The Aurora Power Grid Vulnerability and the BlackEnergy Trojan

At recent Industrial IoT security briefings, the Aurora vulnerability has come up repeatedly. Attendees ask, “Is our country’s power grid safe? How can we protect the grid? What is Aurora?” This post provides a look at Aurora, and the BlackEnergy attack that can exploit Aurora. In March 2007, the US Department of Energy demonstrated the…

Ransomware back in big way, 181.5 million attacks since January

SonicWall announces record numbers for malware volume, ransomware attacks, encrypted threats and chip-based attacks in the mid-year update of the 2018 SonicWall Cyber Threat Report. “Real-time cyber threat intelligence is more critical than ever as cybercriminals continue to find new attack vectors — like encrypted and chip-based attacks,” said Chad Sweet, CEO at The Chertoff…

Microsoft Patch Tuesday Updates Fix Over 50 Vulnerabilities

Microsoft’s Patch Tuesday updates for July 2018 address more than 50 vulnerabilities, but none of them appear to have been exploited for malicious purposes before the fixes were released. The company has classified 18 of the flaws as critical and, similar to previous months, they mostly affect the Edge and Internet Explorer web browsers. Many…

Intel Patches Security Flaws in Processor Diagnostic Tool

The Intel Processor Diagnostic Tool (IPDT) is a piece of software designed to verify the functionality of an Intel processor. It can check for brand identification and operating frequency, test specific features, and perform a stress test on the processor. The recently addressed vulnerabilities (two of which are tracked as CVE-2018-3667 and CVE-2018-3668) were found…

GDPR: Where are we now?

By now, the General Data Protection Regulation, or GDPR, is in full effect. Users see its impact each time a website asks for permission to collect cookies and in each notification email about updated privacy policies. Companies are being inundated with inquiries about personal information as users are getting smarter about protecting their data in…

New insider attack steals passwords by reading thermal energy from keyboards

After entering a password, your regular computer keyboard might appear to look the same as always, but a new approach harvesting thermal energy can illuminate the recently pressed keys, revealing that keyboard-based password entry is even less secure than previously thought. Computer Science Ph.D. students Tyler Kaczmarek and Ercan Ozturk from UC Irvine’s Donald Bren…

New Malware Variant Hits With Ransomware or Cryptomining

A long-known ransom Trojan has added new tactics and a new talent, according to research released by Kaspersky Labs. The Trojan-Ransom.Win32.Rakhni family has been around since 2013, but a new variant does a search of files on the victim’s system and decides whether to launch ransomware — or simply use the computer to mine cryptocurrency….

Google Fixes Critical Android Vulnerabilities

Google this week released its July 2018 set of Android patches to address tens of vulnerabilities in the mobile operating system, including several rated as Critical. The Internet giant addressed 11 vulnerabilities as part of the 2018-07-01 security patch level, including three rated Critical and 8 High risk bugs. The issues impact framework, media framework,…