Security Hot Topics

By GE Scott Knauss - Security Guy | Current security trends and hot topics curated by Scott, CEO of ITS LLC.

Turn the NIST Cybersecurity Framework into Reality: 5 Steps

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.<p>The first …

Information Security

This powerful off-the-shelf phone-hacking tool is spreading

Citizen Lab found traces of the “lawful intercept” software in the U.S., Canada, and 43 other countries.<p>Researchers at internet watchdog Citizen Lab have found that a sophisticated piece of spyware designed to break into most commercially available smartphones is now in use in 45 countries. …

Human Rights

US military given more authority to launch preventative cyberattacks

<b>(CNN) —</b> The US military is taking a more aggressive stance against foreign government hackers who are targeting the US and is being granted more authority to launch preventative cyberstrikes, according to a summary of the Department of Defense's new Cyber Strategy.<p>The Pentagon is referring to the …

Cyber-attacks

New cold boot attack affects "nearly all modern computers"

Security researchers find a new way to disable current cold boot attack firmware security measures to steal sensitive data from high-value …

Cybersecurity

U.S. Silently Enters New Age of Cyberwarfare

Years ago, the world witnessed the creation of the first major “cyberweapon.” Secretly loaded onto an unknown Iranian worker’s USB flash drive, an …

Cannabis

When It Comes To Cybersecurity Assessment Nothing Beats The Real Thing

Organizations invest a significant amount of time, money and effort to cybersecurity, hoping to block attacks and avoid making headlines as the next big data breach victim. Following established principles and cybersecurity best practices will ostensibly help you detect and avoid attacks—but the …

Emulation

British Airways Breach Linked to Ticketmaster Breach Attackers

9/11/2018<br>12:15 PM<p>50%<p>50%<p>Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers …

British Airways

NSA-Designed Speck Algorithm to Be Removed From Linux 4.20

The NSA-designed Speck encryption algorithm will be removed from version 4.20 of the Linux kernel, after just recently being added to the Linux …

Linux

Open .Git Directories Leave 390K Websites Vulnerable

A scan of more than 230 million web domains worldwide has uncovered 390,000 web pages with open .git directories – a worrying state of affairs that …

Information Security

A Google Engineer Discovered a Vulnerability Letting Him Take Control of Keycard-Controlled Doors

A Google engineer discovered a vulnerability in the third-party system controlling access to doors across its campus in Sunnyvale, California, and …

Microsoft 'Confirms' Windows 7 New Monthly Charge

Microsoft has always described Windows 10 “as a service” and leaks have already revealed new monthly charges are coming. Of course, for Windows 7 owners this was never something they expected to pay. But times change…<p>In a new blog post entitled “Helping customers shift to a modern desktop”, …

Windows 10

'Adware Doctor' Mac app secretly steals your browsing history and sends it to China

If you have the Adware Doctor app installed on your Mac, you should uninstall it ASAP.<p>Despite ranking as the top paid utility app in the Mac App …

Apple

US government releases post-mortem report on Equifax hack

GAO report takes us inside Equifax from March 2017 onward, showing how a few slip-ups led to one of the biggest breaches in US history.<p>MUST READ<p>The …

Equifax

Fault in Google Chrome allows hackers to access home Wi-Fi networks in seconds, experts warn

Millions of British households could be left vulnerable to a glitch in the Google Chrome web browser which has exposed their household Wifi networks to a new form of hacking, researchers have claimed.<p>A weakness in the source code contained in the US tech giant's popular browser means that hackers …

Wi-Fi

Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic

Last month we reported about a widespread crypto-mining malware campaign that hijacked over 200,000 MikroTik routers using a previously disclosed …

Information Security

Think You Have Cybersecurity Taken Care Of? Think Again

If you learned that homes with your same model of alarm system were being broken into 32 percent more often this year than last, you might no longer think your system is secure enough. Yet many companies assume their IT infrastructure is still secure, despite the fact that cyberattacks jumped 32 …

Cyber-attacks

Alexa’s Alarming New Security Hole May Not Have a Fix

As if we needed more proof that everything, absolutely everything, can be hacked, here comes another Alexa security hole — one that allows hackers to …

Machine Learning

Web application security: The piece you’re probably missing

While most organizations recognize the need to protect their web apps, their efforts tend to focus on the server side, leaving a critical attack …

Information Security

Cracking ransomware: RansomWarrior victims can now retrieve files for free

Researchers at Check Point examined this recent form of ransomware and found it relatively easy to crack.<p>Victims of a new form of ransomware that …

Ransomware

If you’re still using Yahoo email, it’s still spying on you

Yahoo’s email platform might have been picked up during the big Verizon buyout of 2017, but that doesn’t mean much has changed at the longstanding …

Wall Street

Hacker Discloses Unpatched Windows Zero-Day Vulnerability (With PoC)

A security researcher has publicly disclosed the details of a previously unknown zero-day vulnerability in the Microsoft's Windows operating system …

Proof-of-Concept Released for Apache Struts Vulnerability

Python script for easier exploitation of the flaw is now available as well on Github.<p>That didn't take long: Last week, the Apache Foundation reported …

Information Security

Hackers Stole Personal Data of 2 Million T-Mobile Customers

T-Mobile disclosed an “incident” in which hackers accessed "some" customers' personal information—but no financial data or passwords.<p><b>UPDATE, Friday, Aug. 24, 3:00 pm ET</b>: After this story was first published, a T-Mobile spokesperson told me that “encrypted passwords” were included in the compromised …

T-Mobile

Spyware Company Leaves ‘Terabytes’ of Selfies, Text Messages, and Location Data Exposed Online

A company that sells surveillance software to parents and employers left “terabytes of data” including photos, audio recordings, text messages and web history, exposed in a poorly-protected Amazon S3 bucket.<p><b>This story is part of</b> <b>When Spies Come Home</b><b>, a Motherboard series about powerful surveillance</b> …

Security

Health Data Breach Victim Tally for 2018 Soars

Analyzing the Latest 'Wall of Shame' Trends Marianne Kolbasuk McGee (HealthInfoSec) • August 21, 2018<p>About 30 new health data breaches - including a …

Facebook Notifies Users That 4 Million People Might Have Been Impacted by Data Leak

Facebook has banned myPersonality after discovering that the app took the personal information of 4 million users, and shared it with researchers, …

Ghostscript flaw could allow attackers to take remote control of systems - and there's no fix yet

Interpreter for Abode PostScript and PDF page description languages is used by large numbers of vendors - and in enterprises around the world.<p><i>This</i> …

All versions of Openssh share a critical vulnerability, including embedded code that will never be updated

Every version of the popular Openssh program -- a critical, widely used tool for secure communications -- share a critical vulnerability that was …

The Untold Story of NotPetya, the Most Devastating Cyberattack in History

It was a perfect sunny summer afternoon in Copenhagen when the world’s largest shipping conglomerate began to lose its mind.<p>The headquarters of A.P. …

Long-form Journalism