http://www.visualcapitalist.com/worlds-biggest-data-breaches/?utm_source=facebook&utm_medium=social&utm_campaign=SocialWarfare Before 2009, the majority of data breaches were the fault of human errors like misplaced hard drives and stolen laptops, or the efforts of “inside men” looking to make a profit by selling data to the highest bidder. Since then, the volume of malicious hacking has exploded relative to other forms of data loss. →
https://www.cyberciti.biz/faq/how-to-prevent-unprivileged-users-from-viewing-dmesg-command-output-on-linux/ One can use dmesg command see or control the kernel ring buffer. The kernel syslog contains debugging information that is often useful during exploitation of other vulnerabilities, such as kernel heap addresses. There is an option that prevents unprivileged users from reading the syslog. sudo sysctl -w kernel.dmesg_restrict=1 →
http://www.zdnet.com/article/why-you-must-patch-the-new-linux-sudo-security-hole/ Ironically, only the most secure Linux server setups are vulnerable to this newly discovered hole. If you want your Linux server to be really secure, you defend it with SELinux. Many sysadmins don’t bother because SELinux can be difficult to set up. This makes the newly discovered Linux security hole — with the sudo command that only hits →
https://techcrunch.com/2017/06/02/who-catches-the-imsi-catchers-researchers-demonstrate-stingray-detection-kit/?ncid=rss&utm_source=tcfbpage&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook&sr_share=facebook What’s needed is an independent method of identifying IMSI catchers in the wild. That’s what University of Washington researchers Peter Ney and Ian Smith have attempted to create with SeaGlass. “Up until now the use of IMSI-catchers around the world has been shrouded in mystery, and this lack of concrete information is a barrier to →
https://opensource.com/article/17/5/secure-open-source-devops?sc_cid=7016000000127ECAAY The key to secure app development is to “shift left”—move security testing away from late-stage production and back towards design and development. →
https://hbr.org/2017/06/11-things-the-health-care-sector-must-do-to-improve-cybersecurity No industry or sector is immune to hacking. That reality was made painfully clear in mid-May, when a cyberattacker using WannaCry ransomware crippled health care institutions and many other kinds of organizations around the world. In 2015 over 113 million Americans health records were exposed, and in 2016 the number was over 16 million. Experian predicted that the →
I visited today NOHAU seminar on industrial IoT and security related to it. The seminar content was in mixed Finnish and English language: Seminaari: Varaudu kyberhyökkäyksiin – Miten liität sulautetun laitteen turvallisesti internettiin? http://nohau.fi/events/hyodynna-ja-hallitse-teollinen-internet/ Ohjelma: 8.30 Aamupala ja rekisteröinti (breakfast and registration) 8:45 Tervetuloa – Nohau (wellcome) 9:00 Teollisen internetin businessmahdollisuudet, Jukka Nurmi, Director, IoT →
https://fossbytes.com/tor-anonymity-things-not-using-tor/ Being Anonymous online is the need of the hour, and TOR browser does that job quite efficiently and honestly. But there are some things that you need to keep in mind so that you don’t blow your anonymity cover while using the TOR network. →
https://pentestmag.com/write-secure-code-cc-programming-languages/ Secure coding in C/C++ programming languages is a big deal. The two languages, which are commonly used in a multitude of applications and operating systems, are popular, flexible, and versatile – and often vulnerable to exploitation. Sometimes the solution is to code using a safer language like Java. However, this is not always the →
http://www.theregister.co.uk/2017/05/23/enisa_proposes_internet_of_things_security_standards/ European network and infosec agency ENISA has taken a look at Internet of Things security, and doesn’t much like what it sees. So it’s mulling a vendor’s nightmare that the US and UK dared not approach: security regulation – at least the minimal regulation of testing and certification. IoT security needs bottom-to-top baseline requirements, →