When you log in to Facebook this week, you may be greeted by a notification in your news feed titled “Protecting Your Information.” If you see one of these notifications, you may be among the potential 87 million users whose personal information was harvested from Facebook by Cambridge Analytica, a political consulting firm hired by President Trump’s 2016 election campaign. … [Read more...]
Learning From Boeing’s Infection – Daily Security Byte
Last week, a leaked memo from Boeing management informed the world that the top airplane manufacturer had gotten infected by the old WannaCry ransomworm. Since then, Boeing has downplayed the attack, saying it didn't affect production and is under control. Nonetheless, information security pundits wonder how such a large enterprise, which should have the best security controls … [Read more...]
TLS 1.3 Is Coming and That’s Just Fine
This week, the Internet Engineering Task Force (IETF) formally approved TLS 1.3 draft 28 as a Proposed Standard, officially making it the latest revision of the Transport Layer Security (TLS) protocol. The approval comes after four years of revision by the TLS Working Group and leaves TLS 1.3 only a few verified implementations away from receiving Internet Standard … [Read more...]
Remembering Adrian Lamo – Daily Security Byte
This Daily Security Byte is a little different. Last week, an infamous grey hat hacker, Adrian Lamo, passed away. In today's video, I share a little about his hacks and life for those that don't know about him. While Lamo didn't always follow the rules, he did work hard to improve the security of other organizations, and made an impact on the industry and my own thoughts about … [Read more...]
Crypto-jacking Is Getting Crazier by the Minute
Last week, Imperva discovered a new crypto-jacking attack, which they named RedisWannaMine. According to Imperva, the malware’s initial attack vector used a well-known web application vulnerability involving Apache Struts, affecting both database servers and application servers. Imperva, however, does not reveal the scope or numbers of vulnerable systems that have been … [Read more...]
