US Emergency Alert System Has a Minor Bug Homeland Security has issued an alert that there are critical vulnerability in the Emergency Alert System encoder and decoder devices. If left unpatched, it would allow a hacker to issue fake warnings of emergencies. The EAS is the nationwide alert system that is used to warn citizens […]
Continue reading → [DISPLAY_ACURAX_ICONS]FBI Warns US Colleges of Widespread VPN Credential Leaks – On Russian Crime Forums Here’s a shocker. Cybersecurity practices at US colleges and universities are not so good. According to an FBI PIN (Color WHITE, general distribution), Russian cybercrime forums are offering network and VPN credentials for sale for many US higher education institutions, some […]
Continue reading → [DISPLAY_ACURAX_ICONS]Flaw in uClibc Allows DNS Poisoning Attacks A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in milliosn of Internet of Things devices that will never be patched and will always be vulnerable. This is where […]
Continue reading → [DISPLAY_ACURAX_ICONS]As part of the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), NIST is required to do several things. among those are guides and standards for improving supply chain security and they have already released a number of draft documents related to their tasks. IF you sell to the executive branch, these will become […]
Continue reading → [DISPLAY_ACURAX_ICONS]Hackers are targeting the cloud. Why? To paraphrase Willie Sutton, because that is where the data is. Historically, penetration testers gain access to network devices through the “perimeter defense” and then they move around (the so-called east-west movement) trying to get access to data, wherever it lives inside the network perimeter. But in the cloud, […]
Continue reading → [DISPLAY_ACURAX_ICONS]Vendor risk must be a core part of every company’s cybersecurity program, but it is hard. Especially when the company is a tech company, developing software that you use. The term Minimum Viable Product or MVP is a term marketing folks have used for years to describe creating a version 1 product that has the […]
Continue reading → [DISPLAY_ACURAX_ICONS]