Justin Strachan

1,035 Added | 56 Magazines | 465 Likes | 380 Following | 2,022 Followers | @firmsecure | firmsecure.net

Pope Francis Suggests Changing The Words To The 'Lord's Prayer'

Pope Francis isn't pleased with the words to the Lord's Prayer — specifically, the part about temptation.<p>In an interview with an Italian TV network, the pontiff said that the current language of the Our Father prayer "is not a good translation."<p>In English and similarly in Italian, the prayer asks …

How hackers could send secret commands to speech recognition systems with ultrasound

Chinese security researchers have discovered a way to send secret, inaudible commands to speech recognition systems such as Siri, Amazon Alexa or …

Information Security

CIO or C-Suite: To Whom Should the CISO Report?

Five reasons why the chief information security officer needs to get out from under the control of IT.<p>According to a 2015 study by Georgia Tech …

How to run vulnerability scanning against your web server with Nikto2

Nikto2 is an easy to install and use website vulnerability scanner. Here's how to ensure your servers are secure with this free, open source …

MIT And BU Researchers Uncover Critical Security Flaw In $2B Cryptocurrency IOTA

IOTA, a $2 billion cryptocurrency that supports Internet of things (IoT) transactions, was shown to have “serious weaknesses” according to a report recently released by researchers at MIT and Boston University.<p>(In a previous headline, I referred to IOTA as a blockchain. IOTA refers to itself as a …

Blockchain

Google reminds website owners to move to HTTPS before October deadline

With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search …

Information Security

SHA-1 hashes recovered for 320M breached passwords

Security researchers once again proved how easy it can be to recover SHA-1 hashes by cracking the hashes on nearly 320 million passwords related to …

Information Security

ShadowBrokers return with the release of UNITEDRAKE exploit

The hacking group has also promised two exploit dumps a month from now on.<p>The ShadowBrokers have promised the release of NSA exploit UNITEDRAKE which …

Hacker Lexicon: What Is DNS Hijacking?

Keeping your internet property safe from hackers is hard enough on its own. But as WikiLeaks was reminded this week, one hacker technique can take …

How to protect yourself against email spoofing

On a nondescript and casual morning, you open your email to find a message from your bank telling you that your account has been compromised and you …

Identity Theft

Scotiabank internet whizzkids screw up their HTTPS security certs

Not exactly a move designed to inspire confidenceThe team behind Scotiabank's Digital Banking Unit isn't impressing some customers, after forgetting …

IT security

A Serial Entrepreneur with a Passion for Information Security

<b>MK: What inspired you to start your first business?</b><p>TM: I started my first technology business, Data Guard Systems, in 2001. It was a software as a service business geared towards a niche retail sector, and the business experienced tremendous growth during the years following its inception. However, …

Researcher publicly discloses 10 zero-day flaws in D-Link 850L routers

Peeved about previous vulnerability disclosures experiences with D-Link, a security researcher has publicly disclosed 10 zero-day vulnerabilities in …

Information Security

Chrome to provide TLS interception warnings

Former intern develops warning interstitial for browser.

Information Security

Windows 10’s Built-In Linux Shell Could Be Abused to Hide Malware, Researchers Say

'Bashware' is a clever new type of malware that major antivirus programs can't detect.<p>Microsoft surprised the technology world last year when it announced that users will be able to run native Linux applications in Windows 10 without virtualization. While this feature is meant to help developers, …

Kaspersky Lab

Kali Linux Tutorial - Toolkit for mitm, Spoofing, DOS, Images Sniffing

In this Kali Linux Tutorial, we are to work with Xerosploit. Xerosploit is a penetration testing toolbox whose objective is to perform the man in the …

Intra-Library Collusion Attacks Open the Door for a Whole New Kind of Android Malware

A team of Oxford and Cambridge researchers is the latest to join a chorus of voices sounding the alarm on a new attack vector named Intra-Library …

Information Security

Credit Card Hacker Roman Seleznev Enters More Guilty Pleas

The Russian hacker already hit with a 27-year prison sentence for credit card hacking pleads guilty to two more charges.<p>Russian hacker Roman …

Buggy Word 2016 non-security patch KB 4011039 can’t handle merged cells

Last month’s crop of buggy Windows and Office patches may be headed for a re-match. I’m seeing reports of a merged cell bug in last Tuesday’s Sept. …

Information Security

Android Security Bulletin for September now available

We’ve been waiting for this announcement since learning the Nokia 5 would be receiving the September Android Security Patch. We knew we’d hear from …

Information Security

Paul Vixie: How CISOs Can Use DNS to Up Security

100%<p>0%<p>BLACK HAT USA 2017 -- FarSight CEO and DNS master Paul Vixie visits the Dark Reading News Desk to explain how enterprises, not just telecoms …

Admin Accounts With No Passwords at the Heart of Recent MongoDB Ransom Attacks

The recent wave of ransom attacks on MongoDB databases happened because database owners forgot to set passwords on their administrator accounts, …

Information Security

Publishing house to finance company: Latest ransomware attack cripples over 100 firms in India

Locky malware has returned after a year, demanding ransom as high as Rs 2 crore.<p>On September 1, executives of a leading publishing house approached …

Cybersecurity

September 2017 Android security patch details revealed

Google has released the details about what is contained in its latest security patch for Android devices. However, as of this writing, the company has yet to release factory images or OTA downloads for its own Pixel and Nexus devices.<p>Google does state that its own Pixel, Pixel XL, Pixel C, Nexus …

Apache Struts Vulnerabilities May Affect Many of Cisco's Products

Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a …

Information Security

Anyone not using Android Oreo at risk of attack that could give malware 'total control' over devices

The Android vulnerability can allow hackers to launch 'Toast overlay attacks' that can brick phones.<p>If you're an Android user, then it is highly …

Android News

Comodo Caught Breaking New CAA Standard One Day After It Went Into Effect

One day after the CAA (Certificate Authority Authorization) standard became obligatory on September 8, a German security researcher caught Comodo …

Information Security

Why Relaxing Our Password Policies Might Actually Bolster User Safety

Recent guidance from NIST may seem counterintuitive.<p>Despite the publicity about breaches, ransomware, and the like, we're still using some pretty …

Equifax blames open-source software for its record-breaking security breach: Report

The credit rating giant claims an Apache Struts security hole was the real cause of its security breach of 143 million records. ZDNet examines the …

Google to kill Symantec certs in Chrome 66, due in early 2018

This is how trust ends, not with a bang but with a whimperGoogle has detailed its plan to deprecate Symantec-issued certificates in Chrome.

IT security