14 May 2019

The NSA knows its weapons may one day be used by its targets

Several large scale cyber attacks have utilized cyberweapons and exploits first developed by the United States military and intelligence communities. While much has been done to develop vulnerability equities programs and responsible disclosure processes, such tools are an essential component of our cyber mission and will continue to be developed

Read More
14 May 2019

Rattled by Cyberattacks, Hospitals Push Device Makers to Improve Security

With recent disclosures surrounding medical embedded device security, hospitals are looking to in-room device manufacturers to provide additional disclosures and guaranties around medical devices and software in use at their locations. “Hospital-technology officials say gaining access to the software running inside devices—and knowledge of its vulnerabilities—would help them build firewalls

Read More
14 May 2019

Korean APT Groups Evolving And Gaining Operational Expertise: One adds rare bluetooth device harvester tool

In the dynamic world of cyber conflict organizations either evolve or die. Tracking how threat actors evolve can help better position our defenses. One dynamic of note is the evolution of the APT group known as Group 123, Reaper or ScarCruft. ScarCruft attracted some attention early last year for employing

Read More
14 May 2019

Patching Our Digital Future Is Unsustainable and Dangerous

In a new essay, Melissa Hathaway makes the case for more sustainable and deliberate collective approaches to building security and trust into new systems and more robust disclosure processes. “We must become much more strategic in how new digital technologies are created and deployed.  Over the last 30 years, we

Read More
14 May 2019

How a Chinese spy stole some of the Pentagon’s most sensitive secrets

In a story excerpted from Jim Sciutto’s book Shadow War, additional details regarding China’s business espionage activities is detailed. “As it turns out, Su and his partners would have unfettered access inside Boeing’s network for three years before the intrusion was first discovered. During that time, they would claim to

Read More
14 May 2019

Sensitive Information of Millions of Panama Citizens Leaked

Researchers have once again discovered a trove of unprotected personal information accessible via public cloud servers. “An unprotected Elasticsearch cluster exposed 3,427,396 records containing sensitive personal information on Panama citizens with ‘patient’ labels, together with another 468,086 records labeled as ‘test patients’.” Source: Sensitive Information of Millions of Panama Citizens

Read More
14 May 2019

Use a 3rd Party to Setup Office 365? DHS Says You May Be at Risk.

The Department of Homeland Security CISA has issued an analysis highlighting observed security risks resulting from the use of third parties to move organizations to the Microsoft Office 365 Cloud.

Read More
13 May 2019

A Cisco Router Bug Has Massive Global Implications

A duo of vulnerabilities present in Cisco routers could have significant impact on thousands of companies and government entities. The code not only allows for remote access but allows an attacker to compromise Cisco’s trusted boot process, thereby impacting the integrity of the device. As noted by Wired, “In practice,

Read More
13 May 2019

WhatsApp exploit let attackers install government-grade spyware on phones

A vulnerability that allowed cyberattacker to remotely install malicious software on mobile phones remotely has been fixed by the Facebook WhatsApp team. The vulnerability was exposed as having been used to install software by the Israeli based NSO Group which has come under fire for selling zero-day exploit services to

Read More
13 May 2019

Two years after WannaCry, a million computers remain at risk

“Two years ago today, WannaCry impacted hundreds of thousands of computers in over 150 countries. It was one of the first large instances of ransomware and today as many as 1.7 million internet-connected endpoints are still vulnerable to the exploits, according to the latest data.” It also raises many questions

Read More