"Real world hacker" Cesar Cerrudo has blasted vendors, saying they're stopping security researchers from testing smart city systems, and as a result they're being sold with dangerous unchecked vulnerabilities.
The warning will be detailed at RSA San Francisco this week, and comes a year after the IOActive chief technology officer found some 200,000 vulnerable traffic control sensors active in cities like Washington DC, London, and Melbourne.
Social-security and credit-card numbers frequently leak or are stolen from corporate networks—and surface on the black market. Adam Ghetti, founder of Ionic Security, says he has invented technology that could largely end the problem. His software keeps corporate data such as e-mails and documents encrypted at all times, except for when someone views it on an authorized computer or mobile device.
Microsoft updated four critical flaws that could have left users vulnerable to attacks using remote code execution in a lighter-than-average Patch Tuesday.
The critical updates centre on vulnerabilities in HTTP.sys, Internet Explorer, Microsoft Office and Microsoft Graphics component.
The HTTP.sys patch will resolve a flaw in Windows that could allow remote code execution if an attacker sends a specifically crafted HTTP request to an affected system, said Microsoft. The vulnerability is understood to affect all versions of Microsoft Server from 2008 onwards.
The chances of another company suffering the devastating effects of a cyber attack like the one perpetrated on Sony last year are not as remote as we would like to believe, security researchers say.
A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.
According to a recent survey by CompTIA, human error accounts for 52 percent of root causes of security breaches, while technology errors account for 48 percent.
For all the talk about multi-factor authentication and the mainstream adoption of biometrics, passwords are not going away. Whilst there are more secure alternatives, and other authentication methods that can be used alongside the humble password, like it or not, the password is going to be around for a long time.
More focus is needed on how to make passwords ‘work’. For the vast majority of applications, they’re all we’ve got.
Anyone who grew up in the 1980s probably knows of Bo Jackson. Unlike most professional athletes, Jackson played both baseball and football, managing to become an all-star in each. Nike even ran a very famous “Bo Knows” ad campaign pitching the idea that Jackson could do anything, which very well could have been the case if a football injury hadn't eventually slowed him down.
In the latest blow to Internet of Things (IoT) security, an analysis of smart home devices has found flaws that could give attackers access to sensitive data or allow them to control door locks and sensors.
The research was performed by a team from application security firm Veracode for six up-to-date devices acquired in December and found serious issues in five of them. The tested devices were the Chamberlain MyQ Garage, the Chamberlain MyQ Internet Gateway, the SmartThings Hub, the Ubi from Unified Computer Intelligence Corporation, the Wink Hub and the Wink Relay.
The president of open-source software user group Linux Australia has called on registered attendees of the organisation's conferences for the past three years to change their passwords after it was discovered that the server hosting its conference management system had been breached.
According to Linux Australia president Joshua Hesketh, the breach was discovered after a large number of error reporting emails were sent on March 22 by the server hosting the Zookeepr conference management systems for a number of Linux Australia's conferences.
Businesses have largely stopped shielding themselves against a Web-security flaw called Heartbleed, providing a growing number of attackers with an easy target, according to security company Venafi Inc.
A year after the vulnerability was made public, 74 percent of more than 1,600 Forbes Global 2000 companies examined haven’t fixed their servers and networks completely, said Kevin Bocek, the Salt Lake City, Utah-based company’s vice president for security strategy. That’s a small improvement from the 76 percent recorded in August, he said.
