Archive for the ‘Top Stories’ Category

Analysis: there is both Means and Motive for Cyber Attacks on Navy Vessels

August 21st, 2017

In-brief: could cyber attacks have played a role in recent collisions between US Navy vessels and commercial ships? The short answer is yes. Regardless of what caused the most recent incidents, both the means and the motive exist to launch such attacks in the future. A collision between a Liberian oil tanker Alnic NC and the USS John McCain over...

Read the whole entry... »

Related Stories

Posted in AIS, apt, china, Cyber Command, Cyber Warfare, Government, GPS, hacks, Internet of things, north korea, Patching, Policy, Reports, software, Top Stories, trends, US Navy, vulnerabilities | Comments (0)

Was the Devil’s Ivy Vulnerability a Dud? Don’t Count on It.

August 11th, 2017

In-brief: The Devil’s Ivy vulnerability in the open source gSOAP library is widespread and supposedly trivial to exploit. So why, one month later, haven’t we seen any attacks? Is Devil’s Ivy a dud? ‘Don’t count on it,’ security experts tell us. In July, the warnings were all about the so-called...

Read the whole entry... »

Related Stories

Posted in connected devices, Devil's Ivy, hardware, Internet of things, malware, password, Patching, Reports, Search engine, Senrio, Senrio (Xipiter), Shodan, software, Top Stories, vulnerabilities | Comments (0)

Five Billion Tests Later: IoT and Industrial Control System Protocols Raise Alarms

August 9th, 2017

In-brief: Close to five billion “fuzzing” tests conducted during 2016 reveal protocols used by industrial control systems, vehicles and Internet of Things devices to be weaker, on average, with many crashing hundreds of times and revealing vulnerabilities that could be used by malicious actors.  A study of 4.8 billion automated...

Read the whole entry... »

Related Stories

Posted in connected devices, critical infrastructure, fuzzing, Internet of things, protocol, published research, Reports, software, software development, supply chain, survey, Top Stories, trends, vulnerabilities | Comments (0)

It’s the Corruption, Stupid: why Russians aren’t the biggest threat to Election Security

August 7th, 2017

In-brief: Russian hackers aren’t the biggest threat to the security and integrity of elections says Bev Harris of Black Box Voting. Instead, it’s a more common enemy: run of the mill political corruption, mostly at the local level. Also: Eric Hodge of CyberScout talks about the challenges of helping states secure their election...

Read the whole entry... »

Related Stories

Posted in conferences, critical infrastructure, Cybercrime, data theft, DefCon, election systems, extortion, Fancy Bear, FBI, Federal Court, forensics, fraud, Government, Hacking, Hacks & Hackers, hardware, law enforcement, Podcasts, Policy, Reports, russia, software, standards, Top Stories, trends, voting, vulnerabilities | Comments (0)

Operation Lonely Guy: Iranians Use Cute Girl Profile to Cultivate, Compromise Targets in Middle East

July 27th, 2017

Hackers working on behalf of the government of Iran are using alluring social media profiles featuring a young, English photographer to entice and then compromise the systems of high value targets in the oil and gas industry, according to a report by Dell Secureworks. In a report released on Thursday, Secureworks’ Counter Threat Unit (CTU)...

Read the whole entry... »

Related Stories

Posted in apt, crime, critical infrastructure, phishing, published research, Reports, social networking, Top Stories, trends | Comments (0)

At BlackHat: Hell is Other People’s Machine Learning

July 25th, 2017

In-brief: Machine learning is all the rage in the information security industry. But a study by Endgame and University of Virginia suggests that it may be vulnerable to manipulation by sophisticated AI-driven tools. When it comes to matters of war – or even cops and robbers – advances in technology are almost always double-edged...

Read the whole entry... »

Related Stories

Posted in Academia, anomaly detection, anti malware, antivirus, Artificial intelligence, Black Hat, conferences, Endgame, machine learning, malware, software, Top Stories, vulnerabilities | Comments (0)

Exclusive: WHISTL Labs will be Cyber Range for Medical Devices

July 24th, 2017

In-brief:  A global federation of labs will test the security of medical devices, according to an announcement on Monday by a consortium of healthcare industry firms, universities and technology firms. Amid increasing concerns about cyber threats to healthcare environments, a global network of labs will test the security of medical devices,...

Read the whole entry... »

Related Stories

Posted in biomedical devices, Hacking, hacks, healthcare, Internet of things, MDVIPER, medical devices, penetration testing, Testing, Top Stories, vulnerabilities, vulnerability equities | Comments (0)

German Electronics Store Sued for Selling Un-Patchable Android Phones

July 21st, 2017

In-brief: That’ll be $99, or $150 without the vulnerabilities! A lawsuit in Germany is trying to force stores to come clean about security holes in the products they sell to consumers.  ‘That’ll be $99, or $150 without the unpatchable mobile operating system vulnerabilities!’ That line may be more common if a case against...

Read the whole entry... »

Related Stories

Posted in android, application development, BSI, carrier, consumer, data privacy, fraud, Germany, Government, hardware, Internet of things, ios, iphone, Legal News, Mobile, mobile devices, online shopping, Patching, Policy, privacy, SDLC, software, Top Stories, trends, Underwriters Lab, vulnerabilities | Comments (0)

AlphaBay, the Largest Online “Dark Market,” Shut Down | Department of Justice

July 21st, 2017

The Justice Department on Thursday said that it shut down AlphaBay, what it described as “the largest criminal marketplace on the internet,” more than two weeks after the market went dark. The site was used to sell a wide range of contraband to a customer base of some 200,000 individuals worldwide, the DOJ said in a statement. Among...

Read the whole entry... »

Related Stories

Posted in Top Stories | Comments (0)

Security Camera Flaw could lurk in Thousands of Devices

July 19th, 2017

In-brief: a vulnerability dubbed “Devil’s Ivy” affects hundreds of cameras by the firm Axios and – likely – thousands of other devices made by some of the world’s top technology brands. It’s another example of widespread software supply chain security risks. A serious security flaw that affects hundreds of...

Read the whole entry... »

Related Stories

Posted in Buffer Overflow, firmware, hardware, heartbleed, Internet of things, Senrio (Xipiter), software, supply chain, Top Stories, vulnerabilities | Comments (0)