Daily Archives: July 19, 2018

FBI’s Comey Covered Up China Hack of Hillary’s Emails, Concealing Intel from Congress Months Before Election; Then FBI Destroyed the Evidence – True Pundit

truepundit.com - FBI brass learned in June 2016 that untold thousands of Hillary Clinton’s private emails had been hacked by Chinese assets yet then-Director James Comey made no disclosures about the national securit…


Tweeted by @jizzi1 https://twitter.com/jizzi1/status/1020166316353761280

CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. The server code was intended to report an error and not proceed, but the code was written incorrectly.

Weird New Fruits Could Hit Aisles Soon Thanks To Gene Editing

An anonymous reader quotes a report from The Guardian: Smooth or hairy, pungent or tasteless, deep-hued or bright: new versions of old fruits could be hitting the produce aisles as plant experts embrace cutting-edge technology, scientists say. While researchers have previously produced plants with specific traits through traditional breeding techniques, experts say new technologies such as the gene-editing tool Crispr-Cas9 could be used to bring about changes far more rapidly and efficiently. Among the genes flagged in the new study in the journal Trends in Plant Science are those behind the production of a family of substances known as MYBs, which are among the proteins that control whether other genes are switched on or off. "MYBs are great targets because they are central to several consumer traits or features like color, flavor [and] texture," said Andrew Allan, a co-author of the review from the University of Auckland whose own projects include working on red-fleshed apples and changing the color of kiwi fruits. "Russet skin in apple and pear [is linked to MYBs]. Hairs on peaches but not nectarines -- another type of MYB." Dr Richard Harrison, head of genetics, genomics and breeding at the horticultural organization NIAB EMR, who was not involved in the article, said tweaking MYB genes or the way such genes are themselves controlled was a fruitful approach. Gene-editing of MYB genes and other genes could bring a host of benefits, Harrison said, adding: "There is a large opportunity to improve the nutritional profile of fruits and vegetables in the future using gene-editing technology, as well as other techniques." Such techniques, he said, introduce the same sort of DNA changes as plant breeders have introduced by artificially selecting traits that cropped up through spontaneous DNA mutation -- but much faster. Next week, the European Court of Justice will decide if or how plants that have been gene-edited will be regulated, and whether they will be treated like genetically modified plants. In April, the U.S. Department of Agriculture announced it will no longer regulate genetically altered plants, so long as the changes could have been produced through traditional plant-breeding techniques.

Read more of this story at Slashdot.

icu svn reorg

docs.google.com - The ICU Subversion repository is being reorganized to combine icu, icu4j and tools in a common trunk. This will permit creating unified change lists covering both ICU4C and J, and tagging or branchin…


Tweeted by @kosikfl https://twitter.com/kosikfl/status/1020147170152833024

Decision Analysis Applications in Threat Analysis Frameworks

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities. It combines the existing conceptual, high-level research […]… Read More

The post Decision Analysis Applications in Threat Analysis Frameworks appeared first on The State of Security.

The State of Security: Decision Analysis Applications in Threat Analysis Frameworks

Cybersecurity is generally considered to be a highly reactive field where professionals struggle to keep up with new and emerging threats. As the profession works to become more human-centered and proactive, I have attempted to design a new modeling process that is highly pertinent to these emerging priorities. It combines the existing conceptual, high-level research […]… Read More

The post Decision Analysis Applications in Threat Analysis Frameworks appeared first on The State of Security.



The State of Security

The Army prepares for ‘irregular warfare’

fifthdomain.com - The U.S. Army will ensure that its war-fighting units can conduct electronic and cyber operations in the next decade, the serviced announced in a vision statement, part of a plan to combat the rise o…


Tweeted by @SpecGhost https://twitter.com/SpecGhost/status/1020140495069229057

Clapper worries about cyber threat from Russia

thehill.com - Director of National Intelligence James ClapperJames Robert ClapperIntelligence officials showed Trump classified proof Putin ordered election interference: report Buck Wild: 'Is President Trump para…


Tweeted by @SteveBellovin https://twitter.com/SteveBellovin/status/1020136679414423552

RSA Archer 6.x Cross Site Scripting / Authorization Bypass

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

Packet Storm: RSA Archer 6.x Cross Site Scripting / Authorization Bypass

RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.

