Cybersecurity News and Product Reviews | SC Media

Home

Flaw allows attackers to alter media files sent via WhatsApp, Telegram, say researchers

Researchers have reported a vulnerability in the Android versions of WhatsApp and Telegram that could allow malicious actors to manipulate media files sent via the apps. This “media file-jacking” flaw could allow attackers to alter photographs, modify invoices (to aid in a financial scam), swap out files in a particular channel feed, or potentially even…

A draft of the voluntary framework was released by NIST.

Securing Energy Infrastructure Act passes House

The House Thursday passed the bipartisan Securing Energy Infrastructure Act, which aims to remove vulnerabilities that could allow hackers to access the energy grid. The bill was sponsored by Representatives Dutch Ruppersberger (D-Md.) and John Carter (R-Tex.) and mirrors the Senate legislation introduced by Senators Angus King (I-Maine) and Jim Risch (R-Idaho). It seeks to…

Macbook

Ke3chang APT group linked to Okrum backdoor

ESET researchers linked the Ke3chang APT group to the newly discovered Okrum backdoor showing the group is still active and improving its code. Researchers have since discovered new versions of malware families linked to the Ke3chang group and believe the group is operating out of China. Overtime, the Ketrican, Okrum and RoyalDNS backdoors have all…

Researchers devise method to track Bluetooth devices, despite built-in protections

Researchers from Boston University (BU) have discovered a way to circumvent anonymization protections on Bluetooth Low Energy devices, allowing potentially malicious actors to passively track the movements of these devices and their users. BLE devices rely on non-encrypted advertising messages to signal their availability to other devices to pair up. To prevent third-party actors from…

Cisco releases updates, one ‘Critical,’ two ‘High’ severity ratings

Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system. The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software…

Drupal patches access bypass vulnerability

Drupal released a security update to patch an access bypass vulnerability in Drupal Core which could allow an attacker to take control of an affected website. The problem exists in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created and can be mitigated by disabling the Workspaces module, according…

Microsoft demos vote verification tool, warns of ongoing foreign meddling

Microsoft Corporation yesterday began publicly demonstrating its free and open-source secure electronic voting solution, ElectionGuard, warning that such innovations are necessary as adversarial nations continue to target the American people and U.S. businesses. In a blog post announcing the demo, Microsoft Corporate Vice President of Customer Security and Trust Tom Burt said that in the…

How securing DER smart grids differs from securing traditional energy grids, and why it matters

For an industry historically slow to change, the ongoing transformation of the power grid is remarkable. However, with this transformation comes a dramatic increase in the risks of the grid being hacked and disabled. Securing the modern “smart grid” requires new networking technology and services designed to cost-effectively secure communications to assets ranging from utility-scale…

Next post in Executive Insight