Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Serious D-Link router security flaws may never be patched

Six routers with serious security flaws are considered end of life (EOL) and may never be updated.  The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Symantec SSL Certificates No Longer Secure

If you have a Symantec certificate on your HTTPS website, Chrome 70 and Firefox 63 will both be disowning any web certificates signed by Symantec.  From this month forward, anyone with Chrome or Firefox who browses to a web page “secured” with a Symantec certificate will see an unequivocal warning insisting that ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


MS-ISAC Releases Advisory on PHP Vulnerabilities

10/12/2018 06:37 PM EDT  Original release date: October 12, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit some of these vulnerabilities to take control of an affected system.  NCCIC encourages users and administrators to review Continue Reading →

0

Problems with Password Manager Phone Apps

If you use a password manager app on your smartphone, it may be vulnerable to package name spoofing, which would allow the password manager’s autofill feature to enter your login credentials on a spoofed web form.  This vulnerability applies to popular apps from LastPass, Dashlane, Keeper, and 1Password.

I have been an advocate for password managers.  They are part of the solution to creating ...

Continue Reading →
0

What Might A Future Cyber-War Look Like?

We have entered the age of cyber war.   Believe it or not, cyber war operations are going on right now in many places across the globe.  Most of these operations are covert, and often hard to attribute directly to a particular nation-state or adversary.

Marc Cancian has written a gripping report titled Coping with Surprise in Great Power Conflicts.  It ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


[INFOGRAPHIC] Introducing The Psychology of Passwords

From LastPass – It feels like almost every day there’s another data breach in the news, or a case of user credentials up for sale on the Dark Web. Despite the headlines, and repeated warnings from experts about weak passwords and the dangers of password reuse, users have yet to change their online ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Microsoft disrupts Fancy Bear election meddlers

In a new skirmish, Microsoft took control of six internet domains that were about to be used by the group to spoof US political organizations.


SamSam: The (almost) $6 million ransomware

New research reveals that SamSam ransomware has affected far more victims, and raised far more ransom, than previously thought.


Continue Reading →
0

Inside Iran’s Operation Cleaver

While the US Cyber Command has been focusing on the Chinese, North Koreans, and the Russians, and their respective intrusions into the networks of US companies, energy utilities, our military, and government agencies, Iran has been creating a world-class cyber-ops unit of their own.  Details about what is being called “Operation Cleaver” has been released by security company Cylance.

The Iranian ...

Continue Reading →
0

Safe and Legal Places to Exercise Your Pen-Testing Foo

In our last post we looked at a great way to set up a pen-testing lab.  Fortunately, the quandary over finding a safe place to practice your pen-testing skills has led to the creation of dozens of hacker-friendly learning sites.  Several have been provided by OWASP, and there are other contributors out there with multiple sites.  Here are a bunch of good options.

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world (not just Russia) had the rare opportunity to crack election-style voting machines this weekend in Las Vegas.


Malicious Cyber Activity Targeting ERP Applications

07/25/2018 07:55 AM EDT  Original release date: July 25, 2018

Digital Shadows ...

Continue Reading →
0
Page 1 of 9 12345...»