Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Today’s Weekend Update is our 100th edition

Somehow we have published 100 of these Saturday cybersecurity news roundups.  Hope you have enjoyed them, and maybe learned a thing or two.  Leave a comment and the first 10 commentators will receive some WyzGuys swag.


Boeing 737-MAX Crashes Brought on by Flight Computers

A really scary article about what went ...

Continue Reading →
0

Does Microsoft’s Office365 Cloud Service Have Security Flaws?

Have you recently migrated to Microsoft Office 365 for your company email services?  US-CERT and CISA recently released  Analysis Report (AR19-133A) Microsoft Office 365 Security Observations that described several security flaws or weaknesses inherent in the default deployment of O365.

Here are the findings of that report.  The good news is that these are shortcomings with the default, out-of-box experience.  These issues can be corrected through configuration.  ...

Continue Reading →
0

Fallout, RIDL, ZombieLand, MDSUM and other MDS Vulnerabilities

Last year we covered the SPECTRE and MELTDOWN vulnerabilities that affected Intel processors.  This year security researchers have discovered a new series of vulnerabilities around the Microacrhitecture Data Sampling MDS process.  This vulnerability would allow an attacker to read data as it crossed the L1 and L2 data caches on the processor.   These vulnerabilities can affect cloud computing services, and be leveraged ...

Continue Reading →
0

Millions of Chinese-made IoT Devices Easily Hacked says Brian Krebs

If you bought a security camera, webcam, baby monitor, smart doorbell, digital video recorder or other IoT device manufactured in China, there is bad news.  Security flaws have been discovered that can easily  allow an attacker remote access, remote control, and password discovery on affected systems.  These devices can also be hijacked to use in a variety exploits including eavesdropping ...

Continue Reading →
0

Guest Post – Mobile App Security Threats and Secure Best Practices Part 2

A guest post by KC Karnes

Mobile App Security Exploit Examples: Painful Real-life Lessons

The climate around mobile app security is heating up.

Mobile app vulnerabilities are exploited every day, resulting in expensive data breaches and loss of public trust.

In this section, we will try to learn from the failures of other companies and highlight how real the threats outlined above can be.

Timehop Fails To Trust Two-Factor Authentication

Starting in December of 2017, TimeHop ...

Continue Reading →
0

Guest Post – Mobile App Security Threats and Secure Best Practices Part 1

A guest post by KC Karnes

Is your mobile app secure?

It shouldn’t come as a surprise that mobile apps are targeted by hackers, given the rapid adoption and increased usage globally. By some estimates, one out of every 36 mobile devices has high-risk apps installed.1

An even more sobering mobile app security statistic for businesses to hear: 71% of fraud transactions came from mobile apps and mobile browsers in ...

Continue Reading →
0

New Attacks Against SCADA, ICS, and Industrial Safety Control Systems

This can’t be good.  Klaxons sounding at the chemical plant only meant one thing, that the automatic safety systems were not working and that a dangerous explosion was immanent.  The explosion would release a toxic cloud of hydrogen sulfide gas that would kill everyone at the plant and hundreds of people living nearby.

A movie scene?  A spy novel plot?  Unfortunately not, this is an actual event that took place in ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tomorrow is World Backup Day

March 31 is World Backup Day.  Monday is April Fool’s Day.  Coincidence?  I think not.  I you are one of the hold-outs who is going to get around to it someday, today is your chance.


Google reveals BuggyCow macOS security flaw

Google’s Project Zero researchers have revealed a ...

Continue Reading →
0

The NSA Releases Reverse Engineering Tool

Here’s a kick in the head.  Your tax dollars at work in a way that may save you a bunch of money.  The National Security Agency has voluntarily released a software reverse engineering tool called Ghidra at the RSA security conference.  The NSA has been using this tool internally to take apart and analyze malicious code, and to find vulnerabilities in commercial ...

Continue Reading →
0
Page 5 of 15 «...34567...»