• Researcher claims to bypass iPhone security limits, but may have spoken too soon
    For a brief moment, it seemed as though a security researcher had found a way to get past the security limits on iPhones and iPads by entering an infinite number of passcodes in order to hack into a device. When attempting to access a locked iPhone or iPad, users generally have a set number of passcode attempts to make before being locked out. You can even set your Apple device to automatically erase its contents if a hacker continuously attempts to guess your passcode. This, Hickey said, would allows hackers to send every single possible passcode combination in a single string, and because it wouldn’t give Apple’s software any respite, the inputs would take priority over any data-erasing security feature. “Instead of sending passcode one at a time and waiting, send them all in one go,” Hickey explained. In a tweet, the security researcher explained that not all of the tested passcodes are ultimately sent to an iPhone or iPad’s secure enclave, which is responsible for guarding against these sorts of attacks.Read More
  • Don’t Underestimate Economic Side of Russia’s Cyber Warfare
    Last The U.S. Treasury Department recently sanctioned a range of Russian companies and individuals for “working at the behest of the Russian Federation and its military and intelligence units to increase Russia’s offensive cyber capabilities.” What the U.S. now faces is not just an economic threat or an information warfare threat, but a direct challenge to our national security from cyber-enabled economic warfare (CEEW), a concerted effort to target the pillars of the U.S. economy to undermine Washington’s ability to defend its citizens and project power abroad. Camouflaging Russian state-backed cyber operations within private sector firms would be an efficient strategy and one consistent with Russian intelligence operations. To inform the U.S. approach to countering Russian CEEW, the intelligence community should evaluate Russian methods and intentions more closely: To what extent is the Kremlin supporting the establishment and expansion of Russian companies for the express purpose of gaining access to the IT networks of its adversaries?Read More
  • Ransomhack: Cybercriminals already using GDPR to blackmail businesses in new extortion scheme
    ​Security researchers have discovered hackers are already leveraging Europe's new General Data Protection Regulation (GDPR) to blackmail hackers into paying hefty ransoms to safeguard data.Read More
  • Securing the Build Environment: A 'Critical' Component of Container Security
    They also need to focus on both elements of build pipeline security: application security, which involves testing code and containers for conformity with security and operational best practices; and tool security, which consists of evaluating the resources necessary for building and deploying applications. In so doing, they help organizations maintain build security as a critical component of their container security. Personnel in security, operations and quality assurance frequently contribute code, tests and configuration data, so it’s important for organizations to take secure code control seriously. Container Platform Security Controller managers like Jenkins are powerful tools in that they control which applications can run. Container Registry Security When it comes to container registry security, developers make the common mistake of allowing anyone to add containers to the registry. Just One Element of Container Security Securing the build environment is just one aspect of container security with which organizations should concern themselves.Read More
  • Four Cyber Security Risks and How to Address Them
    With growing threats to information systems and data, it is extremely important for organizations to remain aware of the top cyber security risks and adopt strategies to effectively tackle them. You want to make sure the device comes with robust security features like regular security upgrades and password-changing features. It is necessary for companies to take adequate measures to strengthen the security of IoT devices in order to reduce any security loopholes. Lack of Proper Cyber Security Policy The absence of a proper cyber security policy makes the entire organization vulnerable to cyber attacks. Identify all the risks associated with cyber security and establish cyber security governance. About the Author: Known for his boundless energy and enthusiasm, Evan Morris works with MWR Infosecurity as a Network Security Manager, an avid blog writer, particularly around Technology, Cyber security and forthcoming threats that can compromise sensitive data.Read More
  • New fears over Chinese espionage grip Washington
    Fresh concerns over Chinese espionage are gripping Washington as lawmakers fear Beijing is gaining sensitive details on U.S. technologies. Lawmakers are scrutinizing the Pentagon over its efforts to keep military secrets safe from hackers, after Chinese actors allegedly breached a Navy contractor’s computer and collected data on submarine technology. The issue took center stage at a congressional hearing Thursday, as lawmakers on the House Armed Services Committee pressed Trump administration officials on their efforts to protect U.S. military assets from Chinese spies. Rep. Adam Smith David (Adam) Adam SmithNew fears over Chinese espionage grip Washington Obstacles to Trump's 'Space Force' could keep proposal grounded for now Dem congresswoman: Imprisoned asylum-seeking women have no idea where their children are MORE (D-Wash.), the ranking member of the Armed Services Committee, did not explicitly reference the incident, but noted a recent briefing on a cyber breach had left him concerned about the military’s protections against foreign-aligned hackers.Read More
  • What Cybersecurity Startups Need May be Different Then What They Want
    For cybersecurity startups, this is currently not the problem. Yet in good times like now, you can pretty much get what you want: most cybersecurity startups can find funding, one way or another. All Money is NOT Good Money Here’s the thing: savvy cybersec entrepreneurs know that not all money is good money. And despite the hype, savvy cybersec investors are beginning to ask tough questions, too – even when they are wowed by emerging tech in a space as hot as cybersecurity. However, when a startup CEO looks in the mirror, he or she should not just be asking “Does my solution solve problem X?” Rather, the relevant question is, “Does my solution solve problem X, and not create problems Y and Z?” The issue is one of integration and ecosystem. Some of the best cybersecurity startups I’ve seen did not have astoundingly unique technology.Read More
  • The most notorious hacker groups
    The group maintains a large command and control server infrastructure located in more than 100 servers and 300 domains, including hosts in countries like the US, the UK, Panama, Costa Rica, Colombia, Germany and the Netherlands.Its victims appear to be highly targeted, including (but not limited to) government and diplomatic institutions, telecoms, aerospace, energy, nuclear research, oil and gas, military, nanotechnology, Islamic activists and scholars, the media, transport, finance, and businesses working on encryption. Carbanak/Fin7A group codenamed Carbanak had been wanted by international policing agencies for at least five years due to its successfully stealing as much as $1 billion from a series of cyber heists and hacked ATM networks.Europol in March 2018 believed it had fingered the ringleader for the notorious gang, still unnamed, arresting the figure in Alicante, Spain, after a joint international investigation. Carbanak (also nicknamed Fin7) sent out highly targeted phishing campaigns – in other words, spear phishing – to trick bank employees into downloading malware.Read More
  • ​WannaCry ransomware scam extorts victims with frightening emails without actually infecting systems
    Scammers have been attempting to extort victims with frightening emails threatening to infect their systems with the infamous WannaCry ransomware unless they pay up in advance.Read More
  • For Millions of Hacked Federal Employees, New Fears of Identity Theft
    By Some current and former federal government employees are taking a look at their credit activity after the Justice Department said this week that data stolen by suspected Chinese hackers in 2014 cyberattacks at the Office of Personnel Management may have been used to commit identity fraud. Federal prosecutors on Monday said a Maryland couple had pleaded guilty to using information stolen in the OPM breach to set up fraudulent car-loan applications with a Langley, Va., credit union....Read More