IOT and ICS Security
What is SIM Swapping? How It’s Driving Fraud in Telecommunications
The rising prevalence of SIM swapping incidents underscores the need for more robust identity proofing processes and enhanced security measures in the telecommunications industry ...
Security Vulnerability in Saflok’s RFID-Based Keycard Locks
Bruce Schneier | | Cybersecurity, Hacking, hotels, Internet of things, locks, Uncategorized, Vulnerabilities
It’s pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security ...
Unsafelok Threat Highlights It’s About Both IoT Devices and Applications
IoT devices and applications exist all over the place, and in high volume. Today’s news brought yet another example of how the scale of IoT systems leads to the conclusion that their ...
EPA and White House Raise Alarm on Water Cybersecurity
Richi Jennings | | Critical Infrastructure, critical infrastructure assets, critical infrastructure attack, Critical Infrastructure Cyber security, Critical Infrastructure Cybersecurity, Drinking Water, Environmental Protection Agency, EPA, ICS, operational technologies, OT, public water systems, SB Blogwatch, wastewater, water, water distribution systems, Water industry, water infrastructure, White House
Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.” ...
Security Boulevard
Drones and the US Air Force
Bruce Schneier | | Defense, Department of Defense, drones, economics of security, Uncategorized, War
Fascinating analysis of the use of drones on a modern battlefield—that is, Ukraine—and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform ...
Google Splashes the Cash in Bug Bounty Bonanza: $59 Million to Date
Richi Jennings | | alphabet, bounty, bug bounty, bug bounty program, bugbounty, ethical hacker, ethical hackers, ethical hacking, google, SB Blogwatch, Vulnerability Rewards Program (VRP), white hat, white hat hacker, white hat hackers, White Hat Security, White Hats, WhiteHat, whitehat hackers, WhiteHat Security
Wanna be a VRP VIP? Last year, $GOOG paid $10 million to ethical hackers for finding vulnerabilities ...
Security Boulevard
Irony of Ironies: CISA Hacked — ‘by China’
Richi Jennings | | china, china espionage, Chinese, Chinese Communists, Chinese drive-by attack, chinese government, chinese hacker, Chinese hackers, Chinese state-sponsored hacking group, Chinese Threat Actors, CIRCIA, cisa, CISA.gov, CVE-2023-46805, CVE-2024-21887, CVE-2024-21893, Cyber Security and Infrastructure Security Agency, Cybersecurity & Infrastructure Security Agency, Cybersecurity and Infrastructure Agency, Data Stolen By China, federal agency, Ivanti, Ivanti Connect Secure, Ivanti Policy Secure, Ivanti security, Ivanti Vulnerabilities, Ivanti Zero day vulnerability, Ligolo, Magnet Goblin, NerbianRAT, NSA/CISA, Peoples Republic of China, SB Blogwatch, Volt Typhoon, WARPWIRE
Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti ...
Security Boulevard
Emerging Trends in Embedded Linux IoT Security
Rohan Timalsina | | embedded linux, Embedded Linux IoT Security, iot, Live Patching Education, Trends in Embedded Linux IoT
Mitigating potential vulnerabilities requires proactive measures due to the complexity of embedded Linux IoT devices The use of containerization and virtualization reduces the attack surface and minimizes the impact of security breaches ...
Cloudflare Unveils a Firewall Designed to Keep LLMs Safe
Cloudflare wants to help organizations wall off their large-language models (LLMs) from cyberthreats and give enterprises an AI framework to ward off risks, many of which are themselves based on the emerging ...
Security Boulevard
CISA Warns Phobos Ransomware Groups Attacking Critical Infrastructure
Phobos, a complex ransomware-as-a-service (RaaS) operation that has been around for five years and is includes multiple variants, continues to target a range of critical infrastructure in the United States, including education, ...
Security Boulevard