Lack of Vendor Cyber Risk Management Hurts over 750 Banks TCM Bank, a company that helps hundreds of small banks issue credit cards had a problem with their third party vendor – the bank’s fourth party vendor risk. The small bank wants to issue credit cards so they hire TCM and TCM hires someone else […]
Continue reading → [DISPLAY_ACURAX_ICONS]Old Hacks Never Die Brian Krebs is reporting that state government agencies are receiving malware laced CDs in the mail, hoping that someone is curious enough to place it in their computer and infect it. This is an older version of a ploy that is still common of dropping malware infected flash drives in areas […]
Continue reading → [DISPLAY_ACURAX_ICONS]Zip Slip Vulnerability Affects Thousands of Projects Researchers discovered a flaw in almost all zip-style file decompressors – RAR, TAR, 7ZIP-APK and others. The problem is caused by a very old attack vector called directory traversal that these libraries do not handle correctly. The decompressor libraries were likely downloaded from places like Github and Stack […]
Continue reading → [DISPLAY_ACURAX_ICONS]Israeli Startup Raises $12.5 Million to Help Governments Hack IoT Given the sad state of IoT security, I am not sure that governments need any help in hacking IoT devices, but just in case they do, Israeli startup Toka raised $12.5 million to help police hack iPhones, Alexas, Echos and Nests, along with other IoT […]
Continue reading → [DISPLAY_ACURAX_ICONS]Timehop Hack Compromises 21 Million Users In a bit of good news/bad news, the social media time capsule site Timehop said that it was hacked around July 4th, but that they interrupted the hack in progress. Still the hackers got usernames, passwords, email addresses, date of birth, gender, some phone numbers and other information for […]
Continue reading → [DISPLAY_ACURAX_ICONS]NSA Deleting All Call Detail Records (CDRs) Acquired Since 2015 While the NSA is not providing a lot of details about what went wrong, the NSA is saying that it is deleting all CDRs acquired since 2015 because of technical irregularities that resulted in it receiving data that, likely, would be illegal under the current […]
Continue reading → [DISPLAY_ACURAX_ICONS]