Senator Asks DoD to Secure Its Websites
Senator Ron Wyden (D-Ore.) on Tuesday asked the chief information officer at the U.S. Department of Defense (DoD) to take immediate action to ensure that the organization’s websites use HTTPS. The senator noted that some of the DoD’s websites, such as the ones belonging to the NSA, the Army, and the Air Force, do use…
Spend Less, Test Faster: Choosing the Right Security Tools
People are creatures of habit. If we learn something one way, we’re prone to stick to it. Less in a “my way or the highway” sense and more so in a “if it ain’t broke, don’t fix it” one. Not every security tool is right for every environment, and just because one set of tools…
Hackers Target Security Firm Fox-IT
Fox-IT, the Netherlands-based cybersecurity firm owned by NCC Group, revealed on Thursday that it had been the victim of a man-in-the-middle (MitM) attack made possible by DNS records getting changed at its third-party domain registrar. The incident took place back in September and Fox-IT decided to disclose it now after conducting a detailed analysis. A…
Old Crypto Vulnerability Hits Major Tech Firms
A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world’s top websites. Last month, F5 Networks informed customers that some of its BIG-IP products include a vulnerability that can be exploited by a remote attacker for recovering encrypted data…
The Myth of Security Enabling Your Business
Every year there are reports and surveys which make the case that security inhibits innovation, productivity and generally holds businesses back. I am not going to argue with that sentiment. Security requires that things are done in a certain manner, which can act as a constraint on wanting to do things a different way. What…
Kaspersky CEO to Testify Before Congress
After the U.S. Department of Homeland Security (DHS) issued a binding operational directive ordering government departments and agencies to stop using products from Russia-based Kaspersky Lab, the security firm’s CEO has been invited to testify before Congress. Eugene Kaspersky, Kaspersky Lab’s chairman and CEO, posted on Twitter a screenshot of the invitation he received from…
Solar Panel Flaws Put Power Grids at Risk: Researcher
A researcher has identified many vulnerabilities in widely used solar power systems and he believes some of these flaws could allow hackers to cause large-scale outages, but the affected vendor says his claims are exaggerated. In a scenario he calls “Horus,” which stems from the name of the ancient Egyptian god, researcher Willem Westerhof describes…
Why WannaCry Was a Wake Up Call for Critical Infrastructure Security
The WannaCry ransomware attack impacted more than 10,000 organizations in 150 countries, including manufacturing and industrial organizations like Nissan, Renault and Dacia, Spanish Telefónica and Deutsche Bahn. It’s likely that a fair number of industrial organizations have been impacted, but haven’t reported the incidents since they are not required to do so by regulatory requirements.