Information

03 Aug

CISA Calls Urgent Attention to UEFI Attack Surfaces

The US government’s cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI, warning that the dominant firmware standard presents a juicy target for malicious hackers. “UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software,” the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. Noting that UEFI code represents a compilation of several components (security and…

03 Aug

How Malicious Android Apps Slip Into Disguise

Information, Insights

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools. Google says it has updated its app malware detection mechanisms in response to the new research. At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam. Aleksandr Eremin, a senior malware analyst at the company, told KrebsOnSecurity…

02 Aug

Quantum computing: Will it break crypto security within a few years?

Information

Current cryptographic security methods watch out – quantum computing is coming for your lunch.

02 Aug

Performance and security clash yet again in “Collide+Power” attack

Information

by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give it a PR-friendly moniker, register a vanity domain name for it, build it a custom website, and design it a special logo. This time, the…

02 Aug

Microsoft Catches Russian Government Hackers Phishing with Teams Chat App

Information, News

Software giant Microsoft on Wednesday sounded an alarm after catching a known Russian government-linked hacking group using its Microsoft Teams chat app to phish for credentials at targeted organizations. According to a research report from Redmond’s Threat Intelligence team, the hacking team is linked to the Foreign Intelligence Service of the Russian Federation (also known as the SVR) and has been caught targeting government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.…

01 Aug

Firefox fixes a flurry of flaws in the first of two releases this month

Information

by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than reference to an atmospheric phenomenon that makes the moon seem blue, in case you ever wondered), there will be a blue Firefox too. Firefox version…

01 Aug

Forgepoint Capital Places $15M Series A Bet on Converge Insurance

Information, News

Venture capital outfit Forgepoint Capital has placed another bet in the cyber-insurance sector, leading a $15 million funding round for New York tech startup Converge Insurance. The $15 million Series A investment is Forgepoint’s second push into the cyber-insurance sector following last year’s incubation of Surefire Cyber, a startup selling incident response services specifically to cyber insurers, brokers and legal firms. Converge Insurance describes itself as a modern managing general agent (MGA) that fuses cyber…

31 Jul

SEC demands four-day disclosure limit for cybersecurity breaches

Information

by Paul Ducklin Last week, the US Securities and Exchange Commission (SEC) announced new and fairly strict rules about cybersecurity breach disclosures for any people or companies that fall under its regulatory remit. The SEC, by the way, was founded at the height of the US Great Depression in the 1930s, with the aim of preventing the sort of unregulated speculation that led to what became known as Black Thursday, the infamous Wall Street crash…

31 Jul

US Gov Rolls Out National Cyber Workforce, Education Strategy

Information, News

The Biden administration on Monday rolled out its first-ever National Cyber Workforce and Education Strategy (NCWES), announcing a series of “generational investments” to address immediate and long-term cyber workforce needs. The new strategy seeks to transform cyber education in K-12 schools, community colleges and technical schools, invest in teachers and cyber education systems and make training more accessible and affordable. “Filling the hundreds of thousands of cyber job vacancies across our nation is a national…

29 Jul

Is backdoor access oppressive? – Week in security with Tony Anscombe

Information

Bills granting access to end-to-end encrypted systems, opportunity for cybercriminals, abuse by authority, human rights, and tech companies leaving the UK?

CISA Calls Urgent Attention to UEFI Attack Surfaces

How Malicious Android Apps Slip Into Disguise

Quantum computing: Will it break crypto security within a few years?

Performance and security clash yet again in “Collide+Power” attack

Microsoft Catches Russian Government Hackers Phishing with Teams Chat App

Firefox fixes a flurry of flaws in the first of two releases this month

Forgepoint Capital Places $15M Series A Bet on Converge Insurance

SEC demands four-day disclosure limit for cybersecurity breaches

US Gov Rolls Out National Cyber Workforce, Education Strategy

Is backdoor access oppressive? – Week in security with Tony Anscombe

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources