Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tomorrow is World Backup Day

March 31 is World Backup Day.  Monday is April Fool’s Day.  Coincidence?  I think not.  I you are one of the hold-outs who is going to get around to it someday, today is your chance.


Google reveals BuggyCow macOS security flaw

Google’s Project Zero researchers have revealed a “high ...

Continue Reading →
0

The NSA Releases Reverse Engineering Tool

Here’s a kick in the head.  Your tax dollars at work in a way that may save you a bunch of money.  The National Security Agency has voluntarily released a software reverse engineering tool called Ghidra at the RSA security conference.  The NSA has been using this tool internally to take apart and analyze malicious code, and to find vulnerabilities in commercial software ...

Continue Reading →
0

Docker Vulnerability Allows Crypto-Miner Access

If you are running a fleet of virtual machines using popular containerization solution Docker, you may be in for a nasty surprise.  A couple of vulnerabilities have been discovered in Docker that has been exploited by cyber-criminals to run the Monero crypto-currency miner on affected Docker containers.  This will of course have a serious impact on performance, and in an environment where billing is usage based, this will increase your costs.

Security ...

Continue Reading →
0

Computer and Networking Shortcuts Create Vulnerabilities

Most victims of cyber-crime created the vulnerabilities that allowed their computer, network, email account, website, or other service get hijacked.  In many cases, especially in the consumer or small business networking environments, they just don’t know what to do, or what to be looking for.  But even in business network environments where IT professionals have been in charge of operations, decisions ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


620 million records from 16 websites listed for sale on the Dark Web

The Register reports that a seller on the Dream Market – a Dark Web marketplace hidden by the encrypted layers of Tor – began offering 16 stolen databases with 620 million accounts.


First it was location, now every app wants your contacts

Why do app developers ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Computer Programmer Who Ran a Global Drug Trafficking Empire

A new book uncovers the intricacies of Paul Le Roux’s cartel and how it fueled the opioid epidemic ravaging the U.S. today.  This facinating story is covered in detail on the Smithsonian website.  Or read Evan Ratliff’s new book The Mastermind.  I did, and the ...

Continue Reading →
0

New Container Security Bug – Fix Now!

Virtualization and containerization technologies allow developers, pentesters, network admins and server admins to create multiple virtual instances of a computer system, running inside the actual, physical host system.  This is an easy way to quickly deploy and manage dozens or even hundreds of systems used in a learning lab, test network, or even to run full fledged user systems on a single server.

Virtual machines (VM) are created using hypervisor products such ...

Continue Reading →
0

Recovering From A Cybersecurity Incident

Ever feel like there should be a 12-step program for your cybersecurity career?  “Hello, I’m Bob and I’m a recovering cybersecurity professional.”  Doing the same old “defense in depth” stuff and still the barbarians get onto your network and wreak havoc.  Remember the definition of insanity?  “Doing the same thing and expecting different results.”  As with any 12-step program, the first step would ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Home Routers Lack Basic Linux Security

More disconcerting news for router owners – a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.

CITL (Cyber Independent Testing Laboratories) says it made this unexpected discovery after analysing firmware images from Asus, ...

Continue Reading →
0

Autonomous Vehicles Will Decide Who Gets Killed

In a not too distant future, you may be riding in an autonomous vehicle that is forced to decide between running over a pedestrian or a bicyclist.  Or whether to crash into a tree or another automobile.  It may make a decision you are not particularly happy with.  These decisions will rely on “artificial intelligence” built into these cars.  These decisions are being programmed right now by developers of autonomous vehicles.  ...

Continue Reading →
0
Page 2 of 11 12345...»