for physical destruction

Enlarge (credit: Joshua Lott/Bloomberg via Getty Images) For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of...

600,000 GPS trackers for people and pets are using 123456 as a password

Enlarge (credit: Shenzhen i365 Tech) An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks, researchers from security firm Avast have found. The...

Google Play app with 100 million downloads executed secret payloads

Enlarge (credit: NurPhoto | Getty Images) The perils of Google Play are once again on display with the discovery of an app with 100 million downloads that contained a malicious component that downloaded secret payloads onto infected Android...

Self-driving car service open sources new tool for securing firmware

Enlarge (credit: Collin Mulliner) Developing and maintaining secure firmware for tablets, cars, and IoT devices is hard. Often, the firmware is initially developed by a third party rather than in-house. And it can be tough as projects move...

Judge allows suit against AT&T after $24 million cryptocurrency theft

Enlarge / An AT&T store in New Jersey. (credit: Michael Brochstein/SOPA Images/LightRocket via Getty Images) When Michael Terpin's smartphone suddenly stopped working in June 2017, he knew it wasn't a good sign. He called his cellular provider, AT&T,...

Tech firms “can and must” put backdoors in encryption, AG Barr says

Enlarge / Graffiti urging people to use Signal, a highly encrypted messaging app, is spray-painted on a wall during a protest on February 1, 2017 in Berkeley, California. (credit: Elijah Nouvelage | Getty Images) US Attorney General William...

Silent Mac update nukes dangerous webserver installed by Zoom

Enlarge (credit: Kena Betancur/Getty Images) Apple said it has pushed a silent macOS update that removes the undocumented webserver that was installed by the Zoom conferencing app for Mac. The webserver accepts connections from any device connected to the...

Microsoft OneDrive gets a more secure Personal Vault, plus additional storage options

Enlarge / Microsoft at a trade show. (credit: Getty Images | Justin Sullivan) Microsoft is launching a new layer of security for users of its OneDrive cloud storage service. OneDrive Personal Vault is a new section of your storage...

The clever cryptography behind Apple’s “Find My” feature

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. (credit: Samuel Axon) When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to...

Windows 10 May 2019 Update now rolling out to everyone… slowly

Enlarge (credit: David Holt / Flickr) To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update,...

33 Linksys router models leak full historic record of every device ever connected

(credit: US Navy) More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can...

The radio-navigation planes use to land safely is insecure and can be hacked

Enlarge / A plane in the researchers' demonstration attack as spoofed ILS signals induce a pilot to land to the right of the runway. (credit: Sathaye et al.) Just about every aircraft that has flown over the past...

New speculative execution bug leaks data from Intel chips’ internal buffers

First disclosed in January 2018, the Meltdown and Spectre attacks have opened the floodgates, leading to extensive research into the speculative execution hardware found in modern processors, and a number of additional attacks have been published in the months...

Bloomberg alleges Huawei routers and network gear are backdoored

Enlarge / PORTUGAL - 2019/03/04: 5G logo is seen on an android mobile phone with Huawei logo on the background. (credit: Omar Marques/SOPA Images/LightRocket via Getty Images) Vodafone, the largest mobile network operator in Europe, found backdoors in...

Password1, Password2, Password3 no more: Microsoft drops password expiration rec

For many years, Microsoft has published a security baseline configuration: a set of system policies that are a reasonable default for a typical organization. This configuration may be sufficient for some companies, and it represents a good starting point...
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...
SC Magazine

Dani Martínez – IOActive

Dani MartínezSecurity ConsultantIOActive Why nominated: Dani Martínez proved to be a self-starter, beginning his career in IT he soon developed an interest in cybersecurity and began taking online courses in his spare time. Martínez also dove write in and began a cybersecurity blog...
SC Magazine

Maurice Stebila – Harman, a Samsung Company

Maurice StebilaDigital Security,Compliance and Privacy OfficerHarman, a Samsung Company Why nominated: Maurice Stebila has spent more than 30 years in the automotive, manufacturing and financial services industry supporting two of the world’s largest companies – EDS/General Motors and Harman by Samsung...
SC Magazine

Ed Adams – Security Innovation

Ed AdamsPresident and CEOSecurity Innovation Why Nominated: A highly respected veteran of the cybersecurity industry, Security Innovation CEO Ed Adams has taken on several new leadership roles in the year or so. Last April, he was named to board of directors of...
SC Magazine

David Archer – Galois

David ArcherPrincipal scientistGalois Why Nominated: Archer, an advocate for preserving privacy of data even when it’s used in decision-making both within the U.S. at all levels of government as well as internationally, directs research in privacy-preserving information technologies. Profile:  David Archer is all...