Cybersecurity

The Diet Pill Security Model

The information security industry, lacking social inhibitions, generally rolls its eyes at anything remotely hinting to be a "silver bullet" for security. Despite that obvious hint, marketing teams remain undeterred at labeling their companies upcoming widget as the savior to the next security threat (or the last one -- depending on what's in the news today). I've joked in the past that the very concept of a silver bullet is patently wrong... more

China, Russia Posing More Aligned Cyberattack Threats to the US, Says Chief of National Intelligence

Dan Coats, Director of US National Intelligence warns China and Russia are increasingly using cyber operations to steal information, influence citizens and to disrupt critical infrastructure. more

Trump to Sign Cybersecurity Executive Order on Tuesday

President Donald Trump expected to sign an executive order on cyber security on Tuesday. more

IT Security Guide: “Financial Impact of Cyber Risk” Released by ANSI and ISA

The American National Standards Institute (ANSI) and the Internet Security Alliance (ISA) released today a new action guide to assist business executives in the analysis, management and transfer of financial risk related to a cyber attack. In 2004, the Congressional Research Service estimated the annual economic impact of cyber attacks on businesses -- which can come from internal networks, the Internet or other private or public systems -- to be more than $226 billion. In 2008, U.S. Department of Homeland Security Secretary Michael Chertoff named cyber risks one of the nation's top four priority security issues. more

Bug Bounty Programs: Are You Ready? (Part 3)

The Bug Bounty movement grew out a desire to recognize independent security researcher efforts in finding and disclosing bugs to the vendor. Over time the movement split into those that demanded to be compensated for the bugs they found and third-party organizations that sought to capitalize on intercepting knowledge of bugs before alerting the vulnerable vendor. Today, on a different front, new businesses have sprouted to manage bug bounties on behalf of a growing number of organizations new to the vulnerability disclosure space. more

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

At a speech during the Security and Defense Agenda meeting on 30 January Vice-President of the European Commission, Neelie Kroes, showed how the Commission envisions public-private cooperation on cyber security. more

U.S. Justice Department Forms Group to Study National Security Threats of IoT

"The U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools," reports Dustin Volz from Washington in Reuters" more

Processing Domain Data to Improve Business Continuity as a Domain Name Registry

In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more

Biden Administration Bans Federal Agencies from Using Commercial Spyware

The Biden administration has announced an executive order that would ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. more

Documentary Balmes Israel for Stuxnet Malware Failure

Oscar-winning documentarian Alex Gibney's "Zero Days" -- coming out on Friday -- investigates the story of the classified Stuxnet attack on Iran by the US and Israel. more

Microsoft Releases Patches to Fix Close to a Hundred Flaws, Including for Unsupported Windows XP

Microsoft has released security updates for close to a hundred security vulnerabilities in a number of Windows operating systems. more

Would You Like Your Private Information to be Available on a VHS or Betamax Tape?

When I was a young child growing up in the late 1980s, my parents were lucky enough to be able to afford to have both a VHS-tape video-recorder in the living room and a Betamax tape recorder in their bedroom. This effectively meant that to me, the great video format wars weren't a decade-defining clash of technologies, but rather they consisted mainly of answering the question "in which room can I watch my favorite cartoons?". more

Gigabyte Motherboard Firmware Exposes Millions of PCs to Potential Cybersecurity Threats

In a potentially damaging cybersecurity revelation, researchers from the cybersecurity company Eclypsium have identified a hidden mechanism in the firmware of motherboards manufactured by Taiwanese company Gigabyte. more

Clothing Retailer Eddie Bauer Confirms Point-Of-Sale Malware, All US, Canadian Stores Infected

In a press release yesterday evening, retailer Eddie Bauer confirmed a point-of-sale malware infection suspected by some sources as early as beginning of last month. more

UK Government Reports Nearly Half of Businesses Identified Cyber Security Breaches in the Past Year

The UK government has released the results of national cybersecurity survey revealing nearly seven in ten large companies in the country have identified a breach or attack in the past 12 months. more