Uncategorized – Page 104 – SSL and internet security news

Twelve-Year-Old Vulnerability Found in Windows Defender

February 24, 2021 infossl

malware, microsoft, patching, Security technology, Uncategorized, vulnerabilities, windows

Researchers found, and Microsoft has patched, a vulnerability in Windows Defender that has been around for twelve years. There is no evidence that anyone has used the vulnerability during that time. The flaw, discovered by researchers at the security firm SentinelOne, showed up in a driver that Windows Defender — renamed Microsoft Defender last year … Read More “Twelve-Year-Old Vulnerability Found in Windows Defender” »

Dependency Confusion: Another Supply-Chain Vulnerability

February 23, 2021 infossl

malware, Security technology, supply chain, Uncategorized, vulnerabilities

Alex Birsan writes about being able to install malware into proprietary corporate software by naming the code files to be identical to internal corporate code files. From a ZDNet article: Today, developers at small or large companies use package managers to download and import libraries that are then assembled together using build tools to create … Read More “Dependency Confusion: Another Supply-Chain Vulnerability” »

GPS Vulnerabilities

February 22, 2021 infossl

cybersecurity, gps, infrastructure, national security policy, Security technology, Uncategorized

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. … Read More “GPS Vulnerabilities” »

Friday Squid Blogging: Amazing Video of a Black-Eyed Squid Trying to Eat an Owlfish

February 19, 2021 infossl

Security technology, squid, Uncategorized, video

From the Monterey Bay Aquarium. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Router Security

February 19, 2021 infossl

hardware, Internet of Things, linux, mitigation, patching, reports, Security technology, Uncategorized, vulnerabilities

This report is six months old, and I don’t know anything about the organization that produced it, but it has some alarming data about router security. Conclusion: Our analysis showed that Linux is the most used OS running on more than 90% of the devices. However, many routers are powered by very old versions of … Read More “Router Security” »

WEIS 2021 Call for Papers

February 18, 2021 infossl

conferences, economics of security, Security technology, Uncategorized

The 20th Annual Workshop on the Economics of Information Security (WEIS 2021) will be held online in June. We just published the call for papers. Powered by WPeMatico

Virginia Data Privacy Law

February 18, 2021 infossl

courts, data protection, laws, privacy, Security technology, Uncategorized

Virginia is about to get a data privacy law, modeled on California’s law. Powered by WPeMatico

Browser Tracking Using Favicons

February 17, 2021 infossl

academic papers, browsers, Security technology, tracking, Uncategorized

Interesting research on persistent web tracking using favicons. (For those who don’t know, favicons are those tiny icons that appear in browser tabs next to the page name.) Abstract: The privacy threats of online tracking have garnered considerable attention in recent years from researchers and practitioners alike. This has resulted in users becoming more privacy-cautious … Read More “Browser Tracking Using Favicons” »

Malicious Barcode Scanner App

February 16, 2021 infossl

android, malware, Security technology, ukraine, Uncategorized

Interesting story about a barcode scanner app that has been pushing malware on to Android phones. The app is called Barcode Scanner. It’s been around since 2017 and is owned by the Ukrainian company Lavabird Ldt. But a December 2020 update included some new features: However, a rash of malicious activity was recently traced back … Read More “Malicious Barcode Scanner App” »

US Cyber Command Valentine’s Day Cryptography Puzzles

February 15, 2021 infossl

cryptography, games, Security technology, Uncategorized

The US Cyber Command has released a series of ten Valentine’s Day “Cryptography Challenge Puzzles.” Slashdot thread. Reddit thread. (And here’s the archived link, in case Cyber Command takes the page down.) Powered by WPeMatico