A new hacking technique has been found affecting MikroTik routers and making use of the CVE-2018-14847 bug. The new findings shows that the bug needs to be reassigned to a critical level. Our article gives an overview of the problem.
Sidewalk Labs, a Google sister company under Alphabet’s large umbrella, is planning to redevelop a 12-acre plot of land in Toronto as a sensor-laden “smart city” that will include novel city design and, privacy and digital rights advocates worry, some new ideas for corporate surveillance too.
Gather round. The EU has a plan for a big update to privacy laws that could have a major impact on current Internet business models.
A subreddit dedicated to hacking and hackers. What we are about: constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.
“The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us,” it said. Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips. “I got on the phone with him personally and said, ‘Do you know anything about this?,” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.'”
Four Elon Musk tweets. One Securities and Exchange Commission lawsuit. Two settlement offers. Then some more Musk tweets taunting the SEC.
Homeland Security has said it has “no reason to doubt” statements by Apple, Amazon and Supermicro denying allegations made in a Bloomberg report published earlier this week.
Where I live, in Cambridge, Mass., the public Cambridge Rindge and Latin High School gives out free Chromebooks to every one of the more than 2,000 teens in the school, in a bid to close the digital divide between families who can afford to buy computers for their children and those who can’t… Cambridge isn’t unique. According to a 2017 article in The New York Times, “More than half the nation’s primary- and secondary-school students — more than 30 million children — use Google education apps like Gmail and Docs… And Chromebooks, Google-powered laptops that initially struggled to find a purpose, are now a powerhouse in America’s schools. Today they account for more than half the mobile devices shipped to schools….”
The BBC has reported that default passwords such as “admin” and “password” will be illegal for electronics firms to use in California from 2020. The state has passed a law that sets higher security standards for net-connected devices made or sold in the region. It demands that each gadget be given a unique password when it is made. Before now, easy-to-guess passwords have helped some cyber-attacks spread more quickly and cause more harm.
Anthony James is vice president at CipherCloud and former CMO at TrapX, whose researchers previously discovered the Chinese-generated Zombie Zero nation‐state sponsored Zero Day attack.
Reached by BuzzFeed News multiple Apple sources — three of them very senior executives who work on the security and legal teams — said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them. A senior security engineer directly involved in Apple’s internal investigation described it as “endoscopic,” noting they had never seen a chip like the one described in the story, let alone found one. “I don’t know if something like this even exists,” this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. “We were given nothing. No hardware. No chips. No emails.” Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation — Bloomberg wrote that Apple “reported the incident to the FBI.” A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person’s purview and responsibilities are of such a high level that it’s unlikely they would not have been aware of government outreach.
Thousands of Burgerville customers have been informed that critical credit and debit card information may have been compromised during a cyberattack in late August. The Vancouver-based fast-food chain says anyone who used plastic at its restaurants between September 2017 through last week should carefully watch their card statements for unauthorized charges. In addition, the chain recommends customers obtain a copy of their credit report to look for unauthorized information and consider freezing their credit. Commenting on the news are the following security experts:
Five out of six name brand routers, such as Linksys, NETGEAR and D-Link, contain known open-source vulnerabilities according to a report by the American Consumer Institute on router safety.
Threat intelligence and penetration testing team finds local privilege escalation issue in network monitoring software
Yesterday the UK and several other nations released statements regarding the recent cyber-attacks and linking them to a foreign military unit, saying they are operating under different names including Sednit.
We are pleased to announce the conclusion of the fifth annual
Flare-On Challenge. The numbers are in and we can safely say that this
was by far the most difficult challenge we’ve ever hosted. We plan to
reduce the difficulty next year, so it may be that the 114 people who
solved this year’s challenge solved not only the most difficult
Flare-On to date, but the most difficult Flare-On there ever will be.
The prize for these amazing and dedicated Reverse Engineers is a magic
decoder buckle and coin insert. It can be used to decode and encode
secret messages using a pre-shared key. It is based on a crypto system
known as a Diana Cipher. They will be shipping soon.
So, the other day, I got one of the strangest e-mails I think I’ve ever received. We’ve talked about the spams where the attacker uses a password found from a previous password breach, but this one was even stranger. In this case, the author promised to stop spamming me if I would send a payment to a specific cryptocurrency wallet. I’m not sure about the business model behind this. Needless to say, I didn’t pay and I haven’t yet looked to see if anyone has sent money to that wallet. What I did was add a new spamassassin rule to send e-mails like these straight to the bit bucket. Can any of of readers explain this one to me? I know that we as security professionals often (unfairly and inappropriately) joke about users being the weakest link in our security programs (probably worth a diary of its own at some point), but even my parents wouldn’t fall for this one (or worst case, calling and asking me about it before they clicked). Have any of the rest of you seen this or any other really odd spam or extortion attempts? If you have specific e-mails you want to share with us use our contact form.
As part of Unit 42’s ongoing threat research, we can now disclose that Palo Alto Networks Unit 42 researchers have discovered ten vulnerabilities addressed by the Adobe Product Security Incident Response Team (PSIRT) as part of their October 2018 APSB18-30 security update release.
When consumers think of search, they mainly think of Google, but under the hood of enterprises and other organizations, there are hundreds of other kinds of challenges that require search technology. Today, one of the bigger companies providing search functionality, Elastic, saw just how valuable that business can be, by way of a very strong debut as a public company. Elastic today opened up at $70, a pop of 94 percent on its initial public offering at $36 on Thursday night, and after an active day of trades, $70 is where it closed, too.