[unable to retrieve full-text content]
Democrats are favored to gain control of the House of Representatives in this year’s midterm elections, according to the FiveThirtyEight forecast model. But — a very FiveThirtyEight-ish sentence follows — the range of possible outcomes is wide and Democrats’ prospects are far from certain. Relatively small shifts could allow Republicans to keep control of the House, or could turn a blue wave into a tsunami.
In response to new research findings from Risk Based Security that over 2.6 billion records have been exposed in 2,300 data breaches so far this year, with fraud accounting for 47.5 percent of exposed records and while hacking accounting for 54.6 percent of all reported breaches, experts with OneSpan and NuData Security offer perspective.
An Australian teenager has admitted hacking into Apple’s internal network and stealing 90 GB worth of files.
New research from Avast (LSE: AVST), the global leader in cybersecurity products, found more than 49,000 Message Queuing Telemetry Transport (MQTT) servers publicly visible on the internet due to a misconfigured MQTT protocol. This includes more than 32,000 servers with no password protection, putting them at risk of leaking data. The MQTT protocol is used to interconnect and control smart home devices, via smart home hubs. When implementing the MQTT protocol, users set up a server. In the case of consumers, the server usually lives on a PC or some mini computer such as Raspberry Pi, to which devices can connect to and communicate with.
By Amina Bashir and Mike Mimoso, Flashpoint
Chatbots are becoming a useful customer interaction and support tool for businesses. These bots are powered by an artificial intelligence that allows customers to ask simple questions, pay bills, or resolve conflicts over transactions; they’re cheaper than hiring more call centre personnel, and they’re popping up everywhere.
On Wednesday 15th August, the Financial Conduct Authority (FCA) enforced new rules requiring providers of personal and business accounts to publish information that will help current customers to compare bank accounts from different providers. Banks will have to report major operational and security incidents that have taken place and disclose whether 24-hour customer helplines are available.
As we had the previous week SegmentSmack (CVE-2018-5390) allowing remote DoS attacks by sending crafted TCP packets, this week a similar vulnerability has been reported on IP fragments.
The Trump administration has reportedly reversed an Obama-era framework for how and when the US can use cyber attacks against foes. President Trump undid Presidential Policy Directive 20 yesterday according to the Wall Street Journal’s sources, and with it reversed a classified framework detailing a multi-agency process that must be followed before carrying out an attack.
Made it to 100! And by pure coincidence, it aligned with the week where I’ve tuned out more than I ever have since gaining my independence which means there’s really not much to talk about. But I did want to share a little about the snow in Australia (turns out it’s not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.
Reports have surfaced detailing that hackers can falsify patients’ vitals by emulating data sent from medical equipment clients to central monitoring systems. The research, available here, takes advantage of a weak communications protocol used by some patient monitoring equipment to send data to a central monitoring station. The protocol is used in some of the most critical systems in hospitals, according to McAfee researchers. Even more concerning, McAfee was able to modify the vital sign data in real time, providing false information to medical personnel to make it look like a patient was flatlining. They were able to switch the display of a patient’s heartbeat from 80 beats a second to zero within five seconds.
[unable to retrieve full-text content]
As more organisations embark on the journey that is digital transformation, the ability to manage the digital identities is becoming more crucial — especially at a time when the Internet of Things (IoT) is redefining the concept of identity and access management (IAM). While traditional IAM was designed to manage employees’ information access authorisation, organisations soon began to use IAM to understand the interactions between their customers or employees and the company.
There is no ‘one-size-fits-all’ when it comes to compliance. Each regulation has a different focus, with different rules aligned to its individual purpose, sometimes with conflicting requirements. For example, financial institutions must comply with anti-money laundering (AML) and fraud regulations involving strict controls on transaction reporting. Yet AML compliance must be in line with GDPR which focuses on the capture, using, securing and discarding of customer personal data.
Following a warning by the FBI that cyber-criminals are planning a highly choreographed global attack on cash machines to fraudulently withdraw millions of dollars from customer bank accounts, IT security experts commented below.
President Donald Trump has rescinded a key policy directive that governs the approval process for cyberattacks conducted by the U.S. government, potentially opening the door to more offensive operations, an administration official familiar with the matter confirmed to CyberScoop.
With the introduction of Android v8.0 (Android Oreo) in August of 2017, among other OS improvements Google introduced its built-in malware protection for Android call Play Protect (dependent on Google Play Services 11 or later). Play Protect checks apps and APK files downloaded from Google Play or third-party sources, using real-time and on-demand scanners, while also providing safe browsing and device loss protections.
Palo Alto Networks Unit 42 is proud to announce that four of our researchers were named to the Microsoft Security Response Center (MSRC) “Top 100 Security Researchers List” for 2018. This is the third year Unit 42 researchers have been included in this prestigious list, which is announced every year at Black Hat. This year’s Unit 42 winners are:
As trade tensions between China and the U.S. heated up earlier this year, an Alaskan trade delegation visited China in late May. Immediately following that trip, companies and government organizations in Alaska experienced a dramatic spike in network reconnaissance activities from inside a top Chinese university, according to the cybersecurity firm Recorded Future.