Packet Storm

The New MacBook Pro Keyboard Resists Dust Much Better Than Previous-Gen, Reports iFixit

iFixit tore apart the new 2018 MacBook Pro keyboard to see how well the silicone membrane works to protect the butterfly mechanism from dust and debris. After showering a 2017 and 2018 MacBook Pro in dust particles, the repair site found the newer generation holds up surprisingly well. 9to5Mac reports: As shown in the photo, the blue paint particles coat the outside of the keycaps and the edges of the membrane, but the silicon covers stop most of the particles from getting into the key mechanism -- which is what causes the sticky key issues on the previous models. However, the silicon covers have to have holes in them to allow the keycap clips to attach. Naturally, dust can and will get through these holes over time. iFixit placed some sand particles into the "danger zones" of the keycaps, and confirmed the keys will break/become-unreliable when that happens, just like the second-generation butterfly keys. The non-cocooned 2017 keyboard was "almost immediately flooded" in the particles, unsurprisingly. Clearly, the 2018 model is greatly improved in regard to reliability, but it remains to be seen just how much better it is in real-world use. Over time, you only need a couple specks of dust to get in the keycaps and the keys will get stuck. It's just the chances of dust getting in are greatly reduced with the 2018 models.

Read more of this story at Slashdot.

Cyber Security Engineer – Recruiter Loop

recruiterloop.com - Leading uniquely at the intersection point of technology and social good, Blackbaud provides software, services, expertise, and data intelligence that empowers and connects people to advance the soci…


Tweeted by @Texas_HR https://twitter.com/Texas_HR/status/1020124393760960512

Microsoft detected Russian phishing attacks on three 2018 campaigns

Russia is still launching cyberattacks against the US, a Microsoft exec has revealed, contradicting what the President claimed just a few days ago. According to Microsoft VP for customer security and trust Tom Burt (shown above second from right, with his hand raised), his team discovered a spear-phishing campaign targeting three candidates running for office in 2018. Burt announced his team's findings while speaking on a panel at the Aspen Security Forum, where he also revealed that they traced the new campaign to a group believed to be operated by the GRU, Russia's largest foreign intelligence agency. In other words, those three candidates are being targeted by the same organization that infiltrated the DNC and Hillary Clinton's Presidential campaign in 2016.

Source: Buzzfeed News, Aspen Institute (YouTube)

Best Buy Is Thriving In the Age of Amazon

Best Buy is turning to in-home consultants to help distinguish it from Amazon. The advisors act as "personal chief technology officers," helping people make their homes smart or merely more functional. "Unlike the Geek Squad and blue shirts working in stores, they'll be paid an annual salary instead of an hourly wage," reports Bloomberg. "Their house calls are free and can last as long as 90 minutes. [...] They're supposed to establish long-term relationships with their customers rather than chase one-time transactions." From the report: With more than 1,000 big-box stores in North America and about 125,000 employees, Best Buy was supposed to have succumbed to the inevitable. "Everyone thought we were going to die," says Hubert Joly, who was hired as chief executive officer in August 2012 after profits shrunk about 90 percent in one quarter and his predecessor resigned amid an investigation into his relationship with an employee. Instead, Best Buy has become an improbable survivor led by an unlikely boss. The in-home advisors went national in September. When one of the trainees at the session in Minneapolis asked Joly how big he hoped the program could become, he said: "I don't have a specific goal. I don't think it would be helpful. McKinsey never had a goal of how many clients. It was how good was the work." Another employee said: "This is why Amazon can't compete with us. They can't dispatch an army of in-home agents." Joly wasn't as sure. "Amazon is an amazing company," he replied. "They kill companies. Maybe they will do this. But we have an incredible opportunity. If someone wants to copy, that's fine." Amazon has started offering free smart-home consultations and installations. It doesn't have a chain of big-box stores in which to meet customers, but that didn't bother investors. Best Buy's stock dropped 6.3 percent when Amazon announced its plans a year ago.

Read more of this story at Slashdot.

CVE-2018-8018

Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to GridClientJdkMarshaller deserialization endpoint.

