Black Hat at 20, DefCon at 25: Not just about breaking things |
08/30/2017
|
|
Where in cyberspace is Norm?
If your job involves protecting sensitive information from prying eyes, or making sure that the right data is available to the right people at the right time, then Black Hat can make you feel burdened and beleaguered. So many threats and so many attack vectors, versus your organizations meagre security resources. Of course, all of that would be less of a problem if cyberspace were populated solely by law abiding digital citizens who abided by civilized norms.
|
Hackers break into voting machines within 2 hours at Defcon |
08/28/2017
|
|
After nearly an hour and a half, Carsten Schürmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas Defcon convention on Friday night, CNET reports.
|
Top Security Firm May Be Leaking Terabytes of Confidential Data From Fortune 100 Companies |
08/26/2017
|
|
A leading American security company and purveyor of anti-malware detection services is waking up to a damning report about a massive vulnerability in its flagship product. The report describes an unimaginable leak, the scope of which covers a wide range of confidential data, including customer credentials and financial records, among other sensitive files.
In a blog posted late Tuesday night, information security firm DirectDefense announced the discovery of inherent flaw in a leading anti-malware product offered by Carbon Black, a US-based company that supplies security products to nearly a third of the the largest 100 public and privately held companies in the United States.
|
Security firm discovers several major security flaws in Xiaomis MIUI |
08/24/2017
|
|
With a little over six percent market share, Xiaomi re-established itself as one of the top 5 Android smartphone manufacturers in the world. As such, millions of people use the company’s devices, so when Xiaomi’s MIUI Android skin is reported to have several security vulnerabilities, it would be wise for both users and the company to take notice.
Discovered by India-based security firm eScan Antivirus, one of the vulnerabilities centers around the Mi Mover app, which lets you transfer settings and other data from an Android device to a Xiaomi phone.
|
8 Critical IoT Security Technologies |
08/22/2017
|
|
The growth of IoT devices coupled with the rise in cyberattacks means that system security cannot be engineered after the design.
A recent report by Gartner predicts that there will be 20.4 billion connected Internet of Things (IoT) devices by 2020, with 5.5 million new things getting connected every day. Furthermore, more than half of major new business processes and systems will include an IoT component by 2020.
These numbers are staggering and suggest that standard PC security and anti-virus solutions will not be able to counter future cybersecurity threats on connected IoT devices.
|
Hacking in Hollywood: Why the Industry Needs to Shore Up Security |
08/20/2017
|
|
A cyber attack at Sony Pictures in 2014 resulted in the release of sensitive internal documents, the eventual ouster of the top executive and multimillion-dollar settlements with employees. Hackers struck again in 2016, this time targeting a post-production vendor of Netflix with a threat to leak unreleased shows if their ransom demand was not met. The latest attack is against HBO, and hackers have upped the ante with a demand for millions of dollars to stop the leak of internal emails, passwords, salary information, stars’ phone numbers and scripts for Game of Thrones.
|
ITs 9 biggest security threats |
08/18/2017
|
|
Years ago the typical hacking scenario involved a lone attacker and maybe some buddies working late at night on Mountain Dew, looking for public-facing IP addresses. When they found one, they enumerated the advertising services (Web server, SQL server and so on), broke in using a multitude of vulnerabilities, then explored the compromised company to their heart's content. Often their intent was exploratory. If they did something illegal, it was typically a spur-of-the-moment crime of opportunity.
My, how times have changed.
When describing a typical hacking scenario, these days you must begin well before the hack or even the hacker, with the organization behind the attack. Today, hacking is all crime, all the time, complete with bidding markets for malware, crime syndicates, botnets for hire, state actors, and cyber warfare gone amok.
Threat No. 1: Cyber crime syndicates
Threat No. 2: Small-time cons -- and the money mules and launderers supporting them
Threat No. 3: Hacktivists
Threat No. 4: Intellectual property theft and corporate espionage
Threat No. 5: Malware mercenaries
Threat No. 6: Botnets as a service
Threat No. 7: All-in-one malware
Threat No. 8: The increasingly compromised web
Threat No. 9: Cyber warfare
|
Study finds evidence of poor computer security practices in DNA sequencing |
08/16/2017
|
|
A new study from University of Washington (UW) researchers finds evidence of poor computer security practices used in DNA sequencing tools.
By analyzing the security hygiene of common, open-source DNA processing programs, researchers at the University of Washington confirmed that known security gaps could allow unauthorized parties to gain control of computer systems, potentially giving them access to personal information or even the ability to manipulate DNA results.
The DNA is a system that encodes information in sequences of nucleotides. Rapid improvement in DNA sequencing has sparked a proliferation of medical and genetic tests that promise to reveal everything from one's ancestry to fitness levels to microorganisms that live in ones gut.
However, some open-source software programs used to analyze DNA sequencing data were written in unsafe languages known to be vulnerable to attacks, in part because they were first crafted by small research groups who likely were not expecting much adversarial pressure.
But as the cost of DNA sequencing has plummeted over the last decade, open-source programs have been adopted more widely in medical- and consumer-focused applications.
|
Terrorists, hackers and scammers: Many enemies as L.A. plans Olympics security |
08/14/2017
|
|
Come the 2028 Olympic Games, technology will play a much more central role in protecting the games. Modern-day defense is not about a show of force as much as detection, prevention and disruption, Beck and others said.
Terrorists, hackers and more
In the evolving world of terrorism and other threats, a keyboard, a drone or a computer virus could be as deadly as a gun, they say.
The potential targets have also evolved — not just main venues but soft targets where people gather. And violence is just one scenario the 2028 security team will have to consider. Another is hacking.
|
Current Blog
2017
August Archive
April Archive
March Archive
February Archive
January Archive
2016 Security Blog Archive
November /December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2015 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2014 Security Blog Archive
November / December Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
Jan & February Archive
2013 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2012 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2011 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2010 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2009 Securty Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2008 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
July-August Archive
May-June Archive
April Archive
March Archive
February Archive
January Archive
2007 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
2006 Security Blog Archive
December Archive
November Archive
October Archive
September Archive
August Archive
July Archive
June Archive
May Archive
April Archive
March Archive
February Archive
January Archive
|