cybersecurity – Page 4 – SSL and internet security news

Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

July 20, 2023 infossl

cybersecurity, national security policy, Security technology, Uncategorized

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” Lots of interesting bits. So far, at least three trends emerge: First, the plan contains a (somewhat) more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, … Read More “Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy” »

Security and Human Behavior (SHB) 2023

June 16, 2023 infossl

conferences, cybersecurity, security conferences, Security technology, Uncategorized

I’m just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The fifty or so attendees … Read More “Security and Human Behavior (SHB) 2023” »

How Attorneys Are Harming Cybersecurity Incident Response

June 7, 2023 infossl

academic papers, breaches, cybersecurity, incident response, insurance, Security technology, Uncategorized

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders … Read More “How Attorneys Are Harming Cybersecurity Incident Response” »

The Software-Defined Car

June 5, 2023 infossl

cars, cybersecurity, hacking, Security technology, Uncategorized

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage … Read More “The Software-Defined Car” »

Security Risks of New .zip and .mov Domains

May 19, 2023 infossl

cybersecurity, google, phishing, Security technology, Uncategorized, vulnerabilities

Researchers are worried about Google’s .zip and .mov domains, because they are confusing. Mistaking a URL for a filename could be a security vulnerability. Powered by WPeMatico

PIPEDREAM Malware against Industrial Control Systems

May 9, 2023 infossl

advanced persistent threats, cybersecurity, infrastructure, malware, russia, Security technology, Uncategorized

Another nation-state malware, Russian in origin: In the early stages of the war in Ukraine in 2022, PIPEDREAM, a known malware was quietly on the brink of wiping out a handful of critical U.S. electric and liquid natural gas sites. PIPEDREAM is an attack toolkit with unmatched and unprecedented capabilities developed for use against industrial … Read More “PIPEDREAM Malware against Industrial Control Systems” »

Security Risks of AI

April 27, 2023 infossl

artificial intelligence, cybersecurity, machine learning, reports, risks, Security technology, Uncategorized

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Jim Dempsey, one of the workshop organizers, wrote a blog post on the report: As a first step, our report recommends the inclusion of AI security concerns within the cybersecurity programs … Read More “Security Risks of AI” »

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

April 4, 2023 infossl

cryptocurrency, cybersecurity, hacking, malware, North Korea, Security technology, supply chain, Uncategorized, vulnerabilities

News: Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.” … Read More “North Korea Hacking Cryptocurrency Sites with 3CX Exploit” »

Security Vulnerabilities in Snipping Tools

March 28, 2023 infossl

cybersecurity, privacy, Security technology, Uncategorized, vulnerabilities

Both Google’s Pixel’s Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images. Powered by WPeMatico

ChatGPT Privacy Flaw

March 22, 2023 infossl

ChatGPT, cybersecurity, privacy, Security technology, Uncategorized

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories. Powered by WPeMatico