Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven’t yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild.
Excited to announce that this year’s The Europas Unconference & Awards is shaping up! Our half day Unconference kicks off on 3 July, 2018 at The Brewery in the heart of London’s “Tech City” area, followed by our startup awards dinner and fantastic party and celebration of European startups!
On May 25-26, hundreds of Europe’s best and brightest coders, hackers, tech makers and programmers will descend upon Paris to take part in TechCrunch Hackathon at VivaTech and compete for a €5,000 grand prize. But who are the people who will determine who gets that prize? Without further ado the judges for the TC Hackthon:
People sometimes forget that Facebook isn’t only in the social networking advertising business. For about four years, it’s been making a concerted effort to develop productivity tools for the enterprise, and the investments are starting to pay off.
The health care industry is one of the most attractive sectors to hackers. Not only do hospitals, doctor offices and other facilities store and have access to an array of patients’ personal information, but many organizations also have financial details on file to facilitate billing processes.
If breaches to electronic health record systems continue at their current pace, each and every American can expect their private medical data to be compromised at least once by 2024. Once adversaries obtain a patient’s health information (PHI), they can sell it to the highest bidder—leaving targets vulnerable to all manner of fraud and theft.Medical records aren’t just about health information, either. It often also includes highly sensitive info such as a patient’s address, driver’s license number, credit card information and social security number. So how do hackers get a hold of PHI in the first place? For the most part, ransomware is to blame.That’s why it is imperative that healthcare organizations go beyond check-box HIPAA compliance to truly secure their environment. They can do this by embracing end-to-end visibility and monitoring critical assets, including EHR systems—the repository of PHI.With the help of Tripwire solutions, healthcare organizations can implement the following best practices to protect sensitive patient data.Immediately recognize unauthorized changes in your EHR environmentTripwire Enterprise is the industry leader in File Integrity Monitoring (FIM) and change management. This means that you’ll always have deep visibility into each and every relevant change occurring in your environment.Many data breaches go unnoticed for long periods of time, but Tripwire Enterprise gives you the advantage of immediate knowledge about what changes are made, when they’re made and by whom—all while filtering out the noise of nonessential data.Avoid misconfigurations in your EHR environmentAn adequately hardened system is one of your best defenses against cyber adversaries. Reduce your attack surface with proper configuration management using the continuous monitoring capabilities of Tripwire Enterprise. Ninety-four percent of malicious data access takes place because of compromised servers.You can avoid catastrophic EHR breaches by understanding exactly how your assets are configured and protected to begin with. Critical configuration errors need immediate corrective measures, and Tripwire’s remediation capability provides guidance for rapid repair of non-compliant systems and security misconfigurations.Ensure continuous complianceTripwire Enterprise offers more than 800 out-of-the-box platforms and policies to keep your systems within compliance. Tripwire monitors systems for any unauthorized changes and misconfigurations to ensure health data is not compromised.Meet HIPAA Security Rule (Part 164) and receive alerts when your systems drift out of compliance. Tripwire helps you ensure the confidentiality, integrity and availability of your “electronic protected health information” as required by the HIPAA regulations.Register for the upcoming webinar “Electronic Health Record Systems Under Attack” today and join us on May 31, 2018, from 11:00 a.m. – 12:00 p.m. PDT to learn valuable strategies from Tripwire experts on how to protect and secure these critical assets.
Speaking in front of EU lawmakers today Facebook’s founder Mark Zuckerberg namechecked the GDPR’s core principles of “control, transparency and accountability” — claiming his company will deliver on all that, come Friday, when a new European Union data protection framework, GDPR, starts being applied, finally with penalties worth the enforcement.
Money money money money. Money.
A recent report on cyber attacks covered in ComputerWeekly found friendly terrain for hackers within the perimeter of internal banking networks. In other words, once you’re in you’re really in.
The ongoing saga of the Spectre and Meltdown vulnerabilities has just taken a new turn. Discovered by Google Project Zero (GPZ) with the help of others, the attacks affected everything from desktops, laptops and mobile devices to infrastructure-as-a-service. These flaws are present in nearly all modern microprocessors and could allow an attacker to access privileged memory by abusing a feature called speculative execution. We’ve been following the ongoing developments of these vulnerabilities from their first disclosure back in January 2018. The vulnerability has continued to evolve – variants of Spectre have surfaced utilizing the speculative execution or side-channel attack method called CVE-2018-3639 and less dangerous CVE-2018-3640.
In the wake of the White House’s decision to eliminate its top cybersecurity position, a Department of Homeland Security official has called on the U.S. government to robustly engage on cyber policy issues on the world stage.
Attackers can obtain unauthorized access to financial applications at 58 percent of banks
By The Recorded Future Team on May 22, 2018
- Vulnerability scanners are a valuable tool, but they don’t provide the information necessary to prioritize remediation work.
- Many organizations rely completely on scan results, and are routinely left defenseless against serious vulnerabilities.
- Internal data, even when combined with vulnerability databases, is not enough to inform truly risk-based decisions.
- Comprehensive threat intelligence provides the context necessary to take the guesswork out of vulnerability management.
On the face of things, vulnerability management seems simple enough.
96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.
Welcome to FiveThirtyEight’s weekly politics chat. The transcript below has been lightly edited.
The first thought that popped into your head as soon as you read this article’s headline was likely something along the lines of “Wait, I thought we were still waiting on 5G.” And that’s true: This is the year 5G deployment is finally picking up steam.
A subreddit dedicated to hacking and hackers. What we are about: constructive collaboration and learning about exploits, industry standards, grey and white hat hacking, new hardware and software hacking technology, sharing ideas and suggestions for small business and personal security.
Good news: President Donald Trump has apparently stopped using an old Android phone, which is probably one of the easiest targets for a hacker to own. Bad news: despite using presumably up-to-date iPhones, his operational security, or “OPSEC,” is still terrible.
This post is authored by Jeremy Dallman, Principal Program Manager.
Your mobile phone is giving away your approximate location all day long. This isn’t exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers in the United States — AT&T, Sprint, T-Mobile and Verizon — are selling this location information to third party companies — in real time — without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected.