Researchers Demo Physical Attack via Car Wash Hack
LAS VEGAS – BLACK HAT USA – Researchers have created proof-of-concept (PoC) exploits to demonstrate how hackers can cause physical damage to vehicles and injure their occupants by remotely hijacking a connected car wash. The attack was detailed in a presentation at the Black Hat security conference this week by WhiteScope founder Billy Rios, a…
IBM Launches Security Testing Services For Cars, IoT
IBM Security announced on Monday that the services provided by its X-Force Red penetration testing group have been expanded to include connected vehicles and Internet of Things (IoT) devices. IBM X-Force Red, which the company launched one year ago, has been working with automotive manufacturers and third-party suppliers to provide expertise and penetration testing and consulting services.
North Korea’s DDoS Attacks Analyzed Based on IPs
Arbor Networks has used the IP addresses shared recently by United States authorities to analyze distributed denial-of-service (DDoS) attacks attributed to the North Korean government. The security firm believes the data may not be as useful for organizations as the U.S. hopes. Earlier this month, the United States Computer Emergency Readiness Team (US-CERT) released a…
Cyber Solstice: IT Security Tasks to Tackle on the Longest Day of the Year
This week, we will experience the longest day of the year: June 21. For IT professionals, more daylight means more time to handle tasks on the back burner, start new projects or even — gasp — take a step back from the cybersecurity front lines. Here’s a look at some top contenders for security tasks…
U.S. Warns of North Korea’s ‘Hidden Cobra’ Attacks
The United States Computer Emergency Readiness Team (US-CERT) released a technical alert on Tuesday on behalf of the DHS and the FBI to warn organizations of North Korea’s “Hidden Cobra” activities, particularly distributed denial-of-service (DDoS) attacks. The threat actor dubbed by the U.S. government “Hidden Cobra” is better known in the infosec community as Lazarus…
Don’t Leave Home Without These Five Travel Security Tips
It’s vacation time for many of us, and that means it’s Christmas for criminals. In their eagerness to experience all the wonders of leisure destinations, travelers are prone to overlooking risks to their physical and digital security. Crooks know this, which is why they target people carrying cameras, sporting backpacks or exhibiting other signs of…
Can Cyber Situational Awareness Prevent the Next Black Swan Cyber Event?
In modern parlance, the phrase “black swan,” as espoused by the famous intellectual personality Nassim Nicholas Taleb in his famous book “The Black Swan: The Impact of The Highly Improbable,” refers to an event that comes as a surprise, leaves a major impact and, in the absence of cyber situational awareness, can be rationalized only…
Apple: CIA’s Mac, iPhone Vulnerabilities Already Patched
Apple’s initial analysis of the iPhone and Mac exploits disclosed by WikiLeaks on Thursday shows that the vulnerabilities they use have already been patched. The company told WikiLeaks to send the information it possesses through the regular submission process. WikiLeaks’ second “Vault 7” dump, dubbed by the organization “Dark Matter,” includes documents describing tools allegedly…
Five Steps to Protect Your Critical Data From Insider Threats
As companies around the world turn their attention to advanced threats endangering their most sensitive data, one category is commanding much-deserved attention: insider threats. With 44.5 percent of attacks perpetrated by malicious insiders, guarding against these incidents is becoming a pressing concern. An effective way to tackle insider threats is with an integrated approach that…
Actively Exploited Struts Flaw Affects Cisco Products
Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days. The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP…