cybersecurity – Page 5 – SSL and internet security news

North Korea Hacking Cryptocurrency Sites with 3CX Exploit

April 4, 2023 infossl

cryptocurrency, cybersecurity, hacking, malware, North Korea, Security technology, supply chain, Uncategorized, vulnerabilities

News: Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.” … Read More “North Korea Hacking Cryptocurrency Sites with 3CX Exploit” »

Security Vulnerabilities in Snipping Tools

March 28, 2023 infossl

cybersecurity, privacy, Security technology, Uncategorized, vulnerabilities

Both Google’s Pixel’s Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images. Powered by WPeMatico

ChatGPT Privacy Flaw

March 22, 2023 infossl

ChatGPT, cybersecurity, privacy, Security technology, Uncategorized

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories. Powered by WPeMatico

New National Cybersecurity Strategy

March 6, 2023 infossl

cybersecurity, national security policy, Security technology, software liability, Uncategorized

Last week, the Biden Administration released a new National Cybersecurity Strategy (summary here). There is lots of good commentary out there. It’s basically a smart strategy, but the hard parts are always the implementation details. It’s one thing to say that we need to secure our cloud infrastructure, and another to detail what the means … Read More “New National Cybersecurity Strategy” »

Attacking Machine Learning Systems

February 6, 2023 infossl

cryptography, cyberattack, cybersecurity, essays, machine learning, Security technology, Uncategorized, vulnerabilities

The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many opportunities for new researchers to publish in this field. In … Read More “Attacking Machine Learning Systems” »

NIST Is Updating Its Cybersecurity Framework

January 30, 2023 infossl

cybersecurity, national security policy, nist, Security technology, Uncategorized

NIST is planning a significant update of its Cybersecurity Framework. At this point, it’s asking for feedback and comments to its concept paper. Do the proposed changes reflect the current cybersecurity landscape (standards, risks, and technologies)? Are the proposed changes sufficient and appropriate? Are there other elements that should be considered under each area? Do … Read More “NIST Is Updating Its Cybersecurity Framework” »

US Cyber Command Operations During the 2022 Midterm Elections

January 25, 2023 infossl

cyberattack, cybersecurity, hacking, national security policy, Security technology, Uncategorized, voting

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections. He didn’t name names, of course: We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” said Nakasone. … Read More “US Cyber Command Operations During the 2022 Midterm Elections” »

Breaking the Zeppelin Ransomware Encryption Scheme

November 21, 2022 infossl

cryptanalysis, cybersecurity, encryption, ransomware, Security technology, Uncategorized

Brian Krebs writes about how the Zeppelin ransomware encryption scheme was broken: The researchers said their break came when they understood that while Zeppelin used three different types of encryption keys to encrypt files, they could undo the whole scheme by factoring or computing just one of them: An ephemeral RSA-512 public key that is … Read More “Breaking the Zeppelin Ransomware Encryption Scheme” »

Failures in Twitter’s Two-Factor Authentication System

November 17, 2022 infossl

authentication, cybersecurity, passwords, Security technology, sms, twitter, two-factor authentication, Uncategorized, vulnerabilities

Twitter is having intermittent problems with its two-factor authentication system: Not all users are having problems receiving SMS authentication codes, and those who rely on an authenticator app or physical authentication token to secure their Twitter account may not have reason to test the mechanism. But users have been self-reporting issues on Twitter since the … Read More “Failures in Twitter’s Two-Factor Authentication System” »

The Conviction of Uber’s Chief Security Officer

November 7, 2022 infossl

courts, cover-ups, cyberattack, cybersecurity, data breaches, data protection, Security technology, uber, Uncategorized

I have been meaning to write about Joe Sullivan, Uber’s former Chief Security Officer. He was convicted of crimes related to covering up a cyberattack against Uber. It’s a complicated case, and I’m not convinced that he deserved a guilty ruling or that it’s a good thing for the industry. I may still write something, … Read More “The Conviction of Uber’s Chief Security Officer” »