CVE-2018-14421

SeaCMS v6.61 allows Remote Code execution by placing PHP code in a movie picture address (aka v_pic) to /admin/admin_video.php (aka /backend/admin_video.php). The code is executed by visiting /details/index.php. This can also be exploited through CSRF.

CVE-2018-14420

MetInfo 6.0.0 allows a CSRF attack to add a user account via a doaddsave action to admin/index.php, as demonstrated by an admin/index.php?anyid=47&n=admin&c=admin_admin&a=doaddsave URI.

Packet Storm: Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.

Packet Storm

Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues

Two vulnerabilities were discovered within the Oracle WebLogic SAML service provider authentication mechanism. By inserting an XML comment into the SAML NameID tag, an attacker can coerce the SAML service provider to log in as another user. Additionally, WebLogic does not require signed SAML assertions in the default configuration. By omitting the signature portions from a SAML assertion, an attacker can craft an arbitrary SAML assertion and bypass the authentication mechanism.

The First Markets Have Successfully Resolved on Augur

Augur, the decentralized prediction market startup, has successfully resolved its first prediction markets. $20,000 in Ethereum is allegedly being sent out to early users of the platform, who used it without 100% certainty that they would get their money back. At this point, it’s important to step back and give our readers a quick recap […]

The post The First Markets Have Successfully Resolved on Augur appeared first on Hacked: Hacking Finance.

Chinese Hackers Targeted IoT During Trump-Putin Summit

Zorro shares a report from Defense One: Four days before U.S. and Russian leaders met in Helsinki, hackers from China launched a wave of brute-force attacks on internet-connected devices in Finland, seeking to gain control of gear that could collect audio or visual intelligence, a new report says. Traffic aimed at remote command-and-control features for Finnish internet-connected devices began to spike July 12, according to a July 19 report by Seattle-based cybersecurity company F5. China generally originates the largest chunk of such attacks; in May, Chinese attacks accounted for 29 percent of the total. But as attacks began to spike on July 12, China's share rose to 34 percent, the report said. Attacks jumped 2,800 percent. The China-based hackers' primary target was SSH (or Secure Shell) Port 22 -- not a physical destination but a specific set of instructions for routing a message to the right destination when the message hits the server. "SSH brute force attacks are commonly used to exploit systems and [internet of things, or IOT] devices online," the report says. "SSH is often used by IoT devices for 'secure' remote administration." The report notes that attack traffic came from the U.S., France, and Italy as well, but the U.S. and French traffic kept with its averages. "Russian attack traffic dropped considerably from third, its usual spot, to fifth," reports Defense One. "German attack traffic jumped."

Read more of this story at Slashdot.

CVE-2018-14441

An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type.

CVE-2018-14439

espritblock eos4j, an unofficial SDK for EOS, through 2018-07-12 mishandles floating-point numbers with more than four digits after the decimal point, which might allow attackers to trigger currency transfers of unintended amounts.

CVE-2017-18343

** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar.

CVE-2018-14438

In Wireshark through 2.6.2, the create_app_running_mutex function in wsutil/file_util.c calls SetSecurityDescriptorDacl to set a NULL DACL, which allows attackers to modify the access control arbitrarily.

