Cybersecurity

https://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/ O2-Telefonica in Germany has confirmed to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7: Thieves exploited SS7 to intercept two-factor authentication codes sent to online banking customers. Is this beginning of end for use of SMS for two factor authentication? SS7 was known to be →

https://www.wired.com/2017/05/hundreds-apps-can-listen-beacons-cant-hear/?mbid=social_fb THERE ARE PLENTY of privacy-invading marketing ploys to worry about in life. Some examples are easy to notice, some are more subtle. In the most inconspicuous hustle of all, apps have increasingly incorporated ultrasonic tones to track consumers.  →

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/ This looks quite nasty security issue for very many PCs. It seems that Intel has confirmed it. You can read their advisory here. The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) →

https://www.marketplace.org/2017/04/20/tech/make-me-smart-kai-and-molly/blog-main-differences-between-internet-privacy-us-and-eu European privacy regulations are generally more consumer-focused than U.S. rules. “Who is the focus of these laws? Is it about protecting us, and giving us all the information we need and allowing us to make informed choices?”  “Or is it about allowing Comcast to keep up with Google and Facebook when it comes to →

http://resources.infosecinstitute.com/cyber-risks-industrial-environments-continue-increase/ Industrial control systems (ICS) are a privileged target of different categories of threat actors. Researchers observed a significant increase of brute force attacks on supervisory control and data acquisition (SCADA) systems. In December, IBM warned of the availability of a penetration testing framework named smod that was used in many attacks in the wild.  Organization in any industry can →

http://spectrum.ieee.org/computing/hardware/invasion-of-the-hardware-snatchers-cloned-electronics-pollute-the-market Unlike counterfeit electronics of the past, modern clones are very sophisticated.  The counterfeiters make their own components, boards, and systems from scratch and then package them into superficially similar products. The clones may be less reliable than the genuine product, having never undergone rigorous testing. But they may also host unwanted or even malicious software, firmware, →

https://venturebeat.com/2017/04/18/new-password-guidelines-say-everything-we-thought-about-passwords-is-wrong/ There is a draft of new guidelines for password management from NIST (the National Institute of Standards and Technology). There is a number of very progressive changes they proposed. Although NIST’s rules are not mandatory for nongovernmental organizations, they usually have a huge influence as many corporate security professionals. →

https://opensource.com/article/17/3/iot-security-raspberry-pi?sc_cid=7016000000127ECAAY  This article tries to get you thinking of security at an appropriate level for your Raspberry Pi and IoT projects without scaring you away from playing, experimenting, and innovating. It’s about striking a balance. Don’t let a challenge stop you from trying. Just be aware of the big picture for securing your projects. →

https://www.hackster.io/naran-inc/diy-smart-home-doorbell-2-0-works-with-alexa-690c33?ref=channel&ref_id=425_published___&offset=1 This looks worth to check out project: Build your own DIY smart home doorbell for cheap, get notified when your guest knock at your door and remotely open by voice command. →

http://www.securityweek.com/owasp-proposes-new-vulnerabilities-2017-top-10?utm_content=buffer1a6b0&utm_medium=social&utm_source=linkedin.com&utm_campaign=buffer The Open Web Application Security Project (OWASP) announced on Monday the first release candidate for the 2017 OWASP Top 10, which proposes two new vulnerability categories. →