Tag: Security

Software, Tech

Microsoft reports new zero-day vulnerability in Windows that is being actively exploited

March 23, 2020

Via: TechSpot

Microsoft posted a new security advisory today (ADV200006), detailing what it’s calling “Type 1 Font Parsing Remote Code Execution Vulnerability.” They have given the vulnerability a “critical” severity rating, which is the highest severity rating Microsoft gives. The flaw seems […]

Networking Security, Security

Why fixing security vulnerabilities in medical devices, IoT is so hard

February 19, 2020

Via: ArsTechnica

When your family opened up that brand-new computer when you were a kid, you didn’t think of all of the third-party work that made typing in that first BASIC program possible. There once was a time when we didn’t have […]

Mobile Security, Networking Security, Security

Presidential campaigns taking email security more seriously–not so much at the local level

February 10, 2020

Via: CSO Online

The 2020 election season got off to what could be a record-setting rocky start with delays in the reporting of the Iowa caucus results due to a poorly developed app. The failure of the mobile IowaReporterApp developed for the Democratic […]

Attacks & Breaches, Networking Security, Security

Why hacking must be addressed in digital privacy policymaking

February 7, 2020

Via: CSO Online

Digital privacy is one side of a two-sided policy coin. Virtually all attention to date has been focused on developing legal and regulatory remedies to address this pervasive public concern. But in doing so, they have devoted little attention to […]

Cloud Infrastructure, Infrastructure

Infrastructure-as-code templates are the source of many cloud infrastructure weaknesses

February 5, 2020

Via: CSO Online

In the age of cloud computing where infrastructure needs to be extended or deployed rapidly to meet ever-changing organizational needs, the configuration of new servers and nodes is completely automated. This is done using machine-readable definition files, or templates, as […]

Federal, Policy

Recent False Claims Act cases a caution to gov’t contractors that skimp on security

February 4, 2020

Via: CSO Online

The False Claims Act (FCA), otherwise known as the “Lincoln Law,” can cost companies that supply goods or services to the federal government millions of dollars if they fail to provide the digital security protections they promise, as two recent […]

Networking Security, Security

Huawei refutes suggestions state support drove its growth

December 26, 2019

Via: ZDnet

Huawei Technologies has lashed out at a US Media report that suggests the tech giant’s success is fuelled by billions of dollars in financial support from the Chinese government, arguing that its ties are no different from any other private […]

Federal, Policy

Justice Dept. charges Russian hacker behind the Dridex malware

December 5, 2019

Via: Tech Crunch

U.S. prosecutors have brought computer hacking and fraud charges against a Russian citizen, Maksim Yakubets, who is accused of developing and distributing Dridex, a notorious banking malware used to allegedly steal more than $100 million from hundreds of banks over […]

Operations Security, Security

A bug in Microsoft’s login system put users at risk of account hijacks

December 2, 2019

Via: Tech Crunch

Microsoft has fixed a vulnerability in its login system, which security researchers say could have been used to trick unsuspecting victims into giving over complete access to their online accounts. The bug allowed attackers to quietly steal account tokens, which […]

Attacks & Breaches, Security

A new era of cyber warfare: Russia’s Sandworm shows “we are all Ukraine” on the internet

November 25, 2019

Via: CSO Online

Speakers at this year’s CyberwarCon conference dissected a new era of cyber warfare, as nation-state actors turn to a host of new advanced persistent threat (APT) strategies, tools and tactics to attack adversaries and spy on domestic dissidents and rivals. […]