News

AvosLocker is a ransomware-as-a-service (RaaS) gang which first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities. Read more in my article on the Tripwire State of Security blog. Read More

Read More

HP has published various security alerts for more than 250 of its printer models. Hackers should be able to inject malicious code, denial-of-service (DoS) attacks to start and access data. As a countermeasure, the manufacturer recommends firmware updates and configuration changes. Gateway LLMNR protocol The first vulnerability, CVE-2022-3942, is classified as critical with a value of 8.4. According to Heise, attackers can…

Read More

IriusRisk has launched a new Open Threat Model (OTM) standard to allow greater connectivity and interoperability between threat modeling and other parts of the software development lifecycle (SDLC). The OTM standard has been published under a Creative Commons license and provides a tool-agnostic way of describing a threat model in a simple to use and…

Read More

IBM’s new Unified Key Orchestrator lets customers integrate multiple security key-management systems into a single managed service that spans hybrid and multicloud environments. Read More

Read More

Comcast is releasing a new software tool, xGitGuard, as an open source project to the community at large. The tool is designed to proactively search the open source repositories of GitHub for code that was supposed to remain proprietary. The idea behind xGitGuard is to provide an automated method of checking through GitHub repositories for…

Read More

Editor’s Note: This is the third in a series of articles about how we can help our elder parents get the most out of digital life—the ways we can help them look after their finances and health online, along with how they can use the internet to keep connected with friends and family, all safely…

Read More

Splunk warns that there’s little time to stop attacks once in progress Read More

Read More

The Office of Inspector General has audited NASA’s insider threat program: While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency’s information technology (IT) systems — including many containing high-value assets or critical infrastructure — are unclassified and are therefore not covered by its current insider…

Read More

Photos of infants included in misconfigured S3 bucket Read More

Read More

10 Ways organizations make attacks easy What do cybercriminals love? (Mostly themselves, but that is beside the point.) They love organizations that have unmitigated risks in their web applications and application program interfaces (APIs). With the entire world connected via the internet, the easiest and quickest way for threat actors to infiltrate your systems or…

Read More