Network Security | SC Media

Network Security

Imaginative attack scenarios elicit intrigue at NYU’s CSAW cyber event

Using AI to create artificial fingerprints that can unlock strangers’ phones… abusing electric vehicle charging stations to overwhelm the power grid… exploiting 3D printer technology to execute an all-new form of supply chain attack… These may have once sounded like far-flung ideas, but top cyber minds at New York University have been actively exploring such…

Automakers pen 'privacy principles' for in-car technology

California DMV exposed drivers’ SSN details to federal gov’t officials

For at least the last four years, the California Department of Motor Vehicles had mistakenly given seven government entities access to Social Security number information pertaining to roughly 3,200 drivers and license applicants, the state agency has admitted in a data breach notification. “You are being sent the attached Notice regarding the disclosure of Social…

Patched bug allows beaming of malicious apps to NFC-enabled Android devices

Google last month patched an Android bug that could allow attackers to transfer a malicious application to a nearby NFC-enabled device via the Android Beam feature, bypassing security mechanisms in the process. The vulnerability was discovered in early 2019 by the research team at Nightwatch Cybersecurity, which late last month published a company blog post…

Google patches Chrome flaw used in mysterious WizardOpium exploit attack

Google last Thursday issued an update to its Chrome browser for Windows, Mac and Linux desktop environments, fixing two high-level vulnerabilities, including one that mysterious attackers have been exploiting as a zero day to deliver malware. The two bugs, fixed in version 78.0.3904.87, were identified as CVE-2019-13721, a use-after-free in PDFium, and CVE-2019-13720 a use-after-free…

Energy company hit with DoS attack last spring identified as sPower

Utah-based wind and solar energy developer sPower has been identified as the utilities company that suffered a previously reported denial of service attack that disrupted its normal business activity last March 5. The cyberattack briefly cut off communications between sPower’s control centers and a dozen remote wind and solar farms that served as its power…

We interviewed cyber experts on a Vegas ferris wheel. Then ride security showed up…

In the film “Ocean’s 11,” Danny Ocean and his team of expert cybercriminals execute a daring casino heist in glitzy Las Vegas. This past summer at the Black Hat and DEF CON conferences in Sin City, the editorial staff at SC Media attempted to pull off a less ambitious – and decidedly more legal –…

Report: Hotel chain modifies bed-facing robots to prevent unwanted spying

A Japanese hotel chain that offers in-room robots as an amenity has reportedly modified the technology to prevent snoops from eavesdropping on guests, after an independent researcher publicly exposed a potential exploit. In making the change, travel company H.I.S. Hotel Group conceded that individuals could gain unauthorized access to its 100 Tapia robots at the…

Court doc: Equifax allegedly used insecure password ‘admin’ to protect portal

Failing to patch a critical vulnerability in its Apache Struts software was not the only major security oversight committed by Equifax in the lead-up to a highly damaging data breach in 2017, according to a document filed as part of a securities fraud class-action lawsuit filed earlier this year. An order and opinion filed last…

Unpatched Amazon Echo and Kindle devices prone to KRACK attacks

Amazon.com Echo and Kindle devices were discovered last year to contain WPA/WPA2 protocol vulnerabilities that could potentially allow malicious actors to uncover keychains used to encrypt Wi-Fi traffic. The vulnerabilities, CVE-2017-13077 and CVE-2017-13078, are prone to Key Reinstallation Attacks (aka KRACK attacks), and were disclosed back in 2017 by a pair of Belgian researchers. In essence, they…

Next post in Network Security