Chrome OS Isn’t Ready For Tablets Yet

The Verge's Dieter Bohn set out to review Acer's Chromebook Tab 10 tablet, but ended up sharing his impressions of using Chrome OS instead. An anonymous reader shares an excerpt from his review: If you're not familiar with Chrome OS, you should know that there are three different tracks you can run Chrome OS on. There's "Stable," which is what most people should use. It's the build I mostly used while testing this device and coming to the conclusions you see above. Then there's "Beta," which is a little on the edge but has been pretty solid for me. Lots of people run it to get slightly earlier access to new features. But because I wanted to see what the future of Chrome looks like, I also looked at the "Developer" build. Most people shouldn't do this. It's buggy and maybe a little less secure. Here be monsters. On a tablet, Chrome OS looks and feels a lot like it does when you have a keyboard. There's a button to get to your apps, a task bar along the bottom, and a system menu in the lower-right corner. In the Developer build, you'll find more squarish tabs and a system menu that's been "Android-ified," so it looks like the Quick Settings you'd see on an Android phone. By default, all apps in Chrome OS go to full screen in tablet mode. Recently, however, split screen was rolled out. You tap the multitasking button on the lower right, drag one window to the left, then pick another open window to fill the right (or vice versa). You can then drag the divider to set up a one-third / two-thirds split screen if you like. That's all well and good, but it's the next steps that make this whole thing feel not quite baked. If you rotate the tablet 180 degrees, everything flips. So if you had a notepad open on the left and Chrome open on the right, when you flip it, the notepad ends up on the right. I found it disconcerting, but perhaps that's just a matter of it being different instead of it being broken. Different UX strokes for different OS folks. [...] I don't want to be too harsh on the lagginess I experienced because it's unfair to judge software that's still in development. But I did experience a lot, even on the more stable builds. That's a particularly egregious problem when there's no physical keyboard. If there's one thing that will drive a user crazy, it's input lag. And I saw much too much of that, even on the Stable build, which is what most educators will experience with this tablet. I also felt at times that I was struggling to hit buttons with my finger that would have been no problem if I had a mouse.

Read more of this story at Slashdot.

Child sex abuse inquiry fined £200,000 for disclosing victims



The UK's data watchdog, the Information Commissioner's Office (ICO) issued a hefty fine of £200,000  on the Independent Inquiry into Child Sexual Abuse (IICSA) for sending a bulk email that identified possible victims of child sex abuse.

A staff member sent an inquiry to 90 people on 27 February 2017  using the "to" field instead of the "black carbon copy" field - exposing everyone's addresses and making them vulnerable. While 52 of the addresses included full names or had a full name label attached. And one of the complainants was "very distressed" over this incidence.

The ICO said that the last year's incident was a  breach of the Data Protection Act.

ICO director of investigations, Steve Eckersley, said: "People's email addresses can be searched via social networks and search engines, so the risk that they could be identified was significant.

"IICSA should and could have done more to ensure this did not happen."

The Inquiry has apologized to the victims affected by this data breach, and has said that they take data protection "very seriously."

"After a wide-ranging review by external experts, we have amended our handling processes for personal data to ensure they are robust and the risk of a further breach is minimized," the IICSA said.

Ubisoft games hit by DDoS atacks

France based video game publisher Ubisoft games have suffered a series of massive DDoS attacks (distributed denial-of-service). As a result, several Ubisoft gaming servers including Ghost Recon Wildlands, For Honor and Far Cry 5 have been facing connectivity issues since Thursday (July 12). Connectivity problems made it difficult for Ubisoft gamers to sign into their favourite games with Ubisoft keeping everyone updated on the status of the issues through the Ubisoft Support account.

On Thursday (July 17), Ubisoft used its customer support Twitter handle to confirm the outage and that the company is working on to mitigate the attacks.

It’s unknown if the server and latency issues that continuously affected Far Cry 5, Rainbow Six Siege, For Honor, Ghost Recon Wildlands and Steep over the last few were due to the DDoS attacks.

“We’re currently monitoring DDoS attacks impacting Ubisoft services and causing players to be unable to connect to games. The attacks are focused on our games connections and server latency, which we are working on mitigating. Thank you for your patience as we resolve this,” the tweet read.

Other players have been chiming in on Twitter to ask Ubisoft Support about various issues with the games mentioned above and others with the account sharing the same message that the server issues are being looked into while attributing them to DDoS attacks. A thread on the Ubisoft forums has been created to keep players up to speed with the DDoS situation, and though it currently shares the same message that the tweet above does, I’ll likely be updated as more information is shared on the issue. The updates were also shared through the Twitter account as well, so you’ll likely see the news there first if you’re following the account.

Ubisoft never specified over the weekend if a DDoS attack was the culprit, but server issues seemed to start around the same time bans were handed out to Rainbow Six Siege players. There’s no clue if that’s the case, but it does seem rather coincidental.

ProtonVPN

ProtonVPN doesn't have as many servers as much of the competition, but its focus on physical and digital security and an affordable price tag make it a compelling choice.

