Security researchers have discovered a new vector for DDoS amplification attacks – and it's quite literally trivial.
Improperly configured services such as DNS or Network Time Protocol (NTP) have been exploited to launch a string of DDoS attacks over the last couple of years.
For years, the security industry has been primarily focused on stopping data theft, but more and more people in the trade are worried that the next wave of attacks won't steal data, but alter it instead.
On Tuesday, the head of the NSA named data manipulation as one of his top three nightmares, and other vendors are agreeing with him. Caleb Barlow, VP at IBM Security, told The Reg that the firm is already seeing the first signs of this kind of attack and the potential problems could be huge.
Think drones are scary? Then you might not like the notion of hackable $35,000 police drones flying in your airspace.
Unfortunately, that notion is something of a reality — at least according to one hacker who says he’s capable of commandeering a very expensive, very high-tech quadcopter from over a mile away.
Apple's ongoing fight with the FBI over whether the company can be compelled to help the government unlock the iPhone 5c used by San Bernardino shooter Syed Farook has brought the full range of Apple's privacy policies into the spotlight.
The details surrounding the case have made it clear that while Apple is unable to access information on iOS devices, the same is not true of iCloud backups. Apple can decrypt an iCloud backup and provide the information to authorities when ordered to do so via a warrant, as it did in the San Bernardino case.
Judging from comments both public and private, a lot of attendees at this year's RSA 2016 conference were somewhat surprised to pick up badges and lanyards emblazoned with the logo of threat intelligence firm Norse Corp.
The firm has had a rocky road over the last few months, losing a sizable chunk of its staff in layoffs, not to mention its CEO, and going offline for a while. The sponsorship was highlighted on the first day of the conference by Jim Reavis, co-founder of the Cloud Security Alliance in his talk on Monday morning.
Cisco informed customers on Wednesday that it has released software updates for several of its products to address critical and high severity vulnerabilities.
The most serious of the issues is a critical vulnerability related to the existence of insecure default credentials in the NX-OS network operating system running on Cisco Nexus 3000 series and Nexus 3500 platform switches. The flaw, identified as CVE-2016-1329, can be exploited by a remote, unauthenticated attacker to log into a vulnerable device with root privileges via an account that has a default and static password.
Defense Secretary Ashton Carter called for peace between Silicon Valley and the federal government amid a legal battle between Apple and the Justice Department over a locked iPhone used during the San Bernardino shootings.
“The only way we are going to get a good solution is by working together,” Carter told the audience at the RSA cybersecurity conference in San Francisco on Wednesday. “To work our ways through our problems.”
The Pentagon will next month launch the United States Government's first bug bounty program encouraging hackers to break into its websites in what could lead to a broader invitation to hack state assets for cash.
Details on the cash rewards offered under the 'Hack the Pentagon' program have not yet been released.
A strain of ransomware has reinvented itself and begun encrypting WordPress websites in exchange for Bitcoin ransom payments.
Lawrence Abrams of Bleeping Computer explains in a blog post that the ransomware, dubbed "CTB-Locker," first appeared two years ago as a traditional sample of crypto-ransomware targeting ordinary users.
Since then, Abrams explains, the malware's authors have realized that there are bigger fish worth catching:
Hospitals are risking patient lives by failing to protect critical computer systems that can be manipulated by attackers. In a scathing report that looks at the current state of hospital security, researchers say everything from bedside patient monitoring systems, automated drug dispensing machines to patient records are inadequately protected.
