Network Security News, Articles and Updates

Looking to reduce GDPR liability, Facebook ports 1.5B non-U.S. users to domestic HQ

Facebook is widely seen to have dodged a GDPR bullet in the Cambridge Analytica scandal.

Social media aggregator LocalBlox leaves 48M records exposed

Social media data aggregation firm LocalBlox left an AWS bucket misconfigured revealing 48 million records gleaned from Facebook and other sites.

Doctors at RSA simulate emergency overdose caused by hacked medical pump

Doctors at RSA on Thursday presented a riveting simulation of a health care emergency caused by a medical device hack -- showing that physicians' trust in the integrity of their equipment can be misplaced.

Trustjacking exploit abuses iTunes feature to spy on iOS devices

Researchers presenting at RSA 2018 on Wednesday disclosed how attackers can gain persistent remote control over iOS devices by abusing a weakness in iTunes Wi-Fi sync, a feature that allows users to sync up iTunes content and data between Apple devices.

IT managers struggling to ID network traffic

About 25 percent of IT managers cannot identify the majority of their network traffic, according to a new survey.

McSweeney to leave FTC

Only acting Chairwoman Maureen Ohlhausen will remain on the Federal Trade Commission after Commissioner Terrell McSweeney takes her leave April 28.

Joyce out as cybersecurity coordinator at White House

Joyce has been a trusted voice on cybersecurity issues at the White House

Intel announces new chip designs with built-in security

Intel Monday announced three new measures that will be implemented in a future chip design to bake security into the hardware following last year's Spectre/Meldown vulnerability.

Cryptocurrency's legal tender

Bitcoin and its multitude of cousins may not be governed by central banks or governments, but the authorities are tracking the meteoric rise for criminal abuse as well as taxation levies against unreported profit gains.

Pompeo will put resources into cyber at State Dept., agency warns employees of uptick in hacking attempts

Lawmakers asked Mike Pompeo if he would reinstate the agency's cyber coordinator position while the Cyber and Technology Security Directorate warned the departments employees of an upswing in malicious activities by hackers.

AMD Processors address Spectre vulnerabilities

AMD announced the release of processor security updates for vulnerabilities concerning the Spectre Variant 2 vulnerability or Microsoft Windows users.

Candy bar security posture leaves enterprises soft on the inside

71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.

Government cyber defenses should look to AI, behavior analytics, Cisco report

As threat actors weaponize more technology, Cisco researchers warn government agencies should look to behavior analytics in order to face new threats.

Calls for cohesive cybersecurity policy after Bossert, others resign

A day after John Bolton joined the Trump administration replacing HR McMaster as national security adviser, White House Homeland Security Adviser Tom Bossert resigned his post.

HTTP injectors used to steal mobile internet connectivity

Flashpoint researchers have come across several Telegram messaging channels being used to exchange HTTP injectors which can then be used to obtain free mobile internet access.

SirenJack flaw exposes problems in emergency alert system

Security researchers have found a flaw in the emergency alert warning siren system used by many local authorities - could be sounded by hackers, research finds.

House Democrats beseech Ryan to compel DHS to provide all docs related to Russian cyberattacks on state election systems

Ranking members of the Committees on Oversight and Government Reform, Judiciary, Intelligence, House Administration, Homeland Security, and Foreign Affairs, said the Trump administration's response had been "woefully inadequate."

GAO report recommends stronger security controls for third parties that receive Medicare beneficiary data

The U.S. Government Accountability Office (GAO) last week publicly released a report warning that the Centers for Medicare and Medicaid Services (CMS) has failed to provide specific security controls guidance to research organizations with whom it shares Medicare beneficiary data.

Hit them where it hurts...critical infrastructure

Critical infrastructure is being targeted by cybercriminals looking to wreak havoc whether working alone or in concert with nation-states.

How to hire a chief privacy officer

Do not be misled — the CPO is not just another position where you give someone a job title and hope they grow into the position. The responsibilities are varied, highly focused, and carry with them some rather unusual job peculiarities.

Natus reportedly updates EEG device software to squash RCE, DoS bugs

Health care device manufacturer Natus Medical Incorporated has reportedly updated the software used in its Xltek EEG products, which monitor brain activity, after a researcher discovered five vulnerabilities that a remote, unauthenticated attacker could exploit to trigger code execution of a denial of service condition.

Microsoft pushes update for critical RCE bug in Malware Protection Engine

Microsoft Corporation on Tuesday announced an emergency patch for a memory corruption vulnerability in its Microsoft Malware Protection Engine (MMPE) that remote attackers can exploit to execute arbitrary code in the security context of the highly privileged LocalSystem account.

GDPR for the Small Businesses

The first step for SMBs is to know what kind of data they have.

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and other core products, as well as security enhancements for two older OS offerings.

Is your perimeter secure?

Protecting your network from the vast array of mobile devices can be challenging. In the end, it's all about identity and access management.

Facebook VP justifies company's data collection practices as central to its growth and mission

The memo penned by Andrew "Boz" Bosworth surfaced as the social media company is trying to restore user trust after Cambridge Analytica harvested data from the Facebook accounts of 50 million Americans without their consent.

Despite risks, a majority of firms are allowing the use of Wi-Fi hotspots

While experts have warned about the perils of connecting to unsecured public Wi-Fi hotspots in the past, new research has revealed that organisations are suffering more from security issues than in the past.

5 Questions to ask cloud services providers about security

Ask prospective cloud servers these five questions germane to security.