Cybersecurity |
Sponsored by |
M86 Security today released it's bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: "This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for 'covering their tracks' are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today." more
Russian government hackers are reported to be behind latest cyber-intrusions into the business systems of U.S. nuclear power and other energy companies with efforts to assess networks. more
Despite headlines now at least a couple of years old, the InfoSec world is still (largely) playing lip-service to the lack of security talent and the growing skills gap. The community is apt to quote and brandish the dire figures, but unless you're actually a hiring manager striving to fill low to mid-level security positions, you're not feeling the pain -- in fact, there's a high probability many see problem as a net positive in terms of their own employment potential and compensation. more
Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted." more
A new network of European telecommunication satellites will be active from 2024, following the green light by European Parliament. The Infrastructure for Resilience, Interconnectivity and Security by Satellite project is aimed at providing a secure communications infrastructure for EU government bodies and agencies, emergency services and European delegations around the world. more
Neil Schwartzman writes: Steven R. Chabinsky, Deputy Assistant Director, Cyber Division of the Federal Bureau of Investigation gave a keynote at the GovSec/FOSE Conference in Washington, D.C., March 23, 2010. Full text of the speech here. more
On 29 March 2024, an announcement was posted notifying the world that the Open-Source Software (OSS) package "xz-utils," which includes the xz data compression program and a library of software routines called "liblzma" and which is present in most Linux distributions, had been compromised. The insertion of the compromised code was done by "Jia Tan", the official maintainer of the xz-utils package. more
Security researchers have identified a new phishing attack method designed to trick users into surrendering confidential information after they have logged on to an online banking, brokerage, or other sensitive website. The technique, called In Session Phishing, can be used to inject into all major browsers legitimate looking Pop Up messages using malicious JavaScript that request passwords, account numbers, etc., on behalf of the trusted website. more
Public Interest Registry (PIR), a domain registration and management service for the .org top-level domain, has partnered with the American Red Cross, aiming to combat online fraud, especially in the context of fundraising in emergencies. The collaboration seeks to increase internet safety and enhance public trust in online donations to charitable causes. more
In follow up to FCC's report that the agency's online comment system was subjected to multiple DDoS attacks over the weekend, U.S. federal lawmakers are demanding answers as to what exactly happened. more
In the always interesting Lawfare blog, former FBI counsel Jim Baker in a piece called Rethinking Encryption reiterates his take on the encryption debates. There's a certain amount that makes me want to bang my head against the wall... But it's worth reading to remind us of what the other side is thinking, even with a lot of motivated reasoning that makes him conclude that Congress can pass some laws and the going dark problem will be solved. more
Experts, companies and civil society groups around the world ask governments to support strong encryption -- and reject proposals that would undermine the digital security it provides. more
With the COVID-19 health crisis evolving so quickly, it's hard to predict the extent of the long-term impact on business and the economy. While every business sector is facing different considerations, it's safe to say all are handling challenges from supply chain interruptions, rapid shifts to remote work, and massive changes in consumer spending and communication habits. more
Arbor Networks today released its Global DDoS Attack Data for the first half of 2016 affirming continued escalation in both the size and frequency of denial-of-service (DDoS) attacks. more
NASCAR team Circle Sport-Leavine Family Racing (CSLFR) disclosed today a ransomware infection incident that took place in April and nearly caused losing access to critical files worth about $2 million. more