Docker Vulnerability Allows Crypto-Miner Access

If you are running a fleet of virtual machines using popular containerization solution Docker, you may be in for a nasty surprise.  A couple of vulnerabilities have been discovered in Docker that has been exploited by cyber-criminals to run the Monero crypto-currency miner on affected Docker containers.  This will of course have a serious impact on performance, and in an environment where billing is usage based, this will increase your costs.

Security ...

Continue Reading →
0

Computer and Networking Shortcuts Create Vulnerabilities

Most victims of cyber-crime created the vulnerabilities that allowed their computer, network, email account, website, or other service get hijacked.  In many cases, especially in the consumer or small business networking environments, they just don’t know what to do, or what to be looking for.  But even in business network environments where IT professionals have been in charge of operations, ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


620 million records from 16 websites listed for sale on the Dark Web

The Register reports that a seller on the Dream Market – a Dark Web marketplace hidden by the encrypted layers of Tor – began offering 16 stolen databases with 620 million accounts.


First it was location, now every app wants your contacts

Why do app ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Computer Programmer Who Ran a Global Drug Trafficking Empire

A new book uncovers the intricacies of Paul Le Roux’s cartel and how it fueled the opioid epidemic ravaging the U.S. today.  This fascinating story is covered in detail on the Smithsonian website.  Or read Evan Ratliff’s new book The Mastermind.  I ...

Continue Reading →
1

New Container Security Bug – Fix Now!

Virtualization and containerization technologies allow developers, pentesters, network admins and server admins to create multiple virtual instances of a computer system, running inside the actual, physical host system.  This is an easy way to quickly deploy and manage dozens or even hundreds of systems used in a learning lab, test network, or even to run full fledged user systems on a single server.

Virtual machines (VM) are created using hypervisor products ...

Continue Reading →
0

Recovering From A Cybersecurity Incident

Ever feel like there should be a 12-step program for your cybersecurity career?  “Hello, I’m Bob and I’m a recovering cybersecurity professional.”  Doing the same old “defense in depth” stuff and still the barbarians get onto your network and wreak havoc.  Remember the definition of insanity?  “Doing the same thing and expecting different results.”  As with any 12-step program, the first step ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Home Routers Lack Basic Linux Security

More disconcerting news for router owners – a new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.

CITL (Cyber Independent Testing Laboratories) says it made this unexpected discovery after analysing firmware images from ...

Continue Reading →
0

Autonomous Vehicles Will Decide Who Gets Killed

In a not too distant future, you may be riding in an autonomous vehicle that is forced to decide between running over a pedestrian or a bicyclist.  Or whether to crash into a tree or another automobile.  It may make a decision you are not particularly happy with.  These decisions will rely on “artificial intelligence” built into these cars.  These decisions are being programmed right now by developers of autonomous ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Holiday Scams and Malware Campaigns

11/19/2018 09:18 PM EST Original release date: November 19, 2018

As the holidays approach, NCCIC reminds users to be aware of seasonal scams and malware campaigns. Users should be cautious of unsolicited emails that contain malicious links or attachments with malware, advertisements infected with malware, and requests for donations from fraudulent charitable organizations, ...

Continue Reading →
0
Page 6 of 15 «...45678...»