reports – SSL and internet security news

NSA on Supply Chain Security

November 4, 2022 infossl

infrastructure, nsa, operational security, reports, Security technology, supply chain, Uncategorized

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the … Read More “NSA on Supply Chain Security” »

New Report on IoT Security

September 27, 2022 infossl

cybersecurity, Internet of Things, reports, security engineering, Security technology, Uncategorized

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should … Read More “New Report on IoT Security” »

New UFEI Rootkit

July 28, 2022 infossl

implants, kaspersky, malware, reports, rootkits, Security technology, Uncategorized

Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article: The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating … Read More “New UFEI Rootkit” »

Security Vulnerabilities in Honda’s Keyless Entry System

July 12, 2022 infossl

cars, keys, locks, reports, Security technology, Uncategorized

Honda vehicles from 2021 to 2022 are vulnerable to this attack: On Thursday, a security researcher who goes by Kevin2600 published a technical report and videos on a vulnerability that he claims allows anyone armed with a simple hardware device to steal the code to unlock Honda vehicles. Kevin2600, who works for cybersecurity firm Star-V … Read More “Security Vulnerabilities in Honda’s Keyless Entry System” »

Ubiquitous Surveillance by ICE

July 7, 2022 infossl

privacy, reports, Security technology, surveillance, Uncategorized

Report by Georgetown’s Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement (ICE). Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic … Read More “Ubiquitous Surveillance by ICE” »

ICE Is a Domestic Surveillance Agency

May 11, 2022 infossl

national security policy, privacy, reports, secrecy, Security technology, surveillance, Uncategorized

Georgetown has a new report on the highly secretive bulk surveillance activities of ICE in the US: When you think about government surveillance in the United States, you likely think of the National Security Agency or the FBI. You might even think of a powerful police agency, such as the New York Police Department. But … Read More “ICE Is a Domestic Surveillance Agency” »

Microsoft Issues Report of Russian Cyberattacks against Ukraine

April 28, 2022 infossl

cyberattack, cyberespionage, cyberwar, espionage, reports, russia, Security technology, ukraine, Uncategorized

Microsoft has a comprehensive report on the dozens of cyberattacks — and even more espionage operations — Russia has conducted against Ukraine as part of this war: At least six Russian Advanced Persistent Threat (APT) actors and other unattributed threats, have conducted destructive attacks, espionage operations, or both, while Russian military forces attack the country … Read More “Microsoft Issues Report of Russian Cyberattacks against Ukraine” »

NASA’s Insider Threat Program

March 23, 2022 infossl

insiders, national security policy, reports, Security technology, Uncategorized

The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider … Read More “NASA’s Insider Threat Program” »

Friday Squid Blogging: The Costs of Unregulated Squid Fishing

March 18, 2022 infossl

reports, Security technology, squid, Uncategorized

Greenpeace has published a report, “Squids in the Spotlight,” on the extent and externalities of global squid fishing. News article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

An Examination of the Bug Bounty Marketplace

January 17, 2022 infossl

economics of security, hacking, reports, Security technology, Uncategorized

Here’s a fascinating report: “Bounty Everything: Hackers and the Making of the Global Bug Marketplace.” From a summary: …researchers Ryan Ellis and Yuan Stevens provide a window into the working lives of hackers who participate in “bug bounty” programs — programs that hire hackers to discover and report bugs or other vulnerabilities in their systems. … Read More “An Examination of the Bug Bounty Marketplace” »