News

072315blog body camera
security trust

Facebook / network connections / privacy / security / breach / wide-eyed fear

Does Facebook even need a CSO?

Maybe not, says Twitter’s former CISO, but there are risks with Facebook's move from a centralized to a distributed security model in the wake of Alex Stamos's departure.

q400 airliner reuters gary hershorn

Horizon Air tragedy highlights airline insider threat vulnerability

The ease at which a Horizon Air employee was able to steal and crash a Bombardier Q400 turboprop will likely prompt airlines to develop an insider threat mitigation strategy to close this vulnerability.

fax machine printer hardware

Attackers could ‘faxploit’ all-in-one printer to penetrate network and steal data

At Def Con 26, researchers revealed pwnage via fax. Hackers need only a fax number to infiltrate networks and exfiltrate data.

Network World: IoT Hacks [slide-07] > Heart Trouble > Surgically implatable IoT

Hacking pacemakers, insulin pumps and patients' vital signs in real time

At the recent Black Hat and Def Con events, researchers showed how they are able to hack medical devices, including pacemakers and insulin pumps, and patients' vital signs in real time.

template c100.00 00 44 13.still001
video

Blue Team Village, DEF CON 2018 | Salted Hash Ep 43

Host Steve Ragan talks to Munin, a staffer at the DEF CON Blue Team Village about what's happening and what you can expect.

risk assessment - safety analysis - security audit

How did the TimeHop data breach happen?

Compromise of an employee's credentials, lack of multi-factor authentication, and weak insider threat analysis all played a factor in the recent TimeHop data breach in which 21 million user accounts were compromised.

Phishing trends

Talking phishing campaigns with @PhishingAI's Jeremy Richards | Salted Hash, Ep. 42

All this week, while we’re on location in Las Vegas, Salted Hash has been discussing phishing and the impact it has had on the public. Today, we’re getting an insider view on how @PhishingAI operates, and learning about a recent...

template c100.00 00 57 13.still001
video

Phishing AI | Salted Hash Ep 42

Host Steve Ragan is joined by Lookout’s Jeremy Richards, who manages the @PhishingAI account on Twitter, as well as a good friend and fellow reporter from Ars Technica.

Bug bounty program

Bug bounties offer legal safe harbor. Right? Right?

Bug bounties are all the rage, but many programs do not offer legal safe harbor to good-faith security researchers who wish to report security issues. Caveat bug finder.

artificial intelligence / machine learning / network

Weaponized AI and facial recognition enter the hacking world

Your face could trigger a DeepLocker AI-powered malware attack or be used by Social Mapper to track you across social media sites.

phishing fishing lure bait binary hack security breach

Inside Dropbox and Microsoft Office phishing attacks | Salted Hash, Ep. SC03

Today on Salted Hash, we're going to look at a phishing attack that targeted me directly. It's got a few interesting elements, including a weak attempt to spoof an HTTPS connection, and a sort of hybrid lure, which starts as Dropbox...

ajit pai fcc

FCC lied about DDoS attack during net neutrality comment process, blames former CIO

FCC Chairman Ajit Pai says a DDoS attack did not take out the net neutrality comment site, and he blames the former FCC CIO for providing incorrect information.

cockroach bug binary2

Do you need a vulnerability disclosure program? The feds say yes

The FTC and DOJ are pushing companies to provide a means for good-faith security researchers to report bugs and put effective processes in place to act on those reports.

danger

Hundreds of HP inkjet printer models vulnerable to critical remote code execution flaws

Hundreds of HP inkjet printer models are in desperate need of firmware patches before hackers start exploiting vulnerabilities to gain remote code execution.

phishing hacker binary keyboard privacy security breach

Introducing Kit Hunter, a phishing kit detection script | Salted Hash, Ep. 40

Kit Hunter is a basic Python script that will run on Linux or Windows. When you run Kit Hunter it searches web directories for phishing kits based on common kit elements located in the tag file. If there is a match, it logs the...

ccleaner

Avast pulls CCleaner version that lacked privacy options after backlash

Avast-owned Piriform reverted to a previous version of CCleaner in response to user outrage over its new data collection policy that had no privacy options.

jobs collaboration careers network

Security executives on the move and in the news

Find up-to-date news of CSO, CISO and other senior security executive appointments.

quantum

How quantum computers will destroy and (maybe) save cryptography

Quantum computers advance mean we might have only a few years before they can break all public key encryption. The day when every secret is known is near.

Load More