News


  • Critical Flaws Found in Amazon FreeRTOS IoT Operating System

    October 18, 2018

    A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has ...

  • How Shodan helps identify ICS cybersecurity vulnerabilities

    October 18, 2018

    An industrial control system is essentially a collection of computers that monitor and control industrial systems. They make the world move and help with everything from food processing to transportation to running the espresso maker at your local Starbucks. The challenge is an industrial control system (ICS) can be readily attacked by advanced persistent threat groups, ...

  • Simplifying identity and access management for more businesses

    October 17, 2018

    Effective identity management underpins the modern enterprise, and Google has been hard at work to provide simple, secure solutions for administrators and developers. In March, we launched Cloud Identity to help customers manage users, devices and apps from a central console. In July, we announced context-aware access, an innovative approach to access management that implements many elements of Google’s BeyondCorp ...

  • CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows

    October 17, 2018

    Trend Micro found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. We’ve worked ...

  • GreyEnergy: New malware campaign targets critical infrastructure companies

    October 17, 2018

    The hacking group which took down Ukrainian power grids is systematically targeting critical infrastructure in Ukraine and beyond in what security researchers believe could be cyber espionage and reconnaissance ahead of future attacks. Dubbed GreyEnergy by researchers at ESET, the group is believed to have been active over the last three years and to be linked to ...

  • Multiple D-Link Routers Open to Complete Takeover with Simple Attack

    October 17, 2018

    The vendor only plans to patch two of the eight impacted devices, according to a researcher. Eight D-Link routers in the company’s small/home office “DWR” range are vulnerable to complete takeover – but the vendor said it is planning on only patching two, according to a researcher. Błażej Adamczyk of the Silesian University of Technology in Poland ...

  • LibSSH Flaw Allows Hackers to Take Over Servers Without Password

    October 16, 2018

    A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving ...

  • UK National Cyber Security Centre Reveals Scale Of Cyber Attacks

    October 16, 2018

    Two year since its launch, NCSC helped the UK against almost 1,200 cyber attacks, most carried out by hostile nation states The UK’s National Cyber Security Centre (NCSC) has revealed that it helps the country fend off at least ten cyber attacks a week, most of which come from state-sponsored hackers employed by hostile nation states. This ...

  • Octopus Trojan exploits Telegram ban fears to snag diplomatic targets across Asia

    October 15, 2018

    Researchers have uncovered the Octopus Trojan in a wave of cyberattacks being launched against diplomatic entities across central Asia. According to cybersecurity firm Kaspersky Lab, the targeted campaign has used the recent ban of Telegram messenger across Russia and reported attempts to ban the service across some former Soviet areas such as Kazakhstan to dupe victims into believing ...

  • In County Crippled by Hurricane, Water Utility Targeted in Ransomware Attack

    October 15, 2018

    The Emotet Trojan is behind a crippling ransomware attack that hit the Onslow Water and Sewer Authority. A “critical water utility” has been targeted in a recent ransomware attack, significantly impeding its ability to provide service in the week after Hurricane Florence hit the East Coast of the U.S. The Onslow Water and Sewer Authority (ONWASA) said ...

  • UK MoD secrets exposed in dozens of cyber security breaches

    October 15, 2018

    Ministry of Defence secrets were exposed in dozens of breaches of military cyber security policy last year, as hostile nations and spy agencies continue to probe the UK’s defence sector. Heavily redacted reports obtained by Sky News have revealed that the MoD and its partners failed to protect military and defence data in 37 incidents in ...

  • The Cybersecurity 202: The U.S. needs a law that requires companies to disclose data breaches quickly, cybersecurity experts say

    October 15, 2018

    A slight majority of digital security experts surveyed by The Cybersecurity 202 say the United States should follow in the European Union’s footsteps and pass a law that requires companies to disclose data breaches quickly. Europe’s General Data Protection Regulation requires companies with customers in the E.U. to notify regulators of a breach within 72 hours or face a severe ...

  • Up to 35 Million 2018 Voter Records For Sale on Hacking Forum

    October 15, 2018

    Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web. Up to 35 million voter records have been found up for sale on a popular hacking forum from 19 states, researchers discovered. Researchers at Anomali Labs and Intel 471 on Monday said that they discovered Dark Web communications offering a ...

  • Pentagon discloses card breach

    October 13, 2018

    Pentagon official said on Friday that the Department of Defense had suffered a security breach thanks to a third-party contractor. An investigation is still underway, so the exact details haven’t been made public, but according to an Associated Press report, a DOD official said that roughly 30,000 DOD military and civilian personnel are believed to be affected. ...

  • Hungary increases its scientific cooperation with NATO

    October 12, 2018

    Scientists and other experts from NATO and Hungary discussed future projects of cooperation at the NATO Science for Peace and Security (SPS) Programme Information Day held in Budapest on 11 October 2018. ungary is currently leading an SPS project in the area of chemical, biological, radiological and nuclear (CBRN) defence. The multi-year initiative aims to develop ...

  • Facebook mass hack last month was so totally overblown – only 30 million people affected

    October 12, 2018

    Facebook users can relax and get back to interacting with quality content and authentic individuals on the social network. Last month’s deliberate theft of private account records from the internet giant, initially believed to affect 50 million or maybe 90 million accounts, turns out to be nowhere near that bad. Cough. On Friday, the data-harvesting biz said a mere 30 ...

  • Facebook Bans More Than 800 Accounts in Disinformation Purge

    October 12, 2018

    The move comes a month before the November midterm elections – and at a time when all eyes are on Facebook to see how it protects against disinformation. Facebook on Thursday announced it has removed hundreds of pages and accounts as the company cracks down on spam. The move comes at a time when Facebook is ...

  • DASA new competition: Behavioural Analytics

    October 11, 2018

    The Defence and Security Accelerator is seeking proposals that can help UK Defence and Security to develop capability in ‘Behavioural Analytics’. This Defence and Security Accelerator (DASA) competition is seeking proposals that can help UK Defence and Security to develop capability in ‘Behavioural Analytics’. We are looking for scientific and technological solutions that can provide context-specific ...

  • New Drupalgeddon Attacks Enlist Shellbot to Open Backdoors

    October 11, 2018

    Drupalgeddon 2.0 vulnerability is being exploited again by attackers using a time-honored technique of Shellbot, or PerlBot. Researchers are warning of a new wave of cyberattacks targeting unpatched Drupal websites that are vulnerable to Drupalgeddon 2.0. What’s unique about this latest series of attacks is that adversaries are using PowerBot malware, an IRC-controlled bot also called ...

  • Innovative Phishing Tactic Makes Inroads Using Azure Blob

    October 10, 2018

    A brand-new approach to harvesting credentials hinges on users’ lack of cloud savvy. A fresh tactic for phishing Office 365 users employs credential-harvesting forms hosted on Azure Blob storage – signed with legitimate Microsoft SSL certificates to lend an air of legitimacy. Azure Blob Storage is a cloud storage solution for hosting unstructured data such as images, ...