Plant Your Flag, Mark Your Territory

Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data — including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is as simple as it is alluring: What’s not put online can’t be hacked. But increasingly, adherents to this mantra are finding out the hard way that if you don’t plant your flag online, fraudsters and identity thieves may do it for you.

The crux of the problem is that while most types of customer accounts these days can be managed online, the process of tying one’s account number to a specific email address and/or mobile device typically involves supplying personal data that can easily be found or purchased online — such as Social Security numbers, birthdays and addresses.

Complete Article

Librarian Sues Equifax Over 2017 Data Breach, Wins $600

In the days following revelations last September that big-three consumer credit bureau Equifax had been hacked and relieved of personal data on nearly 150 million people, many Americans no doubt felt resigned and powerless to control their information. But not Jessamyn West. The 49-year-old librarian from a tiny town in Vermont took Equifax to court. And now she’s celebrating a small but symbolic victory after a small claims court awarded her $600 in damages stemming from the 2017 breach.

Complete Article

Intel, Microsoft to use GPU to scan memory for malware

Since the news of the Meltdown and Spectre attacks earlier this year, Intel has been working to reassure the computer industry that it takes security issues very seriously and that, in spite of the Meltdown issue, the Intel platform is a sound choice for the security conscious.

To that end, the company is announcing some new initiatives that use features specific to the Intel hardware platform to boost security. First up is Intel Threat Detection Technology (TDT), which uses features in silicon to better find malware.

Complete Article

Tenable Research Discovers Vulnerability in Critical Infrastructure

Tenable®, Inc., the Cyber Exposure company, recently discovered a critical remote code execution vulnerability in two Schneider Electric applications used in manufacturing, oil and gas, water, automation and wind and solar power facilities. If exploited, the vulnerability could give cybercriminals complete control of the underlying system. Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.

Complete Article

Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed

OS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers.

At worst, miscreants can, potentially, “gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine.

Complete Article

The AI cybersecurity arms-race: The bad guys are way ahead

For its recently released 2018 State of Cyber Resilience study, Accenture surveyed 4,600 enterprise security practitioners representing companies with annual revenues of $1 billion or more in 15 countries. 83% of respondents to the survey agree that advanced technologies are essential and they would commit funding to them if they could. But only 40% are investing in AI, machine learning, and automation technologies to improve their security defenses.

Complete Article

A lack of cybersecurity funding and expertise threatens U.S. infrastructure

Most leaders in infrastructure-related industries take cyber risk seriously, but their public sector counterparts need to start addressing vulnerabilities with more urgency. Many experts and pundits are already pressuring lawmakers and regulators to take more decisive action across all of our physical systems. Despite this pressure, there are a number of obstacles that need to be addressed alongside the implementation of new policies.

Complete Article

4 telecom companies form a cybersecurity alliance. What will the impact be?

Telecom alliance

The four telecom companies – Singapore’s Singtel, Japan’s Softbank, United Arab Emirates’ Etisalat and Spain’s Telefonica – are creating the Global Telco Security Alliance. The alliance members say they expect to share intelligence on cyber threats and leverage their global reach, assets and cybersecurity capabilities to serve customers worldwide.

Complete Article

Why router-based attacks could be the next big trend in cybersecurity

-Routers have recognizable flaws that are subject to penetration. Open vulnerabilities must be recognized in our cybersecurity efforts.

Routers are high value targets for attacks. Given the position routers play in normal network operations,
the ability to utilize these devices in man-in-the-middle attacks is extremely attractive for attackers.
Considering the multitude of models router vendors produce — and the difficulty of supporting and updating so
many devices — the relative insecurity of routers (particularly devices intended for home or home office use)
makes these devices low hanging fruit for hackers.

Complete Article