Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 89

May 17, 2022

NIST updates guidance for defending against supply-chain attacks

Posted by in category: cybercrime/malcode

The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks.

Since 2020, NIST has released two draft documents on how the enterprise can better defend itself from supply-chain attacks.

Today, in response to Executive Order 14028: Improving the Nation’s Cybersecurity, NIST has published ‘Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations’ to provide guidance on identifying and responding to supply chain cybersecurity risks.

May 17, 2022

Almost 2 million Texans affected by Texas Department of Insurance data breach

Posted by in category: cybercrime/malcode

(Texas Tribune/KXAN) — A massive security breach at the Texas Department of Insurance leaked the personal information of almost 2 million Texans for nearly three years, according to a state audit released last week.

The department said the personal information of 1.8 million workers who have filed compensation claims — including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries — was accessible online to members of the public from March 2019 to January 2022.

Though personal information was compromised – the agency now says there’s no reason to believe the data was used.

May 16, 2022

CISA warns not to install May Windows updates on domain controllers

Posted by in category: cybercrime/malcode

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it.

This security bug is an actively exploited Windows LSA spoofing zero-day tracked as CVE-2022–26925, confirmed as a new PetitPotam Windows NTLM Relay attack vector.

Unauthenticated attackers abuse CVE-2022–26925 to force domain controllers to authenticate them remotely via the Windows NT LAN Manager (NTLM) security protocol and, likely, gain control over the entire Windows domain.

May 16, 2022

Eavesdroppers can hack 6G frequency with DIY metasurface

Posted by in categories: cybercrime/malcode, engineering, internet

Crafty hackers can make a tool to eavesdrop on some 6G wireless signals in as little as five minutes using office paper, an inkjet printer, a metallic foil transfer and a laminator.

The wireless security hack was discovered by engineering researchers from Rice University and Brown University, who will present their findings and demonstrate the attack this week in San Antonio at ACM WiSec 2022, the Association for Computing Machinery’s annual conference on security and privacy in wireless and mobile networks.

“Awareness of a future threat is the first step to counter that threat,” said study co-author Edward Knightly, Rice’s Sheafor-Lindsay Professor of Electrical and Computer Engineering. “The frequencies that are vulnerable to this attack aren’t in use yet, but they are coming and we need to be prepared.”

May 15, 2022

Hackers Are Starting To Target EV Charging Stations

Posted by in category: cybercrime/malcode

As the world rapidly shifts to EV transport, the automotive industry is experiencing some major teething issues. The global charging network is having to keep pace with more and more EVs on the road, and as manufacturers expand their networks, cracks are starting to appear in their grand schemes. We recently reported that a long string of EV chargers outside of Moscow were hacked by Ukrainian programmers to display anti-war and anti-Putin messaging, and there have even been cases in the UK where charging station displays showed graphic images. Hacking EV infrastructure is becoming more commonplace, and it could be a bigger issue than many might think.

May 13, 2022

Microsoft Unveils New Cyber Cops to Combat Hacking Increase

Posted by in category: cybercrime/malcode

Microsoft announces new security category to combat rising cybercrime and a shortage of cybersecurity professionals.

May 13, 2022

Kathryn Coulter Mitchell — R&D For US Security & Resilience — Science & Technology Directorate — DHS

Posted by in categories: biotech/medical, cybercrime/malcode, government, policy, science

R&D & Innovation For U.S. Security & Resilience — Kathryn Coulter Mitchell, Acting Under Secretary for Science and Technology, DHS Science and Technology Directorate, Department of Homeland Security.


Kathryn Coulter Mitchell (https://www.dhs.gov/person/kathryn-coulter-mitchell), is Acting Under Secretary for Science and Technology (S&T), at the U.S. Department of Homeland Security, where as the science advisor to the Homeland Security Secretary, she heads the research, development, innovation and testing and evaluation activities in support of the Department of Homeland Security’s (DHS) operational Components and first responders across the nation.

Continue reading “Kathryn Coulter Mitchell — R&D For US Security & Resilience — Science & Technology Directorate — DHS” »

May 13, 2022

BPFdoor: Stealthy Linux malware bypasses firewalls for remote access

Posted by in categories: cybercrime/malcode, internet

A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years.

BPFdoor is a Linux/Unix backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device.

The malware does not need to open ports, it can’t be stopped by firewalls, and can respond to commands from any IP address on the web, making it the ideal tool for corporate espionage and persistent attacks.

May 10, 2022

US college forced to close after cyberattack, posts goodbye note

Posted by in category: cybercrime/malcode

A college in the US has announced it will be closing its doors very soon following the impact of a cyberattack in December 2021.

May 8, 2022

Apple, Google and Microsoft team up on passwordless logins

Posted by in categories: cybercrime/malcode, mobile phones

On the “World Password Day”, which was on May 5, Google, Microsoft and Apple joined hands to “kill” the password.

The three technology giants have vowed to create a future where your phone will be the primary source of online authentication. The new standard is being referred to as “muti-device FIDO credential”.

In a rare show of alliance, Apple, Google and Microsoft have joined forces to expand support for passwordless logins across mobile, desktop and browsers.

Continue reading “Apple, Google and Microsoft team up on passwordless logins” »

Page 89 of 220First8687888990919293Last