A US Election Phishing Attack, Quitting Vaping, and More News
Credit to Author: Alex Baker-Whitcomb| Date: Fri, 04 Oct 2019 22:23:11 +0000
Catch up on the most important news from today in two minutes or less.
Read moreSecurity
Iranian Hackers Targeted a US Presidential Candidate
Credit to Author: Lily Hay Newman| Date: Fri, 04 Oct 2019 19:33:21 +0000
A revelation from Microsoft offers a chilling reminder that Russia is not the only country interested in swaying the 2020 election.
Read moreIoT dangers demand a dedicated group
Credit to Author: Evan Schuman| Date: Fri, 04 Oct 2019 13:31:00 -0700
The internet of things (IoT) brings with it a wide range of IT security headaches, along with compliance nightmares — and turf wars.
Internal problem No. 1: Departments that typically have little to no interactions with IT are now directly ordering corporate IoT devices. Maybe you’ve got Facilities purchasing IoT door locks or Maintenance buying a ton of IoT light bulbs. Given that those departments have been purchasing door locks and light bulbs for as long as anyone can remember and have never needed IT or security’s signoff, this can be a problem.
Internal problem No. 2: In many ways, IoT devices (think of devices for tracking pallets on ships or for monitoring where every fleet car is and how fast it’s been driven) are very different from anything else that IT or security has dealt with. The units are capturing data that has never been tracked before — Hello, Compliance. Go away, GDPR regulator — and in different ways, such as bypassing enterprise LANs and cloud networks and using internal antennas to directly communicate.
Decrypting What Zero Trust Is, And What It Likely Isn’t
Credit to Author: Greg Young (Vice President for Cybersecurity)| Date: Fri, 04 Oct 2019 17:33:56 +0000
It’s always an indicator of confusion when instead of hearing “I want Q” I’m asked “what is Q?”. In this case the ‘Q’ is Zero Trust. I’ll try and give my best take on what I understand Zero Trust to be. History Repeats Let’s start with the background. Quite a while back the Jericho Forum…
The post Decrypting What Zero Trust Is, And What It Likely Isn’t appeared first on .
Read moreAnswering IoT Security Questions for CISOs
Credit to Author: Ed Cabrera (Chief Cybersecurity Officer)| Date: Fri, 04 Oct 2019 16:17:47 +0000
Given the permeating nature of IoT and Industrial IoT devices in our daily lives, from smart homes to smart cities, one cannot escape the growing cybersecurity risks associated with these devices. It might leave CISOs with a lot of questions about how this newer, growing attack vector could impact their business. We hope to answer…
The post Answering IoT Security Questions for CISOs appeared first on .
Read moreWill 5G increase mobile security?
Credit to Author: Jack Gold| Date: Fri, 04 Oct 2019 08:22:00 -0700
We love our smartphones, but there's a dark side. Their prevalence and users’ tendencies to connect over public Wi-Fi make mobile devices a common target of bad guys. Analyst Jack Gold looks at how to mitigate the risk.
Read moreThe Same Old Encryption Debate Has a New Target: Facebook
Credit to Author: Lily Hay Newman| Date: Thu, 03 Oct 2019 22:40:50 +0000
Attorney general William Barr seems eager to reignite the encryption wars, starting with the social media giant.
Read moreThe Ukraine Whistle-Blower Did Everything Right
Credit to Author: Brian Barrett| Date: Thu, 03 Oct 2019 18:28:06 +0000
The Trump administration’s attacks on the whistle-blower aren’t just baseless—they could have a corrosive long-term effect.
Read moreMicrosoft releases even more patches for the CVE-2019-1367 IE zero-day, and the bugs are having a field day
Credit to Author: Woody Leonhard| Date: Fri, 04 Oct 2019 06:49:00 -0700
You may recall the Keystone Kops reenactment that goes by the code name CVE-2019-1367. In short:
Sept. 23: Microsoft released the CVE-2019-1367 bulletin, and published Win10 cumulative updates in the Microsoft Catalog for versions 1903, 1809, 1803, 1709, 1703, Server 2019 and Server 2016. It also released an IE rollup for Win7, 8.1, Server 2012 and Server 2012 R2. Those were only available by manual download from the Catalog — they didn’t go out through Windows Update, or through the Update Server.
Sept. 24: Microsoft released “optional, non-security” cumulative updates for Win10 version 1809, 1803, 1709, 1703, 1607/Server 2016. Nothing for Win10 version 1903. We also got Monthly Rollup Previews for Win7 and 8.1. Microsoft didn’t bother to mention it, but we found that those Previews include the IE zero-day patch as well. This bunch of patches went out through normal channels — Windows Update, Update Server — but they’re “optional” and “Preview,” which means most savvy individuals and companies won’t install them until they’ve been tested.
This Week in Security News: How a GIF Can Hack Your Android and Vulnerabilities That Could Put Hospital Networks at Risk
Credit to Author: Jon Clay (Global Threat Communications)| Date: Fri, 04 Oct 2019 13:05:54 +0000
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how smart home devices can be easily hacked and 11 vulnerabilities that could affect medical devices and hospital networks. Also, read about why AI could…
The post This Week in Security News: How a GIF Can Hack Your Android and Vulnerabilities That Could Put Hospital Networks at Risk appeared first on .
Read more