cybersecurity – Page 10 – SSL and internet security news

GPS Vulnerabilities

February 22, 2021 infossl

cybersecurity, gps, infrastructure, national security policy, Security technology, Uncategorized

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. … Read More “GPS Vulnerabilities” »

Chinese Supply-Chain Attack on Computer Systems

February 13, 2021 infossl

backdoors, china, cybersecurity, fbi, fisa, intelligence, Internet of Things, national security policy, reports, Security technology, supply chain, Uncategorized

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret: China’s exploitation of products made by Supermicro, as the U.S. … Read More “Chinese Supply-Chain Attack on Computer Systems” »

Vaccine for Emotet Malware

August 18, 2020 infossl

cybersecurity, malware, Security technology

Interesting story of a vaccine for the Emotet malware: Through trial and error and thanks to subsequent Emotet updates that refined how the new persistence mechanism worked, Quinn was able to put together a tiny PowerShell script that exploited the registry key mechanism to crash Emotet itself. The script, cleverly named EmoCrash, effectively scanned a … Read More “Vaccine for Emotet Malware” »

UAE Hack and Leak Operations

August 13, 2020 infossl

academicpapers, cybersecurity, hacking, leaks, nationalsecuritypolicy, qatar, saudiarabia, Security technology, unitedarabemirates

Interesting paper on recent hack-and-leak operations attributed to the UAE: Abstract: Four hack-and-leak operations in U.S. politics between 2016 and 2019, publicly attributed to the United Arab Emirates (UAE), Qatar, and Saudi Arabia, should be seen as the “simulation of scandal” – deliberate attempts to direct moral judgement against their target. Although “hacking” tools enable … Read More “UAE Hack and Leak Operations” »

The NSA on the Risks of Exposing Location Data

August 6, 2020 infossl

cybersecurity, geolocation, military, nsa, riskassessment, risks, Security technology, smartphones, tracking

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. … Read More “The NSA on the Risks of Exposing Location Data” »

Twitter Hacker Arrested

July 31, 2020 infossl

cybersecurity, hacking, scams, Security technology, socialmedia, twitter

A 17-year-old Florida boy was arrested and charged with last week’s Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments. Powered by WPeMatico

Fake Stories in Real News Sites

July 30, 2020 infossl

cybersecurity, disinformation, fakenews, hacking, propaganda, russia, Security technology

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story: The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; … Read More “Fake Stories in Real News Sites” »

Update on NIST’s Post-Quantum Cryptography Program

July 24, 2020 infossl

cryptography, cybersecurity, nist, quantumcomputing, quantumcryptography, Security technology

NIST has posted an update on their post-quantum cryptography program: After spending more than three years examining new approaches to encryption and data protection that could defeat an assault from a quantum computer, the National Institute of Standards and Technology (NIST) has winnowed the 69 submissions it initially received down to a final group of … Read More “Update on NIST’s Post-Quantum Cryptography Program” »

NSA on Securing VPNs

July 15, 2020 infossl

cryptography, cybersecurity, nsa, Security technology, securityanalysis, vpn

The NSA’s Central Security Service — that’s the part that’s supposed to work on defense — has released two documents (a full and an abridged version) on securing virtual private networks. Some of it is basic, but it contains good information. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. To maintain … Read More “NSA on Securing VPNs” »

IoT Security Principles

July 7, 2020 infossl

cybersecurity, internetofthings, Security technology, securityengineering

The BSA — also known as the Software Alliance, formerly the Business Software Alliance (which explains the acronym) — is an industry lobbying group. They just published “Policy Principles for Building a Secure and Trustworthy Internet of Things.” They call for: Distinguishing between consumer and industrial IoT. Offering incentives for integrating security. Harmonizing national and … Read More “IoT Security Principles” »