Tuesday, October 23, 2018
SC Magazine

State of security: Missouri

Who’s in charge: Secretary of State John R. Ashcroft Security in action: Missouri recently held a National Election Security Summit in St. Louis to discuss and share best practices as well as usable steps to mitigate threats and vulnerabilities concerning...
SC Magazine

State of security: Utah

Who’s in charge:  Lieutenant Governor Spencer Cox,  Director of Elections Justin Lee Security in action: Utah uses a vote by mail system in all but two counties (Carbon and Emery). The two outliers instead use direct-recording electronic (DRE) voting machines that...
SC Magazine

Amazon patches IoT and critical infrastructure security flaws

Amazon patched 13 security flaws affecting the operating systems of its IoT devices and Amazon Web Services (AWS) connection modules putting smart homes and critical infrastructure alike at risk. Researchers at Zimperium identified the CVE vulnerabilities which included four remote...
SC Magazine

Updated Azorult malware for sale on the Dark Web

A new and improved version of the info stealer and malware downloader Azorult was spotted being distributed by the RIG exploit kit. Check Point researchers report the malware has been heavily upgraded, version 3.3 as labeled by its creators, and...
SC Magazine

Apple CEO Cook calls for Bloomberg retraction

Apple CEO Tim Cook asked Bloomberg BusinessWeek to retract a story posted earlier this month that stated Apple had used computers that were hacked by the Chinese military. Apple’s Tim Cook at WWDC 2016Cook made his demand during an interview...
SC Magazine

ObamaCare portal breach compromises data of 75,000 patients

Threat actors compromised the information of 75,000 patients after breaching an ObamaCare (Affordable Care Act) enrollment portal last month. The Centers for Medicare and Medicaid first noticed problems in the online enrollment portal available to agents and brokers October 13 and...
SC Magazine

Securing Middle America: small towns more at risk of ransomware, phishing and more

Cybersecurity firms may be leaving money on the table chasing big fish in the form of large enterprise deals, while smaller local government entities go unprotected. While cyberattacks target entities of all sizes in both the public and private sector,...
SC Magazine

It’s Ok, I’m verified; libssh flaw allows attacker bypass server authentication

A vulnerability in the libssh platform could allow an attacker to bypass authentication and gain full control over vulnerable servers. The vulnerability basically allows the attacker to simply tell the targeted system that the authentication is complete rather than the...
SC Magazine

VestaCP supply-chain attack installs DDoS malware

Hosting control panel solution VestaCP was compromised in a supply chain attack that installed malware used to carry out DDoS attacks. Earlier this week ESET researchers learned the official VestaCP distribution was compromised to install a malware dubbed Linux/ChachaDDoS onto...
SC Magazine

Justice unseals criminal complaint against Russian lawyer for 2018 midterms interference

The midterm elections have yielded their first criminal case – the Justice Department on Friday charged Russian accountant Elena Khusyaynora with conspiracy to defraud the U.S. for her role in a plan to spend more than $10 million on...
SC Magazine

West Haven, Indiana National Guard, Muscatine hit with ransomware attacks

Ransomware attacks have struck government entities across the nation this week with West Haven, Conn., the Indiana National Guard and Muscatine, Iowa being targeted. West Haven almost immediately succumbed to the cybercriminals threat and paying what city officials called a...
SC Magazine

Survey: Federal agencies slow to migrate to cloud, despite promise of security

Although a cloud-based architecture would offer cybersecurity benefits to federal agencies whose systems are in need of digital defense, many government entities are not yet ready to make the migration, based on the results of a new survey. Conducted by...
SC Magazine

Philippines orders Facebook to offer ID protections following breach

Among the 30 million accounts affected in the September 2018 Facebook data breach incident were 755,973 users in the Philippines, and now the Southeast Asian nation is demanding action from the social media company, according to a report from area news outlet...
SC Magazine

State of security: Colorado

Who’s in charge: Secretary of State Wayne Williams                                                               ...
SC Magazine

State of security: New Jersey

Who’s in charge: Secretary of State Tahesha Way Security in action: In August New Jersey made public its spending plan for the $10.2 million the state has set aside to help secure its state and local level elections. The federal...
SecurityWeek

Japan Orders Facebook to Improve Data Protection

The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide. read more

If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?

According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
The Register

jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites

Flaw present for the past eight years, easy to exploit, and there are thousands of forks A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to...

Watch how a Tesla Model S was stolen with just a tablet

Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away. (But only after they struggled to unplug it.)

Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition

Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.