You are here
Home > News > Information Security

Feds Want New IoT Guidance to Address Security Vulnerabilities

The challenge here is that IoT devices are flying off the shelves and being installed by all manner of suppliers, not just IT companies which should know about securing them...: “Internet of Things” devices are listening.  And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data

Most security pros have considered quitting due to a lack of resources

There's a very good reason that we talk about "People, Process, and Technology" in that order. If you can't find, recruit, and retain skilled people your projects will fail...: Companies are suffering from a lack of resources, both in terms of people and technology (79 percent), and 72 percent have considered leaving their jobs for this reason, Censornet research reveals. Security professionals believe their jobs and the overall security of their organizations would benef

Researcher Publishes Four Zero-Day Exploits in Three Days

She's not being very nice about Microsoft...: [...] Because the exploits cannot be used remotely, they are not as dangerous as some attacks, says Tripwire's Young. "Similar to past SandboxEscaper releases, these exploits are also local privilege escalations, meaning that attackers would use these only after gaining a foothold on a targeted system," he says. SandboxEscaper has gained a reputation for releasing LPE exploits with no warning. The researcher has posted repeated

New Software Skims Credit Card Info From Online Credit Card Transactions

Looks like I'm moving my clients away from Magento at the right time...: [...] The software, discovered by researcher Jérôme Segura at Malwarebytes, takes advantage of the popular retail practice of using a third-party credit card payment organization to facilitate credit card use. In this case, the software targets companies using Magento as their financial processing service provider. The malicious software inserts an iframe around the display code that would send the cust

North Korea hits out at Japan as cyber arms race heats up

The sound of (digital) sabres being rattled...: North Korea has condemned plans by the Japanese military to develop a counter-attack computer virus as symptomatic of Tokyo’s “war hysteria”, with an analyst warning the move could fuel a cyber arms race. The Japanese government announced this month that it is planning to create malware designed to break into an enemy’s computer systems and cripple its military forces’ ability to communicate and launch attacks against Japan.

97% of American Failed This Basic Cyber Security Test, Myself Included

The author works in information security so has valid points. The linked securityplanner is a very simple recommendation engine, worth sending round your company and friends and family...: For the first time in my life, I am actually a part of the majority. What I’m referring to are results from a new cyber security test launched by Google developers designed to see how well Americans are able to pick up on subtle security warnings/threats online. While I didn’t necessarily

Taking Advantage Of AI In Cyber Security Strategies

Worth listening to. TL;DR - if you don't use machine learning, you can bet the bad actors are...: [...] During the 2019 Cyber Security Digital Summit, Darktrace’s Director of Enterprise Cyber Security David Masson, explained how using AI can help enterprises find threats that get inside. He gave examples of the thousands of in-progress threats detected every day, such as: Indiscriminate worms, Trojans, ransomware Exfiltration of sensitive data by insiders Hacked I

Alphabet’s Chronicle Explores Code-Signing Abuse in the Wild

Just because an executable is 'signed' , it doesn't mean you can trust it...: [...] To highlight the prevalence of this trend and problems with trust-based security, Chronicle researchers used VirusTotal, an online virus/malware scanner that analyzes suspicious files that a machine's antivirus tools may have missed. They limited this project to Windows PE Executable files, filtered out samples with fewer than 15 aggregate detections, and "aggressively" filtered out grayware

Why the Air Force is investigating a cyber attack from the Navy

Nice to see the different branches of the military getting along so well...: The Air Force is investigating the Navy for a cyber intrusion into its network, according to a memo obtained by Military Times. The bizarre turn of events stems from a decision by a Navy prosecutor to embed hidden tracking software into emails sent to defense attorneys, including one Air Force lawyer, involved in a high-profile war-crimes case of a Navy SEAL in San Diego. T...

Windows 10 zero-day exploit code released online

Keep updating, these vulnerabilities are coming thick and fast. There's no patch yet. Microsoft's next Patch Tuesday is scheduled for June 11...: The zero-day is what security researchers call a local privilege escalation (LPE). LPE vulnerabilities can't be used to break into systems, but hackers can use them at later stages in their attacks to elevate their access on compromised hosts from low-privileged to admin-level accounts. According to a description of the zero-