While I have reported about software supply chain attacks in the past, they have all been one-off and in some cases highly targeted attacks. The FBI has issued a warning about ongoing, large scale, software supply chain attacks. The attackers are using the Kwampirs malware to install a Remote Access Trojan or RAT. The FBI […]
Continue reading → [DISPLAY_ACURAX_ICONS]Iran Expands Oil & Gas Attacks to Electric as Well According to researchers, Iran linked APT33 has expanded its attack surface. Initially they were going after the global oil and gas industry but now they have added the electric grid to the mix. Right now, they say, the goal is reconnaissance – gathering information to […]
Continue reading → [DISPLAY_ACURAX_ICONS]UK Proposes Weak Security Law for IoT Devices; Calls it Strong The UK is proposing a law similiar to California’s existing IoT law and calls it strong security. What makes it strong is that they call it strong, maybe? The bill requires that default passwords on IoT devices be unique (likely part of the serial […]
Continue reading → [DISPLAY_ACURAX_ICONS]Medical devices have never been subjected to much security testing – a fact that the FDA may argue with, but which is visibly accurate. This time it is GE’s CIC Pro, a workstation that hospital staff uses to manage multiple GE patient devices on a ward. They can use the device to monitor patients or […]
Continue reading → [DISPLAY_ACURAX_ICONS]Maybe this is the NEW AND IMPROVED NSA. From the NSA document: This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities) that encompass the vast majority of known vulnerabilities. Cloud customers have a critical role in mitigating misconfiguration and poor access control, but can also […]
Continue reading → [DISPLAY_ACURAX_ICONS]Breaches Gone Wild – Very Wild Since EU’s GDPR went into effect on May 25, 2018 – about 18 months ago – 160,000 Breaches have been reported to EU authorities. A calculator will tell you that means that people are reporting between 250 and 300 security incidents A DAY! If you think that magically, 18 […]
Continue reading → [DISPLAY_ACURAX_ICONS]