Category: reports

Auto Added by WPeMatico

Nation-State Espionage Campaigns against Middle East Defense Contractors

Posted on By infossl
attribution, cyberespionage, espionage, impersonation, linkedin, malware, reports, Security technology

Report on espionage attacks using LinkedIn as a vector for malware, with details and screenshots. They talk about “several hints suggesting a possible link” to the Lazarus group (aka North Korea), but that’s by no means definite. As part of the initial compromise phase, the Operation In(ter)ception attackers had created fake LinkedIn accounts posing as … Read More “Nation-State Espionage Campaigns against Middle East Defense Contractors” »

New Hacking-for-Hire Company in India

Posted on By infossl
hacking, india, phishing, reports, Security technology

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India. Key Findings: Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Dark Basin extensively … Read More “New Hacking-for-Hire Company in India” »

Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security

Posted on By infossl
breaches, cia, leaks, reports, Security technology, wikileaks

The Washington Post is reporting on an internal CIA report about its “Vault 7” security breach: The breach — allegedly committed by a CIA employee — was discovered a year after it happened, when the information was published by WikiLeaks, in March 2017. The anti-secrecy group dubbed the release “Vault 7,” and U.S. officials have … Read More “Theft of CIA’s “Vault Seven” Hacking Tools Due to Its Own Lousy Security” »

The DoD Isn’t Fixing Its Security Problems

Posted on By infossl
accountability, compliance, cybersecurity, departmentofdefense, reports, Security technology

It has produced several reports outlining what’s wrong and what needs to be fixed. It’s not fixing them: GAO looked at three DoD-designed initiatives to see whether the Pentagon is following through on its own goals. In a majority of cases, DoD has not completed the cybersecurity training and awareness tasks it set out to. … Read More “The DoD Isn’t Fixing Its Security Problems” »

Bug Bounty Programs Are Being Used to Buy Silence

Posted on By infossl
bribes, coverups, disclosure, reports, Security technology

Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers: Used properly, bug bounty platforms connect security researchers with organizations wanting extra scrutiny. In exchange for reporting a security flaw, the researcher receives payment (a bounty) as a thank you for doing the right thing. However, CSO’s … Read More “Bug Bounty Programs Are Being Used to Buy Silence” »

The Insecurity of WordPress and Apache Struts

Posted on By infossl
apache, reports, Security technology, securityengineering, vulnerabilities

Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content management system ranked third, followed by Ruby on Rails … Read More “The Insecurity of WordPress and Apache Struts” »

More on Law Enforcement Backdoor Demands

Posted on By infossl
backdoors, encryption, lawenforcement, reports, Security technology, smartphones

The Carnegie Endowment for International Peace and Princeton University’s Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the “going dark” debate. They have released their report: “Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn’t also backdoor communications … Read More “More on Law Enforcement Backdoor Demands” »

The Human Cost of Cyberattacks

Posted on By infossl
cyberattack, infrastructure, malware, reports, Security technology

The International Committee of the Red Cross has just published a report: “The Potential Human Cost of Cyber-Operations.” It’s the result of an “ICRC Expert Meeting” from last year, but was published this week. Here’s a shorter blog post if you don’t want to read the whole thing. And commentary by one of the authors. … Read More “The Human Cost of Cyberattacks” »