Posts


Mar. 6, 2020

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

Top 10 Most Innovative Cybersecurity Companies After RSA 2020

10 most innovative cybersecurity companies that deserve your attention by their distinctive technical or scientific approach, value-proposition or long-term vision.

Source: thehackernews.com

Mar. 6, 2020

Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef

Alleged Vault 7 leaker trial finale: Want to know the CIA’s password for its top-secret hacking tools? 123ABCdef

Joshua Schulte stands accused of stealing the highly valuable materials directly from the CIA’s innermost sanctum and slipping them to WikiLeaks to share with the rest of the planet. Federal prosecutors have spent the past four weeks explaining exactly why they believe that to be the case. And Uncle Sam’s lawyers have developed a compelling case to send Schulte away for virtually the rest of his life.

Mar. 6, 2020

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

Over the past few years, owners of cars with keyless start systems have learned to worry about so-called relay attacks, in which hackers exploit radio-enabled keys to steal vehicles without leaving a trace. Now it turns out that many millions of other cars that use chip-enabled mechanical keys are also vulnerable to high-tech theft. A few cryptographic flaws combined with a little old-fashioned hot-wiring—or even a well-placed screwdriver—lets hackers clone those keys and drive away in seconds.

Mar. 6, 2020

Let’s Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let’s take time out

Let’s Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let’s take time out

Earlier this week, the non-profit certificate authority, which issues HTTPS certs for free, announced a plan to disable some three million certificates tainted by a software bug. The programming blunder, in Let’s Encrypt’s automated certificate management software, affects users who create a certificate for a domain and then, some days later, create more related certificates – the code bungled the rechecking process that needed to take place. Website owners were told to fix their certs as soon as possible because mass revocation would begin on March 4, at 16:00 PT (00:00 UTC).

Mar. 4, 2020

Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug

Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug

Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug Let’s Encrypt issued 3,048,289 TLS certificates without checking the CAA field for the requesting domain. More specifically, the bug impacted Boulder, the server software the Let’s Encrypt project uses to verify users and their domains before issuing a TLS certificate.

Source: zdnet.com

Mar. 3, 2020

Eric Schmidt: I Used to Run Google. Silicon Valley Could Lose to China.

Eric Schmidt: I Used to Run Google. Silicon Valley Could Lose to China.

Dr. Schmidt is the chairman of the National Security Commission on Artificial Intelligence and the Defense Innovation Board. He is the former chairman and C.E.O. of Google. Silicon Valley leaders may be putting too much faith in the private sector to ensure U.S. global leadership in new technology.

America’s companies and universities innovate like no other places on earth. We are garage start-ups, risk-taking entrepreneurs and intrepid scholars exploring new advances in science and technology. But that is only part of the story.

Mar. 3, 2020

Scientist sentenced to 2 years behind bars for stealing next-generation battery tech secrets

Scientist sentenced to 2 years behind bars for stealing next-generation battery tech secrets

The intellectual property had an estimated value of $1 billion to the US company it belonged to. A Chinese scientist has been issued a prison sentence of two years for stealing next-generation battery technology from his US employer. The former associate scientist, Hongjin Tan, has also been ordered to pay $150,000 in restitution and will spend three years on supervised release, the US Department of Justice (DoJ) said on Thursday.

Mar. 3, 2020

Here’s the File Clearview AI Has Been Keeping on Me, and Probably on You Too

Here’s the File Clearview AI Has Been Keeping on Me, and Probably on You Too

We used the California Consumer Privacy Act to see what information the controversial facial recognition company has collected on me. What goes unsaid here is that Clearview claims to do these things by building an extremely large database of photos of ordinary U.S. citizens, who are not accused of any wrongdoing, and making that database searchable for the thousands of clients to whom it has already sold the technology. I am in that database, and you probably are too.

Mar. 3, 2020

$1B to help telecom carriers to “rip and replace” Huawei and ZTE equipment

$1B to help telecom carriers to “rip and replace” Huawei and ZTE equipment

US Congress passed legislation offering $1 billion to help telecom carriers “rip and replace” equipment from Chinese giants Huawei and ZTE. On Thursday, US lawmakers have passed legislation that plans to give $1 billion to telecom carriers to “rip and replace” equipment from Chinese tech giants Huawei and ZTE.

Source: securityaffairs.co

Mar. 3, 2020

Swiss government submits criminal complaint over CIA Crypto spying scandal

Swiss government submits criminal complaint over CIA Crypto spying scandal

The complaint in question is centered around Operation Rubicon, the focus of a recent investigation by the Washington Post, ZDF, and SRF into Swiss company Crypto AG. Crypto AG is a seller of encoded and encrypted devices deemed suitable — and secure enough — for confidential government communications. It is estimated that over 100 governments worldwide have been counted as Crypto AG clients over the course of decades.

Mar. 3, 2020

Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices

Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims’ knowledge. Called ‘SurfingAttack,’ the attack leverages the unique properties of acoustic transmission in solid materials — such as tables — to ‘enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight.’