Tens Of Thousands Of Dahua DVR Pws Cached In IOT Search Engine, Allowing Easy Botnet Herding For DDoS

An expert in IoT security offers perspective on findings by (published on Twitter) by Ankit Anubhav, Principal Researcher at NewSky Security, that login passwords for tens of thousands of Dahua DVR devices have been cached and indexed inside search results returned by IoT search engine ZoomEye. Related: CVE-2013-6117.

Sean Newman, Director Product Management at Corero Network Security:

“Reports of passwords for thousands of public Internet-facing DVRs being exposed by the ZoomEye search engine, further highlight how connected device vulnerabilities can go unpatched for many years.  In this case, a vulnerability from 2013 is being openly leveraged to extract admin passwords for the systems. This highlights one of the key issues with IoT security where, even though the vendor had actually fixed the vulnerability, the owners of the devices still haven’t got around to, or been able to, upgrade them.

“While this behaviour continues, there remains no end in sight for IoT devices being acquired for various nefarious activities including use in botnets for launching DDoS and other large-scale criminal campaigns.”

The ISBuzz Post: This Post Tens Of Thousands Of Dahua DVR Pws Cached In IOT Search Engine, Allowing Easy Botnet Herding For DDoS appeared first on Information Security Buzz.

FCC Vote Likely Dooms Sinclair-Tribune Merger

FCC commissioners unanimously voted on a Hearing Designation Order (HDO) to send the proposed sale of Tribune Media properties to Sinclair to a judge, where the merger is expected to cease. Engadget reports: Earlier this week, FCC chairman Ajit Pai raised "serious concerns" about Sinclair's selloff of 21 stations it had proposed in order to remain under station ownership limits post-merger. Had Sinclair declined to sell off some stations, its 173 broadcast stations in 81 markets, combined with Tribune's 42 stations in 33 markets would reach 72 percent of U.S. TV households. The FCC's National TV Ownership rule "does not limit the number of TV stations a single entity may own nationwide so long as the station group collectively reaches no more than 39 percent of all U.S. TV households." But the rule is more flexible for stations that broadcast using UHF frequencies. Pai, who has been accused of aiding the merger by relaxing the ownership regulations, said Monday that Sinclair's plan would allow the company "to control those stations in practice, even if not in name, in violation of the law." He noted that, "When the FCC confronts disputed issues like these, the Communications Act does not allow it to approve a transaction."

Read more of this story at Slashdot.

FBI Director: Without Compromise on Encryption, Legislation May Be the ‘Remedy’

An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.

Read more of this story at Slashdot.

CVE-2018-10870

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

Cyber Warfare Amongst Us: Election 2016

huffingtonpost.com - https://twitter.com/thehill/status/807673521065328640 Donald Trump won the electoral college vote, but lost the popular vote by more than 2.5 million votes. Or did he lose both the electoral college …


Tweeted by @IdeaGov https://twitter.com/IdeaGov/status/1020071709641080832

Microsoft’s Plan To Try To Win Back Consumers With ‘Modern Life Services’

It's not a secret that Microsoft hasn't been winning the hearts and minds of consumers lately. Killing off products like the Groove Music service, Microsoft Band fitness tracker, and Windows Phone have left many questioning whether Microsoft's grand plan is to simply focus on business users and leave consumers to its competitors. But at the company's Inspire partner show this week, Microsoft execs told partners that Redmond isn't giving up on consumers. From a report: Yusuf Mehdi -- whose new title as of June 2018 became corporate vice president of Modern Life and Devices -- led a session at the partner show in Las Vegas, Nev., where he outlined the company's vision for what officials plan to christen "Modern Life Services." Microsoft's core value proposition is productivity, he said. Microsoft is targeting so-called "professional consumers" with these services, Mehdi said. Microsoft officials believe because the company already "owns the work calendar with Outlook," that it has a foothold in working to blur the line between consumer and commercial activities. What, exactly, will qualify as a Modern Life Service? Mostly they will be apps, services, and features that Microsoft already makes available or soon will in Windows, Outlook, and PowerPoint, but which officials will attempt to position as well suited to the needs of professional consumers on Windows PCs, iPhones and Android phones.

Read more of this story at Slashdot.

