Posts by Robert Vamosi:
It took security researchers only minutes to gain access to more than a dozen voting machines at last month’s DEF CON security conference. The nearly two dozen machines, all purchased from eBay and government auctions, are considered representative of the wide variety of electronic voting systems in use today. One even contained actual voting data from a previous election, exposing another issue: how to delete old data.
Continue Reading...
Posted in Data Breach, General | Comments Off on DEF CON 25 exposes voting system vulnerabilities
In a survey conducted by Synopsys at this year’s Infosecurity (InfoSec) Europe, almost half of participants said their organizations had not experienced a cyber attack within the last two years. Most attendees surveyed said their organizations had either an internal or external software security group or a combination of both. And the majority indicated their organizations had an incident response plan in place and offered formal cyber security awareness training.
Continue Reading...
Posted in General | Comments Off on Survey finds organizations better prepared for cyber security threats
The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 aims to mitigate risks and increase security in IoT products. Does it stand a chance?
Continue Reading...
Posted in Internet of Things | Comments Off on How will new IoT legislation strengthen the future of cyber security?
In a new report, Synopsys examines new insights into areas of software development where further testing remains. By analyzing over 4.8 billion protocol-based tests, the Synopsys State of Fuzzing 2017 report qualifies the relative levels of maturity in terms of quality and security across more than 250 protocols found in industry verticals such as industrial control systems, medical, financial, government, and the Internet of Things (IoT).
Check out the State of Fuzzing 2017 report to get all the findings.
Continue Reading...
Posted in Fuzz Testing | Comments Off on What is the state of fuzz testing in 2017?
Before the public sessions kick off at Black Hat on Wednesday and Thursday, there are four days of training courses. The course I took part in this year was a two-day, hands-on car hacking course. My instructor, Robert Leale, is the founder and coordinator for the car hacking village at DEF CON. Both the weekend and weekday editions of this course were sold out.
Continue Reading...
Posted in Automotive Security | Comments Off on Are there ever legitimate reasons for hacking a car?
Another week of InfoSec in the desert is history. Black Hat USA started as the Black Hat Briefings in 1997, and has remained mostly corporate. It grew out of the hacker-friendly environment of DEF CON which started as a going away party for a friend of the founder, Jeff Moss, in 1993. Together, the two conference represent the largest annual gathering of InfoSec experts in the world.
Continue Reading...
Posted in Fuzz Testing, Internet of Things | Comments Off on Black Hat USA and DEF CON 2017: And that’s a wrap!
Last week, authorities in multiple countries served warrants to take down a Dark Web site generating a reported $600,000-$800,000 a day in sales of illegal drugs and other products. The clue that led authorities to the real-world admin behind the site was a personal email address used in the site’s early days. It provided a tangible link between the virtual world and the physical world. And, it underscored the many difficulties in truly masking one’s identity online.
Continue Reading...
Posted in General | Comments Off on What Dark Web failures can teach us about security at Black Hat and DEF CON
A vulnerability in a single software component, found in an internet-connected security camera, may leave thousands of different security camera models (and other Internet of Things devices) at risk. But Devil’s Ivy and other such flaws can be avoided with effective software supply chain management.
Continue Reading...
Posted in Internet of Things, Software Composition Analysis | Comments Off on Devil’s Ivy security vulnerability leaves IoT devices at risk
This week’s malware outbreak that removed computer data capabilities from large enterprises worldwide is now thought to have been designed to damage, not to earn profit. Therefore, it only masquerades as traditional ransomware. First seen on Tuesday, NotPetya/Petya is like last month’s WannaCry in that it displayed a ransom request of $300 in Bitcoin on compromised machines. However, this time the attacks were not widespread nor intended for individual machines. They were targeted at faulty enterprise networks and the data was generally not recoverable.
Continue Reading...
Posted in Data Breach | Comments Off on Beyond WannaCry and NotPetya / Petya: What’s next for enterprises?
Another round of ransomware (malware that encrypts the contents of a hard drive until a paid Bitcoin ransom unlocks them) is spreading globally. The new ransomware, known as PetrWrap/Petya, is similar and yet significantly different than WannaCry. Unlike the previous attack, PetrWrap/Petya is a virus that spreads by spam campaigns using malicious Microsoft Word documents. Therefore, it cannot spread itself. Despite years of promoting good security hygiene, people are apparently clicking on the infected files.
Continue Reading...
Posted in General | Comments Off on PetrWrap/Petya ransomware spreading globally: Here’s what you need to know