Mar. 3, 2020

Project Rubicon: The NSA Secretly Sold Flawed Encryption for Decades

Project Rubicon: The NSA Secretly Sold Flawed Encryption for Decades

There have been a few moments in the past few years, when a conspiracy theory is suddenly demonstrated to be based in fact. Once upon a time, it was an absurd suggestion that the NSA had data taps in AT&T buildings across the country. Just like Snowden’s revelations confirmed those conspiracy theories, a news in February confirmed some theories about Crypto AG, a Swiss cryptography vendor.

Mar. 3, 2020

Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

Karkoff 2020: a new APT34 espionage operation involves Lebanon Government

Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. Experts from Cybaze/ Yoroi Zlab spotted a new sample of the Karkoff implant that was employed in past campaigns associated with Iran-linked APT34 group. In November 2018, researchers from Cisco Talos tracked and detailed a “DNSEspionage” campaign against targets in Lebanon and UAE.

Mar. 3, 2020

Coder charged in massive CIA leak portrayed as vindictive

Coder charged in massive CIA leak portrayed as vindictive

A Manhattan jury heard conflicting portrayals of Joshua Schulte, a former CIA coder accused of sending the anti-secrecy group WikiLeaks a large portion of the agency’s computer hacking arsenal tools the agency had used to conduct espionage operations overseas. Schulte left a trail of evidence despite learned attempts to erase his digital fingerprints, Assistant U.S. Attorney Matthew Laroche said in closing arguments. Schulte became disgruntled at the CIA, he said, and took meticulous steps to plan and cover up the 2016 theft.

Mar. 2, 2020

Apple reportedly ditched plan for encrypted iCloud backup after FBI pressure

Apple reportedly ditched plan for encrypted iCloud backup after FBI pressure

The company wanted to offer people end-to-end encryption for iCloud two years ago, according to Reuters. Apple reversed course on a plan to enable people to fully encrypt backups of their iPhone data on its iCloud service after the FBI aired concerns that it would hurt investigations, Reuters reported Tuesday. About two years ago, Apple reportedly told the FBI it wanted to make hacking its cloud storage service more difficult by offering people end-to-end encryption.

Mar. 1, 2020

Pen Testing Ships

Pen Testing Ships

Partially driven by the upcoming inclusion of Cyber Security by the IMO (International Maritime Organisation), 2019 was a really busy year for maritime security testing at PTP. What can we all learn from a year of evaluating the security of ships? We’ve been involved in all sorts of ship testing, here are a few examples: What are the common (in)security themes we keep finding?

There is a distinct lack of understanding and interaction between IT and OT installers/engineers on board and in the yard. The OT systems are often accessible from the IT systems and vice versa, often through deliberate bypass of security features by those on board, or through poor design / poor password management / weak patch management.

Feb. 29, 2020

Facial recognition company Clearview AI hit by data theft

Facial recognition company Clearview AI hit by data theft

The controversial facial recognition company Clearview AI has notified its customers that a bad actor had “gained unauthorized access” to its entire customer list, which includes some of the most powerful law enforcement agencies in the United States. According to the notification obtained by the Daily Beast, the stolen information includes customer names, the user accounts that the customers had set up, and even the number of searches that they ran through the service. Details are rather sparse about the nature of the incident and it’s not immediately clear how it unfolded.

Feb. 29, 2020

FBI Says $140+ Million Paid to Ransomware

FBI Says $140+ Million Paid to Ransomware

Through the analysis of collected ransomware bitcoin wallets and ransom notes, the FBI states that victims have paid over $140 million to ransomware operators over the past six years. At the RSA security conference this week, FBI Special Agent Joel DeCapuaexplained how he used bitcoin wallets and ransom notes that were collected by the FBI, shared by private partners, or found on VirusTotalto compute how much money was paid in ransom paymentsover6 years. According to DeCapua between 10/0/1/2013 and 11/07/2019, there have been approximately $144,350,000 in bitcoins paid toransomware actors as part of a ransom.

Feb. 29, 2020

Clearview AI loses entire database of faceprint-buying clients to hackers

Clearview AI loses entire database of faceprint-buying clients to hackers

Clearview AI, the controversial facial recognition startup that’s gobbled up more than three billion of our photos by scraping social media sites and any other publicly accessible nook and cranny it can find, has lost its entire list of clients to hackers – including details about its many law enforcement clients.

Source: sophos.com

Feb. 29, 2020

FBI recommends using passphrases instead of complex passwords

FBI recommends using passphrases instead of complex passwords

FBI suggests using longer passwords combining multiple words into a long string of at least 15 characters instead of short passwords with special characters Recent guidance from the National Institute of Standards and Technology (NIST) highlights that the password length is much more important than password complexity. The recommendations are part of the Protected Voices initiative launched by the FBI to help 2020 political campaigns and American voters protect against online foreign interference. The FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence have provided guidance and information as part of the Protected Voices campaign.