11 Ways (Not) to Get Hacked – Kubernetes

kubernetes.io - Kubernetes security has come a long way since the project's inception, but still contains some gotchas. Starting with the control plane, building up through workload and network security, and finishi…


Tweeted by @HCP_407 https://twitter.com/HCP_407/status/1020066466736066560

Protect Your Business With an Endpoint Management Solution

Protect Your Business With an Endpoint Management Solution

As organizations are seeing higher numbers of people working remotely, including parts of their IT team, the need for stronger endpoint management is even more important. Automating routine tasks can also be great for business as it drives key business growth by increasing productivity through the automation of of manual processes while optimizing resource allocation and reducing IT costs.

Senate Wants Netflix, Spotify To Send Out Federal Emergency Alerts

Senators in Hawaii and South Dakota have introduced a bill, called the "Reliable Emergency Alert Distribution Improvement (READI) act, that would "explore" broadcasting alerts to "online streaming services, such as Netflix and Spotify," amongst other changes to the Emergency Alert System. TechCrunch reports: Some of the other things the bill touches on: - Users on many phones can currently disable federal alerts; they want to get rid of that option - Building a better system for reporting false alarms and figuring out what happened - Updating the system to better prevent false alarms, and to better retract them when they do happen

Read more of this story at Slashdot.

Threat Hunting Benefits

resources.infosecinstitute.com - Organizations are constantly being challenged by an increasing number of cybersecurity threats. As the severity and frequency of attacks rise, there is a call for a more proactive approach: threat hu…


Tweeted by @MigoKed https://twitter.com/MigoKed/status/1020060576813387776

Utimaco HSM protects digital wallets and cryptocurrencies

Utimaco partners with ThothTrust to protect digital wallets and their cryptocurrency assets with Utimaco HSMs and the CryptoScript Software Development Kit (SDK). The Customizable Secure Cryptography (CSC) product offers different security levels and customization options to create a secure environment corresponding to the customer’s requirements. In the case of digital wallets, a Wallet Security Module (WSM) ensures cryptocurrency asset security based on a Utimaco HSM as its hardware root of trust. The Utimaco HSM equipped … More

The post Utimaco HSM protects digital wallets and cryptocurrencies appeared first on Help Net Security.

Okta acquires ScaleFT to bring Zero Trust to the enterprise

Okta announced it has acquired ScaleFT. Together, Okta and ScaleFT will bring Zero Trust to the enterprise by providing organizations with a framework to protect data, without compromising on experience. As the proliferation of applications and devices continues, the network perimeter is disappearing and organizations must rethink how they secure their extended enterprises — employees, contractors and partners. Organizations of every size are realizing the criticality of moving to a Zero Trust framework by building … More

The post Okta acquires ScaleFT to bring Zero Trust to the enterprise appeared first on Help Net Security.

Unitrends Gen 8 includes self-healing storage and disk density

Unitrends announced the new “Gen 8” release of its Recovery Series backup appliances. New efficiency built into the hardware appliances includes self-healing storage and disk density that stores more data in less space, saving up to 60 percent on power and cooling. The Recovery Series appliances also come pre-integrated with new Unitrends Backup version 10.2 software that optimizes cloud replication performance and features a redesigned Backup Catalog that reduces the time IT administrators spend on … More

The post Unitrends Gen 8 includes self-healing storage and disk density appeared first on Help Net Security.

NCCIC Webinar Series on Russian Government Cyber Activity

Original release date: July 19, 2018

NCCIC will conduct a series of webinars on Russian government cyber activity against critical infrastructure (as detailed in NCCIC Alert TA18-074A), which will feature NCCIC subject matter experts discussing recent cybersecurity incidents, mitigation techniques, and resources that are available to help protect critical assets.

The same webinar will be held from 1-2:30 p.m. ET on the dates listed below:

  • Monday, July 23
  • Wednesday, July 25
  • Monday, July 30
  • Wednesday, August 1

NCCIC encourages users and administrators to attend one of the webinar sessions by visiting https://share.dhs.gov/nccicbriefings or dialing 1-888-221-6227. Attendees may access the webinar as a guest on the day of each event; a registered account is not required for attendees to join.


This product is provided subject to this Notification and this Privacy & Use policy.