Read Time:4 Second
Cyber-criminals are exploiting the busy period during both purchase and delivery stages
Monthly Archives: November 2022
Successful Hack of Time-Triggered Ethernet
Read Time:55 Second
Time-triggered Ethernet (TTE) is used in spacecraft, basically to use the same hardware to process traffic with different timing and criticality. Researchers have defeated it:
On Tuesday, researchers published findings that, for the first time, break TTE’s isolation guarantees. The result is PCspooF, an attack that allows a single non-critical device connected to a single plane to disrupt synchronization and communication between TTE devices on all planes. The attack works by exploiting a vulnerability in the TTE protocol. The work was completed by researchers at the University of Michigan, the University of Pennsylvania, and NASA’s Johnson Space Center.
“Our evaluation shows that successful attacks are possible in seconds and that each successful attack can cause TTE devices to lose synchronization for up to a second and drop tens of TT messages—both of which can result in the failure of critical systems like aircraft or automobiles,” the researchers wrote. “We also show that, in a simulated spaceflight mission, PCspooF causes uncontrolled maneuvers that threaten safety and mission success.”
Much more detail in the article—and the research paper.
Instagram Credential Phishing Attacks Bypass Microsoft Email Security
Police force published sexual assault victims’ names and addresses on its website
Read Time:19 Second
A UK police force has apologised after it published the names and addresses of victims of sexual assault on its website.
Suffolk Police says that it has launched an investigation into how victims’ names, addresses, dates of birth, and details of reportedly hundreds of alleged offences were left on public view.
Read more in my article on the Hot for Security blog.
Emerging Threat Actor DEV-0569 Expands Its Toolkit to Deliver Royal Ransomware
Read Time:7 Second
As well as malvertising and phishing links, the new threat actor is now also using contact forms to deliver its payloads, found Microsoft
Noname Security releases Recon attack simulator
Read Time:30 Second
As breaches increase and companies scramble to go from a defensive to an offensive approach, API-focused Noname Security has launched Recon, whice simulates an attacker performing reconnaissance on an organization’s domains.
Recon works from a root-level domain to find other domains, shadow domains, sub-domains, APIs, vulnerabilities, and public issues that put the organization at risk, according to Noname. “Then we start looking at, both actively and passively looking at any API-related information pertaining to those domains,” Troy Leilard, regional solution architect lead ANZ, tells CSO.
Netflix Phishing Emails Surge 78%
Security Recruiter Directory
Read Time:35 Second
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop.
The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.
If you’re a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.
Security Recruiter Directory
Read Time:35 Second
Looking for a qualified candidate or new job? CSO’s security recruiter directory is your one-stop shop.
The recruiters listed below can help you find your next chief information security officer (CISO) or VP of security and fill hard-to-hire positions in risk management, security operations, security engineering, compliance, application security, penetration testers, and computer forensics, among many others.
If you’re a security recruiting firm, we want your information! Our goal is to provide the most complete recruiter resource available, but to do that we need your assistance. Please send the name, contact info and a few sentences about your company and its specialties to Michael Nadeau.