Tag: Risk Assessment

May 26, 2017

E-mails stolen in a phishing attack on a prominent critic of Russian President Vladimir Putin were manipulated before being published on the Internet. That’s according to a report published Thursday, which also asserts that the e-mails were manipulated in order […]

April 3, 2017

Up until this week, WikiLeaks’ “Vault 7” releases of files from a Central Intelligence Agency software development server have largely consisted of documentation for the various malware projects the CIA’s Engineering Development Group created to aid the agency’s mission. But […]

December 15, 2016

On December 14, Yahoo announced that after an investigation into data provided by law enforcement officials in November, the company and outside forensics experts have determined that there was in fact a previously undetected breach of data from over 1 […]

October 19, 2016

Researchers have devised a technique that bypasses a key security protection built into just about every operating system. If left unfixed, this could make malware attacks much more potent. ASLR, short for “address space layout randomization,” is a defense against […]

October 18, 2016

A website used to fund the campaigns of Republican senators was infected with malware that for more than six months collected donors’ personal information, including full names, addresses, and credit card data, a researcher said. The storefront for the National […]

October 18, 2016

More records from the Federal Bureau of Investigation’s review of Hillary Clinton’s e-mail practices have been released through the FBI’s Freedom of Information Act site, including interviews with a number of individuals related to the security of the server. One of […]

October 17, 2016

US government-backed ICS-CERT warned that the troubling new generation of computer attacks is powered by malware that can infect cellular modems used to connect automotive and industrial equipment to the Internet. An advisory published Wednesday listed five industrial control devices […]

June 15, 2016

Attackers are exploiting a critical vulnerability in Adobe’s widely used Flash Player, and Adobe says it won’t have a patch ready until later this week. The active zero-day exploit works against the most recent Flash version 21.0.0.242 and was detected […]

March 1, 2016

There’s a certain degree of doubt about whether it’s possible to hack into an airplane’s avionics from the in-flight Wi-Fi, as one security researcher claimed last year. But it’s possible to do all sorts of things to fellow passengers—as USA […]

February 5, 2016

The Windows 10 November update (version 1511, build 10586) included a handful of new security features to provide protection against some security issues that have kept on popping up in Windows for a number of years. Google yesterday added source […]

January 26, 2016

Millions of online merchants are at risk of hijacking attacks made possible by a just-patched vulnerability in the Magento e-commerce platform. The stored cross-site scripting (XSS) bug is present in virtually all versions of Magento Community Edition and Enterprise Edition […]

January 11, 2016

It’s been quite a few months for the Tor Project. Last November, project co-founder and director Roger Dingledine accused the FBI of paying Carnegie Mellon computer security researchers at least $1 million to de-anonymize Tor users and reveal their IP […]

January 11, 2016

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also […]

December 29, 2015

Credit card users could have their PINs stolen, and merchants could have their bank accounts pillaged, in a set of attacks demonstrated by researchers Karsten Nohl and Fabian Bräunlein at the Chaos Computing Club security conference. Much research has been […]

December 15, 2015

In the face of a Federal Bureau of Investigation proposal requesting backdoors into encrypted communications, a noted encryption expert urged Congress not to adopt the requirements due to technical faults in the plan. The shortcomings in question would allow anyone […]

December 11, 2015

Tens of millions of Internet users will be cut off from encrypted webpages in the coming months unless sites are permitted to continue using SHA1, a cryptographic hashing function that’s being retired because it’s increasingly vulnerable to real-world forgery attacks, […]

December 8, 2015

Gas detectors used in factories and other industrial settings to identify toxic conditions contain several vulnerabilities that can allow hackers to remotely sabotage the devices, according to an industry advisory published late last week. The vulnerabilities in the Midas and […]

November 24, 2015

Dell officials have apologized for shipping PCs with a certificate that made it easy for attackers to cryptographically impersonate HTTPS-protected websites and issued a software tool that removes the transport layer security credential from affected machines. As some people suspected, […]

November 17, 2015

The investigation into last Friday’s coordinated terrorist attacks has quickly turned up evidence that members of the Islamic State (ISIS) communicated with the attackers from Syria using encrypted communications, according to French officials. Former CIA Deputy Director Michael Morell said […]

October 19, 2015

Researchers said they’ve found more than 250 iOS apps that violate Apple’s App Store privacy policy forbidding the gathering of e-mail addresses, installed apps, serial numbers, and other personally identifying information that can be used to track users. The apps, […]