Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Robot Gains Saudi Citizenship

From the Smithsonian.  Last week, Saudi Arabia, became the first in the world to grant citizenship to a robot during a technological summit held in its capital. Sophia, created by Hanson Robotics, is designed to look like Audrey Hepburn and possesses advanced artificial intelligence. She can ...

Continue Reading →
0

Microsoft Edge Browser Blocks Phishing Malware Downloads

A recent test of web browsers by NSS Labs showed the Microsoft’s much maligned Edge browser beat Chrome and Firefox by wide margins in its ability to detect and block malicious downloads embedded in phishing landing pages and other malware infected web pages.  Edge version 38 blocked 96% of malware samples in the form of malicious links and pop-ups, compared with 88% for Chrome version 60 and 70% for Firefox ...

Continue Reading →
0

NIST Password Policy Review

We have covered this issue before, but it bears repeating.  The new NIST Digital Identity Guidelines are out, and they have thrown out some old password chestnuts because they did not work, or did not work as intended.

Below are the significant changes to password policy.

  • An end to password complexity rules.  Following this policy, users tended to create shorter passwords that used obvious character ...
Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Today is Veterans Day – Thanks for Your Service

Veteran’s day is a remembrance of all U.S. military veterans – past and present. It is celebrated every November 11th, and has been a federal holiday since 1926.


Protecting Critical Infrastructure from Cyber Threats

10/31/2017 08:14 AM EDT  Original release date: October 31, 2017

Building resilience in critical infrastructure ...

Continue Reading →
0

Gravityscan Provides Website Malware Scanning for Any Website

Websites are a popular target for cyber-criminals, because they offer a platform for malicious activity.  A hijacked website can be used for hosting malware downloads or phishing landing pages.  Personal information stored in a website database about site users, including user names and passwords and other personal information can be extracted, decrypted, and sold on the Dark Web.

I have devoted many articles to properly securing WordPress websites.  Now there is a ...

Continue Reading →
0

Details on New Email Exploit – No Attachment Required

People often ask me if it is dangerous to simply open an email, if it is possible to get a malware inflection just by reading an email.  My answer has been a qualified “not at this time.”  Unfortunately, this is no longer true.  It is possible to get a malware installation from the new DDE (Dynamic Data Exchange) exploits reveal by Sophos Labs on October 13 2017.  This can be accomplished without an attachment or link if the email is ...

Continue Reading →
0

Scary Kaspersky Stories – Ghost in the Machine

Happy Halloween!  Nothing like a scary story to end the holiday.  The scary story in cybersecurity is that Kaspersky anti-malware and security products are in league with the Putin government and the FSB in Russia.  The FBI is advising government agencies to drop Kaspersky and find a new endpoint security solution.

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated through a holding company in the United Kingdom. Kaspersky was founded by Eugene ...

Continue Reading →
0

Dragonfly Wants To Punch Our Lights Out? Round Four

Over the last four posts, we have focused on the US-CERT alert, but cybersecurity firm Symantec has actually been working this case since 2011.  Their report on Dragonfly can be found on their website.  While they are cautous when providing attribution, reading between the lines indicates that Dragonfly is probably a Russian based group, possibly working on behalf ...

Continue Reading →
0

Dragonfly Wants To Punch Our Lights Out? Round Three

Is the U.S. energy sector under attack? The ambitious and sophisticated exploits like this one are usually the work of a nation-state.  Who wants to turn off the lights?  Last Wednesday we took a look at the US-CERT alert warning about the ongoing cyber-attack against the U.S. electric grid, and on Friday we took a look at many of the tactics, ...

Continue Reading →
0
Page 1 of 32 12345...»