The challenge here is that IoT devices are flying off the shelves and being installed by all manner of suppliers, not just IT companies which should know about securing them...: “Internet of Things” devices are listening. And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data
There's a very good reason that we talk about "People, Process, and Technology" in that order. If you can't find, recruit, and retain skilled people your projects will fail...: Companies are suffering from a lack of resources, both in terms of people and technology (79 percent), and 72 percent have considered leaving their jobs for this reason, Censornet research reveals. Security professionals believe their jobs and the overall security of their organizations would benef
She's not being very nice about Microsoft...: [...] Because the exploits cannot be used remotely, they are not as dangerous as some attacks, says Tripwire's Young. "Similar to past SandboxEscaper releases, these exploits are also local privilege escalations, meaning that attackers would use these only after gaining a foothold on a targeted system," he says. SandboxEscaper has gained a reputation for releasing LPE exploits with no warning. The researcher has posted repeated
Looks like I'm moving my clients away from Magento at the right time...: [...] The software, discovered by researcher Jérôme Segura at Malwarebytes, takes advantage of the popular retail practice of using a third-party credit card payment organization to facilitate credit card use. In this case, the software targets companies using Magento as their financial processing service provider. The malicious software inserts an iframe around the display code that would send the cust
The sound of (digital) sabres being rattled...: North Korea has condemned plans by the Japanese military to develop a counter-attack computer virus as symptomatic of Tokyo’s “war hysteria”, with an analyst warning the move could fuel a cyber arms race. The Japanese government announced this month that it is planning to create malware designed to break into an enemy’s computer systems and cripple its military forces’ ability to communicate and launch attacks against Japan.
The author works in information security so has valid points. The linked securityplanner is a very simple recommendation engine, worth sending round your company and friends and family...: For the first time in my life, I am actually a part of the majority. What I’m referring to are results from a new cyber security test launched by Google developers designed to see how well Americans are able to pick up on subtle security warnings/threats online. While I didn’t necessarily
Worth listening to. TL;DR - if you don't use machine learning, you can bet the bad actors are...: [...] During the 2019 Cyber Security Digital Summit, Darktrace’s Director of Enterprise Cyber Security David Masson, explained how using AI can help enterprises find threats that get inside. He gave examples of the thousands of in-progress threats detected every day, such as: Indiscriminate worms, Trojans, ransomware Exfiltration of sensitive data by insiders Hacked I
Just because an executable is 'signed' , it doesn't mean you can trust it...: [...] To highlight the prevalence of this trend and problems with trust-based security, Chronicle researchers used VirusTotal, an online virus/malware scanner that analyzes suspicious files that a machine's antivirus tools may have missed. They limited this project to Windows PE Executable files, filtered out samples with fewer than 15 aggregate detections, and "aggressively" filtered out grayware
Nice to see the different branches of the military getting along so well...: The Air Force is investigating the Navy for a cyber intrusion into its network, according to a memo obtained by Military Times. The bizarre turn of events stems from a decision by a Navy prosecutor to embed hidden tracking software into emails sent to defense attorneys, including one Air Force lawyer, involved in a high-profile war-crimes case of a Navy SEAL in San Diego. T...
Keep updating, these vulnerabilities are coming thick and fast. There's no patch yet. Microsoft's next Patch Tuesday is scheduled for June 11...: The zero-day is what security researchers call a local privilege escalation (LPE). LPE vulnerabilities can't be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts. According to a description of the zero-