Flaw in uClibc Allows DNS Poisoning Attacks A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in milliosn of Internet of Things devices that will never be patched and will always be vulnerable. This is where […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
We all know that North Korea has been funding their terrorism – and their economy – using ransomware attacks and other malware. Now they have a new way and it is pretty creative. According to an advisory from the feds, North Korean IT workers have been trying to get IT jobs in the United States […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
There have been many issues over the years with passive (keyless) entry systems, including but not limited to vehicles. In this case, researchers at the NCC Group used a “relay attack” to not only unlock a Tesla Model 3, but also start it and drive away. A relay attack works like this. You take one […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
CIOs have always had to worry about the challenges of preserving evidence, but now we have a whole new class of challenges. The so called Duty to Preserve comes into play when one party learns about the possibility of litigation. This happens, many times, before any lawsuit is actually filed. Once a party has reasonable […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies […]
Continue reading →
[DISPLAY_ACURAX_ICONS]
Many or possibly most small businesses don’t have an internal IT department. They rely on a third party to help them manage their IT assets. These third parties are called Managed Service Providers (MSPs) or sometimes Managed Security Service Providers (MSSPs). This is not inherently bad. But many of these MSPs are not much larger […]
Continue reading →
[DISPLAY_ACURAX_ICONS]