cybersecurity – Page 4 – SSL and internet security news

China Hacked Japan’s Military Networks

August 14, 2023 infossl

china, cyberespionage, cybersecurity, espionage, hacking, japan, military, Security technology, Uncategorized

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story: The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current … Read More “China Hacked Japan’s Military Networks” »

Microsoft Signing Key Stolen by Chinese

August 7, 2023 infossl

authentication, backdoors, china, cybersecurity, hacking, keys, microsoft, Security technology, Uncategorized

A bunch of networks, including US Government networks, have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “negligent security practices” is being tossed about—and with good reason. Master signing keys are not supposed to … Read More “Microsoft Signing Key Stolen by Chinese” »

New SEC Rules around Cybersecurity Incident Disclosures

August 2, 2023 infossl

cyberattack, cybersecurity, disclosure, national security policy, risk assessment, risks, Security technology, Uncategorized

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe their processes, if any, for assessing, … Read More “New SEC Rules around Cybersecurity Incident Disclosures” »

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

July 20, 2023 infossl

cybersecurity, national security policy, Security technology, Uncategorized

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a (somewhat) more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, … Read More “Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy” »

Security and Human Behavior (SHB) 2023

June 16, 2023 infossl

conferences, cybersecurity, security conferences, Security technology, Uncategorized

I’m just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees … Read More “Security and Human Behavior (SHB) 2023” »

How Attorneys Are Harming Cybersecurity Incident Response

June 7, 2023 infossl

academic papers, breaches, cybersecurity, incident response, insurance, Security technology, Uncategorized

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders … Read More “How Attorneys Are Harming Cybersecurity Incident Response” »

The Software-Defined Car

June 5, 2023 infossl

cars, cybersecurity, hacking, Security technology, Uncategorized

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage … Read More “The Software-Defined Car” »

Security Risks of New .zip and .mov Domains

May 19, 2023 infossl

cybersecurity, google, phishing, Security technology, Uncategorized, vulnerabilities

Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability. Powered by WPeMatico

PIPEDREAM Malware against Industrial Control Systems

May 9, 2023 infossl

advanced persistent threats, cybersecurity, infrastructure, malware, russia, Security technology, Uncategorized

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial … Read More “PIPEDREAM Malware against Industrial Control Systems” »

Security Risks of AI

April 27, 2023 infossl

artificial intelligence, cybersecurity, machine learning, reports, risks, Security technology, Uncategorized

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs … Read More “Security Risks of AI” »