Via NYC.gov: Mayor Bill de Blasio has a announced “NYC Secure“, New York City’s first ever cyber-security initiative. NYC Secure will defend New Yorkers from malicious cyber activity on mobile devices, across public Wi-Fi networks, and beyond. The first NYC Secure programs will include a free City-sponsored smartphone protection app that, when installed, will issue […]
Via Ars Technica: A new internet worm emerged over the weekend that took less than 24-hours to infect Android devices such a smartphones and TV boxes. Once infected, the devices began mining the Monero brand of crypto-currency, and seeking additional devices to infect: Once infected, Android phones and TV boxes scan networks for other devices […]
The security desk at Ars Technica is reporting on a new attack where more than 2000 WordPress sites were infected with malware that can capture keystrokes (and passwords) within the administrative control panel. It also installs an in-browser crypto-currency miner that hijacks the computers of site visitors to run silently in the background. Side effects […]
Ars Technica has published an excellent in-depth article detailing how the upcoming software and hardware patches designed to deal with the Meltdown and Spectre vulnerabilities will likely have a negative impact on computer performance. To recap: modern high-performance processors perform what is called speculative execution. They will make assumptions about which way branches in the code […]
Via Ars Technica: Mozilla has recently released a major upgrade to the Thunderbird email client that addresses a critical buffer-overflow vulnerability that was discovered earlier this year: The bug, rated critical by the Mozilla Foundation, is CVE-2017-7845, which is a buffer overflow vulnerability affecting only Windows users. “A buffer overflow occurs when drawing and validating […]
Thomson Reuters (aka: Westlaw) has a introductory primer up on the increased use of blockchain technologies in both the financial and legal sectors. Blockchain 101 [Note: The article is partially pay-walled, so to read the full piece you will need a Westlaw login.]
Endgadget is reporting on a new malware attack underway in in Europe. Dubbed “Bad Rabbit”, the attack takes advantage of widely known flaws in Adobe’s Flash product to trick users into downloading a fake update from a compromised web site. Once installed, the update encrypts user files, rendering them inaccessible until a ransom demand of […]
Mathy VanHoef, a researcher with the imec-DistriNet Research Group at University of Leuven, Belgium has released a paper titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 which details a major vulnerability in the WPA2 wireless security protocol. Per VanHoef’s release notes: [A]ttackers can use this novel attack technique to read information that was previously […]
Via Bloomberg: “Yahoo! Triples Likely Scope of 2013 Hack to 3 Billion Users” If you’ve ever had a Yahoo! account, the following sentence is not going to help your blood pressure: Yahoo, the internet company acquired by Verizon Communications Inc. this year, now believes a 2013 security breach exposed all 3 billion of its users […]
October is National Cyber Security Month, and this year the National Cyber Security Alliance have teamed up with the folks from SANS to put together a Cyber Security Awareness Toolkit. The kit includes a planning matrix, email templates, posters, videos, and a host of activities designed to encourage and increase participation in the field of […]
