CyberSecure Specialist

23 Aug

Smart light bulbs could give away your password secrets

by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] best seller on Amazon Italy,” so we don’t know how other smart bulbs stack up, but their report has plenty to teach us anyway. The…

23 Aug

The End of “Groundhog Day” for the Security in the Boardroom Discussion?

Information, News

It’s been eight and half years since I first wrote about the need for security leadership representation in the boardroom. I then revisited the topic last year, when the SEC initially proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting. Now, as the SEC cyber incident disclosure rules come into effect, organizations will finally be forced to seriously consider giving security leaders a seat at…

22 Aug

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Information, Insights

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like data theft and ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. In a…

22 Aug

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Information, Malware

by Paul Ducklin Researchers at Apple device management company Jamf recently published an intriguing paper entitled Fake Airplane Mode: A mobile tampering technique to maintain connectivity. We’ll start with the good news: the tricks that Jamf discovered can’t magically be triggered remotely, for example merely by enticing you to a booby-trapped website. Attackers need to implant rogue software onto your iPhone first in order to pull off a “fake airplane” attack. The bad news, however,…

22 Aug

TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

Information, News

Four vulnerabilities identified by academic researchers from Italy and the UK in the TP-Link Tapo L530E smart bulb and its accompanying mobile application can be exploited to obtain the local Wi-Fi network’s password. Currently a best-seller on Amazon Italy, the TP-Link Tapo smart Wi-Fi light bulb (L530E) is cloud-enabled and can be controlled using a Tapo application (available on both Android and iOS) and a Tapo account. The most severe of the identified issues is…

21 Aug

Mass-spreading campaign targeting Zimbra users

Information

ESET researchers have observed a new phishing campaign targeting users of the Zimbra Collaboration email server.

21 Aug

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

Information, Malware, News

Cybersecurity company Cyfirma claims to have uncovered the real identity of the developer behind the CypherRAT and CraxsRAT remote access trojans (RATs). Using the online handle of ‘EVLF DEV’ and operating out of Syria for the past eight years, the individual is believed to have made over $75,000 from selling the two RATs to various threat actors. The same person is also a malware-as-a-service (MaaS) operator, according to Cyfirma. For the past three years, EVLF…

21 Aug

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap. CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing…

20 Aug

Black Hat 2023: Cyberwar fire-and-forget-me-not

Information

What happens to cyberweapons after a cyberwar?

20 Aug

Black Hat 2023: AI gets big defender prize money

Information

Black Hat is big on AI this year, and for a good reason

Smart light bulbs could give away your password secrets

The End of “Groundhog Day” for the Security in the Boardroom Discussion?

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

TP-Link Smart Bulb Vulnerabilities Expose Households to Hacker Attacks

Mass-spreading campaign targeting Zimbra users

Researchers Uncover Real Identity of CypherRAT and CraxsRAT Malware Developer

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

Black Hat 2023: Cyberwar fire-and-forget-me-not

Black Hat 2023: AI gets big defender prize money

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources