Iran Expands Oil & Gas Attacks to Electric as Well According to researchers, Iran linked APT33 has expanded its attack surface. Initially they were going after the global oil and gas industry but now they have added the electric grid to the mix. Right now, they say, the goal is reconnaissance – gathering information to […]
Continue reading → [DISPLAY_ACURAX_ICONS]UK Proposes Weak Security Law for IoT Devices; Calls it Strong The UK is proposing a law similiar to California’s existing IoT law and calls it strong security. What makes it strong is that they call it strong, maybe? The bill requires that default passwords on IoT devices be unique (likely part of the serial […]
Continue reading → [DISPLAY_ACURAX_ICONS]Medical devices have never been subjected to much security testing – a fact that the FDA may argue with, but which is visibly accurate. This time it is GE’s CIC Pro, a workstation that hospital staff uses to manage multiple GE patient devices on a ward. They can use the device to monitor patients or […]
Continue reading → [DISPLAY_ACURAX_ICONS]Maybe this is the NEW AND IMPROVED NSA. From the NSA document: This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. Cloud customers have a critical role in mitigating misconfiguration and poor access control, but can also […]
Continue reading → [DISPLAY_ACURAX_ICONS]Breaches Gone Wild – Very Wild Since EU’s GDPR went into effect on May 25, 2018 – about 18 months ago – 160,000 Breaches have been reported to EU authorities. A calculator will tell you that means that people are reporting between 250 and 300 security incidents A DAY! If you think that magically, 18 […]
Continue reading → [DISPLAY_ACURAX_ICONS]Orphaned Data in the Cloud Researchers at security firm vpnMentor found an unsecured S3 bucket with passport, tax forms, background checks, job applications and other sensitive data for thousands of employees of British consultancies. Many of the firms involved are no longer in business. The researchers reported this to Amazon and the UK’s Computer Emergency […]
Continue reading → [DISPLAY_ACURAX_ICONS]