https://simplesecurity.sensedeep.com/web-developer-security-checklist-f2e4f43c9c56 Developing secure, robust web applications in the cloud is hard, very hard. If you think it is easy, you are either a higher form of life or you have a painful awakening ahead of you. Think twice before you launch your “proto-product”. Acknowledge that you are skipping many of critical security issues. At the very minimum, be honest with →
http://spectrum.ieee.org/automaton/robotics/industrial-robots/report-dangers-of-hacked-factory-robots The threats that a hacked industrial robot represent today go beyond safety concerns and include also industrial sabotage and blackmail. →
https://opensource.com/business/16/6/managing-passwords-security-linux?sc_cid=7016000000127ECAAY Managing password and security related issues in Linux is important, but there are some simple steps you can take to make your system more secure. We’ve seen that there can be a large number of attempts to log on to a publicly accessible system. So, what can we do? There are a few things →
https://arstechnica.com/security/2017/05/an-nsa-derived-ransomware-worm-is-shutting-down-computers-worldwide/ A highly virulent new strain of self-replicating ransomware is shutting down computers all over the world. The malware, known as Wanna, Wannacry, or Wcry, has infected at least 57,000 computers, according to antivirus provider Avast. AV provider Kaspersky Lab said organizations in at least 74 countries have been affected. Wcry uses weapons-grade exploit published by the →
http://resources.infosecinstitute.com/seven-major-hacks-changed-view-cyber-security/ This is a good list of significant cyber security events. →
https://www.ssh.com/vulnerability/intel-amt/ This page by SSH collects information, fixes, and analyses of the Intel AMT Firmare remote code execution vulnerability of May 1, 2017 (CVE-2017-5689). Your servers are in danger now through Intel AMT technology! AMT enables remote management of the servers, including remote operating system installation. It is included in all modern Intel Xeon processors and →
https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/ O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7: Thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers. Is this beginning of end for use of SMS for two factor authentication? SS7 was known to be →
https://www.wired.com/2017/05/hundreds-apps-can-listen-beacons-cant-hear/?mbid=social_fb THERE ARE PLENTY of privacy-invading marketing ploys to worry about in life. Some examples are easy to notice, some are more subtle. In the most inconspicuous hustle of all, apps have increasingly incorporated ultrasonic tones to track consumers. →
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ This looks quite nasty security issue for very many PCs. It seems that Intel has confirmed it. You can read their advisory here. The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) →
https://www.marketplace.org/2017/04/20/tech/make-me-smart-kai-and-molly/blog-main-differences-between-internet-privacy-us-and-eu European privacy regulations are generally more consumer-focused than U.S. rules. “Who is the focus of these laws? Is it about protecting us, and giving us all the information we need and allowing us to make informed choices?” “Or is it about allowing Comcast to keep up with Google and Facebook when it comes to →