Security

Microchip is no stranger to security solutions. They began with a Crypto ASIC collaborating with IBM in 1998 and implemented a number of other security solutions over the years culminating in a most impressive Advanced IoT Secure Element solution with their ATECC608A.

At the 2018 MEMS Executive Congress, Cynthia Wright, Principal Cyber Security Engineer, MITRE Corporation presented a call-to-action keynote topic on Cybersecurity (See my article here)

Recently i did an article on b&q, a U.K based home hardware supplier and this week it seems that another major player in the home hardware supply's game has also exposed a heap of data online, this time its over here in Australia and its Bunnings Group.

With lists of billions of compromised credentials floating around on underground forums and in text-paste pages across the Internet, it's difficult for anyone to keep up with the potential threat from breached passwords. That's why, as part of its security efforts during Safer Internet Day, Google has released a new add-on for the Chrome browser that automatically and securely checks website credentials against known password breaches.

Yubico, the provider of hardware authentication security keys, has released th results of the company’s 2019 State of Password and Authentication Security Behaviours Report, conducted by the Ponemon Institute.

The Ponemon Institute surveyed 1,761 IT and IT security practitioners in the United States, United Kingdom, Germany and France, although the results have global implications.

It’s often hard to tell just how seriously to take reports of a new vulnerability. The jargon is inscrutable, and the skills needed to pull off the attacks are possessed only by highly skilled professionals. But a bug afflicting Apple’s FaceTime chat has no such ambiguity. How bad is it? Rather than risk exposing people to it, Apple pulled the plug on FaceTime group chats altogether.

A woman living in the Bay Area says she got a hoax warning last weekend that the US was under nuclear attack. The warning came from an unlikely place: her Nest Cam.

Laura Lyons of Orinda, California told the San Jose Mercury News that her smart home security camera was infiltrated after it said on Sunday that three North Korean missiles were headed to Los Angeles, Chicago and Ohio. The warning was preceded by a blaring alarm, Lyons told the newspaper.

Officials with the widely used PHP Extension and Application Repository have temporarily shut down most of their website and are urging users to inspect their systems after discovering hackers replaced the main package manager with a malicious one.

“If you have downloaded this go-pear.phar [package manager] in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes,” officials wrote on the site’s blog. "If different, you may have the infected file.”

Oklahoma’s Department of Securities (ODS) exposed three terabytes of files in plain text on the public internet this month, which contained sensitive data including social security numbers, details of FBI investigations, credentials for remote access to computers, and the names of AIDS patients.

Researchers at security company UpGuard found the files using the Shodan search engine, which indexes internet-connected devices. In this case, they ran across an unsecured rsync server registered to ODS.

A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system.

The temporary fix is for the third security bug released publicly by security researcher SandboxEscaper, and covered by BleepingComputer here.

An official patch from Microsoft is currently unavailable, although exploit code was published a month ago on GitHub, now a Microsoft-owned resource.

The companies that make advanced surveillance software are quiet by design. They generate enough press to let the market (i.e., governments) know their products exist, but it’s not as if there’s an app store for mobile spyware.

They do make mistakes, though. And thanks to two researchers from Lookout, the public now has more information on how these companies operate.