Saturday, July 20, 2019

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

Cybersecurity: Drones Will Soon Become Both Predator and Prey

In the coming years, commercial drones will become a predator controlled by attackers to conduct targeted assaults on business. Drones will become smaller, more autonomous with increased range and equipped with cameras for prolonged surveillance missions. Flying in close...

The Automotive Industry: Stepping up on Defense

We are midway through 2019, and automotive hacks continue to rise. The global market for connected cars is expected to grow by 270% by 2022, with more than 125 million passenger cars with embedded connectivity forecast to ship worldwide...

Beyond the Endpoint: Fighting Advanced Threats with Network Traffic Analytics

Safeguarding enterprise assets is no longer just about protecting endpoints from malware, spam and phishing. Enterprise infrastructures are much more complex today than even a few years ago. In a bid to optimize processes and maximize profits, businesses are...

Today’s Top Public Cloud Security Threats …And How to Thwart Them

Many enterprises today have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like AWS, Azure, and GCP. And while cloud computing has streamlined many business processes, it can also create a security...

Influence Operation Uses Old News of New Purposes

A recently uncovered influence campaign presents old terror news stories as if they were new, likely in an attempt to spread fear and uncertainty, Recorded Future reports.  Dubbed Fishwrap, the operation uses 215 social media accounts that leverage a special family...

Spring Cleaning: Why Companies Must Spring Clean Out Their Social Media Accounts This Season

Every year around this time, we collectively decide to open the windows, brush off the dust, and kick the spring season off on a clean foot. But as you are checking off your cleaning to-dos, be sure to add...

Building Modern Security Awareness with Experiences

Experiences and events, the way that I define them, are segments of time in which a learner is more actively engaging in an element of your program. At their best, “experiences” should be well, experiential, requiring active participation rather...

The Promise and Perils of Artificial Intelligence

Many companies use artificial intelligence (AI) solutions to combat cyber-attacks. But, how effective are these solutions in this day and age? As of 2019, AI isn’t the magic solution that will remove all cyber threats—as many believe it to...

Utilising the Benefits of Industrial Robots Securely

Jalal Bouhdada, Founder & CEO at Applied Risk, discusses the rise of industrial robotics and how we can increase the cyber resilience of production environments in the future. It is increasingly likely that a factory worker today will find themselves...

On the Horizon: Parasitic Malware Will Feast on Critical Infrastructure

Parasitic malware, which seeks to steal processing power, has traditionally targeted computers and mobile devices. In the coming years, this type of malware will evolve to target more powerful, industrial sources of processing power such as Industrial Control Systems...

Thoughts on DoS Attack on US Electric Utility

The recent DoS incident affecting power grid control systems in Utah, Wyoming and California was interesting for several reasons. First, the threat actors did not directly attack the systems that control power generation and distribution for the electrical grid, but rather they...

Network of Fake Social Accounts Serves Iranian Interests

FireEye security researchers have uncovered a network of fake social media accounts that engage in inauthentic behavior and misrepresentation, likely in support of Iranian political interests. Comprised of fake American personas and accounts impersonating real American individuals, including candidates that...

Researchers Analyze the Linux Variant of Winnti Malware

Chronicle, the cybersecurity arm of Google’s parent Alphabet, has identified and analyzed samples of the Winnti malware that have been designed specifically for the Linux platform. Believed to be operating out of China, the Winnti group was initially discovered in...

BlackWater Campaign Linked to MuddyWater Cyberspies

A recently discovered campaign shows that the cyber-espionage group MuddyWater has updated tactics, techniques and procedures (TTPs) to evade detection, Talos’ security researchers report.  MuddyWater was first detailed in 2017 and has been highly active throughout 2018. The cyber-spies have been focused mainly...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.