Browser autofill used to steal personal details in new phishing attack | Technology | The Guardian
https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari →
https://www.theguardian.com/technology/2017/jan/10/browser-autofill-used-to-steal-personal-details-in-new-phising-attack-chrome-safari →
https://www.scmagazine.com/debugging-mechanism-in-intel-cpus-allows-seizing-control-via-usb-port/article/630480/ Some Intel CPUs have JTAG over USB 3 debugging built-in. This could be good for debugging but is really bad for computer security. “starting with the Skylake processor family in 2015, Intel introduced the Direct Connect Interface (DCI) which provides access to the JTAG debugging interface via common USB 3.0 ports.” Having the DCI →
http://www.csoonline.com/article/3155572/internet-of-things/john-mcafees-3-major-cybersecurity-predictions-for-2017.html Cybersecurity predictions: 1. IoT denial of service attacks on major Internet carriers will become commonplace 2. The anti-virus paradigm will finally been seen as a dead paradigm 3. Intelligence agencies will finally accept the fact that a sophisticated Nation State can perpetrate any hack and make it point to any Nation or agency that →
https://www.tripwire.com/state-of-security/security-data-protection/70-europeans-arent-willing-sacrifice-privacy-new-services-survey-reveals/ Europeans seem to want good security. →
https://threatpost.com/ftc-d-link-failed-to-secure-routers-ip-cameras/122895/ Legal process against companies that seem to have failed in IoT security in 2016 seems to be starting now. I expect that also several other companies will get similar treatment – very many companies have had same type security problems. →
https://www.wired.com/2017/01/biggest-security-threats-coming-2017/ Wired magazine shares it’s view on security threats coming this year. →
http://www.theregister.co.uk/2017/01/03/android_tops_2016_vuln_list_with_523_bugs/?mt=1483419470366 This article tells how vulnerabilities with CVE numbers were divided in 2016. Adobe and Microsoft were on top, but Google’s Android aimed highest ever. →
http://arstechnica.com/security/2016/12/did-russia-tamper-with-the-2016-election-bitter-debate-likely-to-rage-on/ Released report does not have good solid evidence who was behind the attacks. This article also tells why it is hard to know who is really behind those attacks – it is well possible that hackers faked some of the evidence. Whoever did this, if they wanted to cause disruption and lack of faith, →
https://theintercept.com/2016/12/31/russia-hysteria-infects-washpost-again-false-story-about-hacking-u-s-electric-grid/ →
Washington Post posted a catchy headline: Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say Electrical grid can be hacked also in USA – and it was hacked. But this headline is making thing to look more dangerous than what the actual incident was. Also Reuters reported it: Code →