U.S. DHS and FDA Face Medical Device Security Woes

While most eyes interested in cybersecurity for the past two weeks have been focused upon (and for good reason) the Equifax breach, the U.S. Food and Drug Administration (FDA) continued its pressure on medical device manufacturers to build security into product design — just as the U.S. Department of Homeland Security warned the medical community of eight vulnerabilities in Smiths medical wireless infusion pumps.
Read more

Another Cloud Storage Leak Exposes Verizon IT Files

Security researchers have found yet another Amazon S3 storage container with sensitive data that was publicly accessible to anyone on the internet. The S3 bucket contained around 100MB of data, including internal files, usernames, passwords and email messages from U.S. telecommunications provider Verizon Wireless. Many of the files were associated with an internal middleware application
Read more

Opinion: It Is Time for a Duress Code on Cell Phones

Have you seen the stories about the warrantless devices searches by various border agents? It seems that many folks have had their cell phones confiscated (sometimes forcibly) in order to protect the borders as people travel into the United States. Many of the folks subject to these searches are American citizens, some of whom work … Read More The post Opinion: It Is Time for a Duress Code on Cell Phones appeared first on The State of Security.
Read more

CCleaner Supply Chain Attack Targeted Technology Companies

New evidence shows the hackers who infected the installers for the popular CCleaner system optimization tool were primarily targeting the program’s business users. There are also links between the malware code and a well-known Chinese cyber-espionage group. The malware-infected installers for 32-bit versions of CCleaner and CCleaner Cloud released in August were installed on more
Read more

The High/low Entropy Rant for Cryptography

We had another discussion of entropy today.  In computing, entropy is the randomness collected by an operating system or application for use in cryptography or other uses that require random data, a quick search of Wikipedia will tell you.  And you may well know, a lack of entropy can have a negative impact on performance The post The High/low Entropy Rant for Cryptography appeared first on HPE Security - Data Security.
Read more

The Equifax Breach – The Signs Were There

Whenever a big data breach happens – like the Equifax one – there is almost always a predictable order of subsequent events: The breach happens The affected company announces it The news outlets pick up the story and make it known to the general public Security researchers wonder how the breach might have happened and investigate further Then there is the aha moment: security researchers stumble a catastrophic lack of security practices, countless numbers of vulnerabilities and breaches of well-established protocols. Does It Have to Be Like This? In the end, the public often knows more about the dangerous vulnerabilities in the company's website than the actual attacker. Given enough eyeballs, all bugs become more shallow – particularly once an organisation is under public scrutiny. Going back to the series of events, you might conclude that we could completely eliminate events one to three, if there were more security researchers examining the security of their own products. So what would have happened if someone had warned Equifax about vulnerabilities on their websites before the breach happened? Would they have listened to concerned researchers? In 2016 Equifax Was Notified That Their Website Was Vulnerable To a Cross-site Scripting Vulnerability Basic XSS on Equifax, still working after being reported...
Read more
Page 1 of 2112345...1020...Last »