Month: June 2019

0 Comments
FedEx is suing the United States Department of Commerce, claiming that it has been “essentially deputize[d]” to enforce its trade blacklist. The lawsuit comes a month after Huawei said it is reassessing its relationship with the delivery giant after several packages meant for shipment within Asia were instead diverted, or erroneously marked for delivery, to
0 Comments
A new cryptocurrency-mining botnet malware is abusing Android Debug Bridge (ADB) and SSH, according to Trend Micro.   “This attack takes advantage of the way open ADB ports don’t have authentication by default, similar to the Satori botnet variant. This bot’s design allows it to spread from the infected host to any system that has
0 Comments
Rising tensions between Iran and the U.S. have put enterprises at increased risk of cyberthreats. Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), issued a statement over the weekend saying his agency was aware of a recent increase in Iranian cyberattacks from “regime actors and proxies” against both
0 Comments
by John E Dunn Remember last week’s urgent warning over a Firefox remote code execution zero-day vulnerability – CVE-2019-11707 – that criminals were said to be exploiting in real-world attacks? Two days later, it emerged that there was a second sandbox escape zero-day flaw, CVE-2019-11708, being used in conjunction with this as part of an
0 Comments
RDP on the Radar Recently, McAfee released a blog related to the wormable RDP vulnerability referred to as CVE-2019-0708 or “Bluekeep.” The blog highlights a particular vulnerability in RDP which was deemed critical by Microsoft due to the fact that it exploitable over a network connection without authentication. These attributes make it particularly ‘wormable’ –
0 Comments
The infiltration was only spotted and stopped after the hackers roamed the network undetected for almost a year The United States’ National Aeronautics and Space Administration, better known as NASA, suffered a security incident recently that saw hackers make off with sensitive data relating to the agency’s Mars missions, including details about the Curiosity rover.
0 Comments
Following the latest critical update for Firefox, the Tor Project today released an updated version of its anonymity and privacy browser to patch the same Firefox vulnerability in its bundle. Earlier this week, Mozilla released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical actively-exploited vulnerability (CVE-2019-11707) that could allow attackers to remotely
0 Comments
Canada’s largest credit union and one of the world’s largest banks, Desjardins, published a security advisory after a former employee gained unauthorized access to the data of 2.9 million members. The former employee was fired as a result of the security breach. In a statement posted on its website, the bank said, “The investigation quickly
0 Comments
Web developers increasingly rely on Git to manage their source code, but they should also consider the importance of Git repository security. Most web projects today use the Git source code control system, where Git repository metadata and packed versions of the files in the repository are stored in a hidden subdirectory named “.git”. When
0 Comments
As this blog goes live, Eoin Carroll will be stepping off the stage at Hack in Paris having detailed the latest McAfee Advanced Threat Research (ATR) findings on Process Reimaging.  Admittedly, this technique probably lacks a catchy name, but be under no illusion the technique is significant and is worth paying very close attention to.
0 Comments
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at least one thing in common? That’s OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on
0 Comments
There is so much to write about Libra, and so much which has already been written misses the mark, mostly, I think, because most pundits haven’t spent much time in the developing world, which is very clearly the target market here. Just look at its launch video: [embedded content] I’ve seen apocalyptic reactions warning of
0 Comments
This week, a young, New York-based startup called Alma raised $8 million in funding to expand its “co-practicing community of therapists, coaches, and wellness professionals,” which it first launched from a space on Madison Avenue last fall. As CNN was first to report, the company is charging psychiatrists, psychologists, clinical social workers and acupuncturists $165
0 Comments
Dell has released a security alert letting customers know that they should update SupportAssist for both business and home PCs. The vulnerability was discovered by SafeBreach security researcher Peleg Hadar, who wrote that the OEM software vulnerability puts multiple laptops at risk. PC-Doctor, which makes and maintains the software-repair tool wrote that it had recently learned
0 Comments
North American homes have the highest density of internet of things (IoT) devices of any region in the world, according to researchers at Stanford University and Avast. Together, Stanford University and Avast have published findings of their research in a paper entitled All Things Considered, which analyzes the global state of IoT. The survey was based
0 Comments
Biometric authentication is sometimes predicted to be a replacement for passwords that have long been considered too weak to provide true security. So far, though, biometrics have mostly been used as one part of two- or multifactor authentication as enterprises have been slow to widely adopt biometrics capabilities. Biometric authentication systems capture data, usually encrypt
0 Comments
When it comes to the gods of finance, few people reach the stratosphere of Ray Dalio . The founder of Bridgewater, the investment firm that has grown to manage $150 billion in assets, Dalio is one of the most successful financial entrepreneurs of his generation, and indeed, of all time. While Dalio and Bridgewater are