Month: April 2019

0 Comments
Open source and information security applications go together like peanut butter and jelly. The transparency provided by open source in infosec applications — what they monitor and how they work — is especially important for packet sniffer and intrusion detection systems (IDSes) that monitor network traffic. It may also help explain the long-running dominance of
0 Comments
App developer DO Global, a Chinese developer partly owned by Baidu that generates over a half billion installs, has been banned from Google Play after the store received reports the apps were part of an ad fraud scheme, according to BuzzFeed News. As of April 26, 46 apps from DO Global had reportedly been removed from
0 Comments
by John E Dunn After more than 20 years of steady improvement, the US National Institute of Standards and Technology (NIST) thinks it has reached an important milestone with something called Combinatorial Coverage Measurement (CCM). Part of a research toolkit called Automated Combinatorial Testing for Software (ACTS), CCM is an algorithmic approach used to test software
0 Comments
Logging onto a free Wi-Fi network can be tempting, especially when you’re out running errands or waiting to catch a flight at the airport. But this could have serious cybersecurity consequences. One popular Android app, which allowed anyone to search for nearby Wi-Fi networks, was recently left exposed, leaving a database containing over 2 million network passwords unprotected.
0 Comments
After Facebook alerted the Data Protection Commission (DPC) that it had found hundreds of millions of user passwords stored in its internal servers in plain text format, DPC launched an investigation to determine whether the company had acted in compliance with the General Data Protection Regulation (GDPR), according to an April 25 press release. According
0 Comments
Thirty years ago, Tim Berners-Lee set out to accomplish an ambitious idea – the World Wide Web. While most of us take this invention for granted, we have the internet to thank for the technological advances that make up today’s smart home. From smart plugs to voice assistants – these connected devices have changed the
0 Comments
Whatever happened to the ethics of engineering? We’ve seen just one disastrous news story after another these past few years, almost all knowable and preventable. Planes falling out of the sky. Nuclear power plants melting down. Foreign powers engorging on user data. Environmental testing thrashed. Electrical grids burning states to the ground. The patterns are
0 Comments
The Hong Kong branch of Amnesty International has reportedly been the target of a sophisticated state-sponsored attack believed to have been carried out by a group of hostile threat actors within the Chinese government. An April 25 press release from Amnesty International said the cyber-attack was detected on March 15, 2019, after monitoring tools identified
0 Comments
The notorious six-digit string continues to ‘reign supreme’ among the most-hacked passwords An analysis of the 100,000 most-commonly re-occurring breached passwords confirms that ‘123456’ is the undisputed king of atrocious passwords. Using data from Have I Been Pwned (HIBP), a website that allows users to check if their email addresses or passwords have appeared in
0 Comments
Tesla,  Elon Musk and the U.S. Securities and Exchange Commission reached an agreement Friday that will give the CEO freedom to use Twitter —within certain limitations — without fear of being held in contempt for violating an earlier court order. Musk can tweet as he wishes except when it’s about certain events or financial milestones. In
0 Comments
After years of requesting a seat at the table, cybersecurity professionals are starting to feel that they see eye to eye with their stakeholders, according to a new report. The AT&T cybersecurity report surveyed 733 security experts at the RSA 2019 conference and found that the vast majority of respondents feel mostly or somewhat in
0 Comments
by Danny Bradbury The National Security Agency (NSA) has asked to end its mass phone surveillance program because the work involved outweighs its intelligence value, according to reports this week. Sources told the Wall Street Journal that the NSA has recommended the White House terminates its call data records (CDR) program. The logistics of operating
0 Comments
Many breaches start with an “own goal,” an easily preventable misconfiguration or oversight that scores a goal for the opponents rather than for your team. In platform-as-a-service (PaaS) applications, the risk profile of the application can lure organizations into a false sense of security. While overall risk to the organization can be lowered, and new capabilities otherwise
0 Comments
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called “Plugin Vulnerabilities“—that recently gone rogue in order to protest against moderators of the WordPress’s official support
0 Comments
On the good news front, the FBI notes the success of its newly-established team in recovering some of the funds lost in BEC scams Losses emanating from Business Email Compromise (BEC) and Email Account Compromise (EAC) scams reached nearly US$1.3 billion in 2018, which was nearly double the amount (US$675 million) lost in the year