All software has bugs. But some software has more bugs than others. And some organizations are better at finding and fixing those bugs. Just not those in the public sector. Veracode, the code scanning tool/defect finding tool vendor scans a lot of apps a lot of times. Here is a bit of data that should […]
Continue reading → [DISPLAY_ACURAX_ICONS]Cars have huge attack surfaces. And getting bigger every year. One source says the average car has 30-50 computers and luxury cars have a hundred (personally, I think that is low). Add to that 60 to 100 sensors. Some cars have a hundred million lines of code in them. How do you make that 100 […]
Continue reading → [DISPLAY_ACURAX_ICONS]Ukraine Starts Using Clearview Facial Rec to Detect Ruskies Ukraine is using Clearview’s facial recognition tech to identify Russian operatives trying to infiltrate the Ministry of Defense. Clearview has over 2 billion photos scraped from Russia’s social media service VKontakte. They are not sharing with Russia. That likely makes Clearview a high priority hacking target […]
Continue reading → [DISPLAY_ACURAX_ICONS]Russian con artist Pavel Vrublevsky, founder of the dark web payment firm (credit card processor) ChronoPay and the antagonist in Brian Krebs’ 2014 book Spam Nation, was arrested in Moscow this month for fraud. In Brian’s book, he talks about the fraudulent money laundering and SMS payment schemes than Vrublevsky operated. ChronoPay “specializes” in providing […]
Continue reading → [DISPLAY_ACURAX_ICONS]Security folks (like me) have been telling people for years that passwords are just not secure enough anymore. Now we have another reason that is true. Companies have been promoting single sign on as a way around the insecurity of passwords, but now, even that is not secure anymore. Multifactor authentication helps, but even that […]
Continue reading → [DISPLAY_ACURAX_ICONS]Incident and Ransomware Reporting Requirement in Just Passed Spending Bill President Biden signed a bill that requires critical infrastructure operators to report significant cyber incidents to CISA within 72 hours after they reasonably believe an incident has occurred and within 24 hours of making a ransomware payment. The ransomware reporting requirement applies even if it […]
Continue reading → [DISPLAY_ACURAX_ICONS]