Choosing Windows for your organization should get you fired

In the wake of yet another ransomware attack—this time named NotPetya—I have a special message specifically for those of you working in organizations that continue to run Microsoft Windows as the operating system on either your servers or your desktops: You are doing a terrible job and should probably be fired.  I know. That’s harsh.  Read more about Choosing Windows for your organization should get you fired[…]

Share

How to secure your CMS with out patching

In as little as four hours, the bad guys can reverse engineer a software patch for an open-source content management system (CMS) and build an exploit capable of turning millions of websites into spammers, malware hosts or DDoS attackers.  “There’s just not enough time for normal site owners to apply the updates,” said David Jardin, Read more about How to secure your CMS with out patching[…]

Share

Ohio government websites defaced by pro-ISIS hackers

Hackers proclaiming to be pro-ISIS defaced 10 Ohio government websites on Sunday as well as the government websites for Howard County, Maryland, and Brookhaven, Long Island. “Hacked by Team System DZ,” the defacements read. “Anti: Govt all word.” The pro-ISIS message continued: You will be held accountable Trump, you and all your people for every Read more about Ohio government websites defaced by pro-ISIS hackers[…]

Share

Even weak hackers can pull off a password reset MitM attack via account registration

At the IEEE Symposium on Security and Privacy 2017, researchers from the College of Management Academic Studies in Israel presented an interesting paper on bad password reset processes, “The Password Reset MitM Attack” (pdf). It explains how a weak attacker could take over accounts by exploiting vulnerabilities in password reset procedures. They dubbed the attack: Read more about Even weak hackers can pull off a password reset MitM attack via account registration[…]

Share

It's time to upgrade to TLS 1.3 already, says CDN engineer

Businesses dragging their heels over rolling out TLS 1.2 on their website might have an excuse to delay a little longer: Version 1.3 of the TLS (Transport Layer Security) encryption protocol will be finalized later this year, and early deployments of it are already under way. TLS, the successor to SSL, is used to negotiate Read more about It's time to upgrade to TLS 1.3 already, says CDN engineer[…]

Share

IDG Contributor Network: The fight to defend the Internet of Things

The Internet has entered a new chapter called the Internet of Things (IoT). It follows the fixed-Internet era characterized by connected PCs and laptops through the 1990s, and builds on the mobile-Internet era spearheaded by the proliferation of smartphones during the first two decades of this century. This new chapter has a new set of Read more about IDG Contributor Network: The fight to defend the Internet of Things[…]

Share

Banks and Fed sites score as least trustworthy in OTA 2017 security and privacy audit

We frequently hear that we can’t have privacy and security; sadly, that is often still the case as an audit of over 1,000 top websites analyzed for security and privacy practices showed an alarming trend for the third year in a row. The Online Trust Alliance said, “Sites either qualify for the Honor Roll or fail Read more about Banks and Fed sites score as least trustworthy in OTA 2017 security and privacy audit[…]

Share

EU wants to ease commercial drone use with future flight rules

The European Commission wants to make it easier for lightweight drones to fly autonomously in European airspace — with logistics, inspection services and agricultural businesses set to benefit. Last Friday, the Commission unveiled a plan to improve the safety of drones flying at low altitude. It wants to introduce a consistent set of rules across Read more about EU wants to ease commercial drone use with future flight rules[…]

Share

198 million American voter records found unprotected on the internet

You’d think if someone had amassed personal information on nearly every registered US voter, and stored that information on an Amazon S3 storage bucket, that it would at least be protected with a password. But thanks to a misconfigured server, personal data of 198 million Americans voters could be downloaded by anyone who happened across Read more about 198 million American voter records found unprotected on the internet[…]

Share

Reckless abuse of surveillance spyware sold to governments (again)

We keep seeing a common theme when it comes to spyware sold exclusively to governments, surveillance spyware which is marketed as lawful tools to help governments fight crime and terrorism; those remote intrusion solutions are increasingly used to spy on people who the governments consider to be a threat because those people are revealing the Read more about Reckless abuse of surveillance spyware sold to governments (again)[…]

Share

Hackers attacked 4 Florida school districts, allegedly hoped to hack voting systems

We’ve heard a lot about Russians attackers attempting to hack the US election, but another hacking group also allegedly wanted to interfere with the election; they attempted to pivot from compromised school districts to state voting systems. The Miami Herald reported that MoRo, a group of hackers based in Morocco, penetrated “at least four Florida Read more about Hackers attacked 4 Florida school districts, allegedly hoped to hack voting systems[…]

Share

IDG Contributor Network: When SD-WAN is more than SD-WAN

As the SD-WAN market has matured, one thing has become very clear: SD-WAN will not exist on its own. The technology is merging with other networking technologies, ultimately becoming a feature of a much larger bundle. While it may be too early to say what this “new thing” will be, the rough contours are emerging. Read more about IDG Contributor Network: When SD-WAN is more than SD-WAN[…]

Share

DHS and FBI issue alert about North Korean 'Hidden Cobra' hackers

Watch out for attacks by Hidden Cobra, aka North Korean government hackers, the DHS and the FBI warned in a joint technical alert. The US government didn’t tiptoe around the issue, instead pointing the finger of blame at North Korea for a series of cyberattacks dating back to 2009. Who the heck is Hidden Cobra? Read more about DHS and FBI issue alert about North Korean 'Hidden Cobra' hackers[…]

Share

Crash Override: Malware that took down a power grid may have been a test run

Two security firms have released reports about the malware which was used in the December 2016 Ukraine power outage, warning that the partial power outage in Kiev may have been test run; the malware could be leveraged against other countries, including the US. The malware, dubbed Crash Override in the Dragos report (pdf) and Industroyer Read more about Crash Override: Malware that took down a power grid may have been a test run[…]

Share

South Korean web hosting company infected by Erebus ransomware

Nayana, a web hosting company in South Korea, suffered a ransomware attack over the weekend which resulted in more than a hundred Linux servers and thousands of websites being infected with Erebus ransomware. The initial ransom amount was astronomically high. Yesterday, I came across the news that a South Korean web hosting company had been Read more about South Korean web hosting company infected by Erebus ransomware[…]

Share
Share