Cybersecurity

This posting is here to collect security alert news in January 2018. I post links to security vulnerability news to comments of this article. →

Year 2017 was bad cybersecurity year, and it is expected new Cybersecurity Dangers Will Spike in 2018. Security situation was so bad in 2017 that it was though that We’re hitting rock bottom in cyber, but I fear that we have nit yet hit the bottom, and thing will still get worse until they start →

https://xeushack.com/the-art-of-human-hacking/ Now that we’ve been introduced to social engineering, it’s time to learn about the vulnerabilities in the system we’re trying to hack into: humans. Social engineering is all about making someone do something that they’re not supposed to do.  →

https://www.csoonline.com/article/3238884/linux/linux-antivirus-and-anti-malware-8-top-tools.html  By most estimates, more than 50 percent of web servers on the internet are running some version of Linux or a related *nix. That should be enough to drive home how critical it is to the ongoing success of the Information Age that you analyze, identify, and eradicate malware on or passing through your →

New IT term of the day: Virtual security: Manufacturers claim their products are secure. In reality they are not. Related post:  http://www.epanorama.net/newepa/2017/12/01/were-hitting-rock-bottom-in-cyber-lets-do-something-techcrunch/ →

https://techcrunch.com/2017/11/29/were-hitting-rock-bottom-in-cyber-lets-do-something/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&sr_share=facebook When it comes to the cybersecurity problem, where is rock bottom? Was it WannaCry, a ransomware attack. Or similar and perhaps even worse attack that hit just weeks later? Was it the Yahoo breaches? Or Equifax and Uber? Intel and Apple leaving our computer management accounts wide open? Banking computer systems hacked and many millions stolen? Or critical infrastructure hackers →

https://www.theregister.co.uk/2017/11/22/permissionless_data_slurping_google/ Somebody else than just your mobile operator gets to know where you are: According to an old Chinese proverb: “When a wise man points at the Moon, an idiot looks at his finger.” Google may have been hoping that you were examining a finger, not reading a Quartz story yesterday, which reveals how Android phones send →

https://gbhackers.com/owasp-top-10-2017-released/ Open Web Application Security Project(OWASP) released new Top 10 Most Critical Web Application Security Risks list. With the new release, they have completely refactored the methodology of categorizing risks. →

https://arstechnica.com/tech-policy/2017/11/an-alarming-number-of-sites-employ-privacy-invading-session-replay-scripts/ If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you’re not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors’ keystrokes, mouse movements, and scrolling behavior in real time… →

https://www.denimgroup.com/resources/blog/2017/11/getting-started-with-iot-security-with-threat-modeling/?lipi=urn%3Ali%3Apage%3Ad_flagship3_pulse_read%3BtGhVz%2BNYQRiSgJC%2Bt%2FEWQQ%3D%3D The security of IoT systems can be exceptionally complex because of the large number of components, potentially extensive attack surface, and the interactions between different parts of the system. Threat modeling is a great starting point to understand the risks associated with IoT systems. The challenge with this trend is that IoT devices are just computers →