Fallout, RIDL, ZombieLand, MDSUM and other MDS Vulnerabilities

Last year we covered the SPECTRE and MELTDOWN vulnerabilities that affected Intel processors.  This year security researchers have discovered a new series of vulnerabilities around the Microacrhitecture Data Sampling MDS process.  This vulnerability would allow an attacker to read data as it crossed the L1 and L2 data caches on the processor.   These vulnerabilities can affect cloud computing services, and be leveraged by ...

Continue Reading →
0

Millions of Chinese-made IoT Devices Easily Hacked says Brian Krebs

If you bought a security camera, webcam, baby monitor, smart doorbell, digital video recorder or other IoT device manufactured in China, there is bad news.  Security flaws have been discovered that can easily  allow an attacker remote access, remote control, and password discovery on affected systems.  These devices can also be hijacked to use in a variety exploits including eavesdropping through ...

Continue Reading →
0

Guest Post – Mobile App Security Threats and Secure Best Practices Part 2

A guest post by KC Karnes

Mobile App Security Exploit Examples: Painful Real-life Lessons

The climate around mobile app security is heating up.

Mobile app vulnerabilities are exploited every day, resulting in expensive data breaches and loss of public trust.

In this section, we will try to learn from the failures of other companies and highlight how real the threats outlined above can be.

Timehop Fails To Trust Two-Factor Authentication

Starting in December of 2017, TimeHop was ...

Continue Reading →
0

Guest Post – Mobile App Security Threats and Secure Best Practices Part 1

A guest post by KC Karnes

Is your mobile app secure?

It shouldn’t come as a surprise that mobile apps are targeted by hackers, given the rapid adoption and increased usage globally. By some estimates, one out of every 36 mobile devices has high-risk apps installed.1

An even more sobering mobile app security statistic for businesses to hear: 71% of fraud transactions came from mobile apps and mobile browsers in the ...

Continue Reading →
0

New Attacks Against SCADA, ICS, and Industrial Safety Control Systems

This can’t be good.  Klaxons sounding at the chemical plant only meant one thing, that the automatic safety systems were not working and that a dangerous explosion was immanent.  The explosion would release a toxic cloud of hydrogen sulfide gas that would kill everyone at the plant and hundreds of people living nearby.

A movie scene?  A spy novel plot?  Unfortunately not, this is an actual event that took place in Saudi ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tomorrow is World Backup Day

March 31 is World Backup Day.  Monday is April Fool’s Day.  Coincidence?  I think not.  I you are one of the hold-outs who is going to get around to it someday, today is your chance.


Google reveals BuggyCow macOS security flaw

Google’s Project Zero researchers have revealed a “high ...

Continue Reading →
0

The NSA Releases Reverse Engineering Tool

Here’s a kick in the head.  Your tax dollars at work in a way that may save you a bunch of money.  The National Security Agency has voluntarily released a software reverse engineering tool called Ghidra at the RSA security conference.  The NSA has been using this tool internally to take apart and analyze malicious code, and to find vulnerabilities in commercial software ...

Continue Reading →
0

Docker Vulnerability Allows Crypto-Miner Access

If you are running a fleet of virtual machines using popular containerization solution Docker, you may be in for a nasty surprise.  A couple of vulnerabilities have been discovered in Docker that has been exploited by cyber-criminals to run the Monero crypto-currency miner on affected Docker containers.  This will of course have a serious impact on performance, and in an environment where billing is usage based, this will increase your costs.

Security ...

Continue Reading →
0

Computer and Networking Shortcuts Create Vulnerabilities

Most victims of cyber-crime created the vulnerabilities that allowed their computer, network, email account, website, or other service get hijacked.  In many cases, especially in the consumer or small business networking environments, they just don’t know what to do, or what to be looking for.  But even in business network environments where IT professionals have been in charge of operations, decisions ...

Continue Reading →
0
Page 1 of 11 12345...»