Malware-Infested Smart Card Reader
Schneier on Security
MAY 26, 2022
Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.
This site uses cookies to improve your experience. By viewing our content, you are accepting the use of cookies. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country we will assume you are from the United States. View our privacy policy and terms of use.
Schneier on Security
MAY 26, 2022
Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.
Security Boulevard
MARCH 27, 2024
The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last year’s far-reaching hack of Progress Software’s MOVEit managed file transfer tool.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
MARCH 9, 2024
One of the systems impacted by the incident is used to facilitate the sharing of cyber and physical security assessment tools among federal, state, and local officials. The second system was holding information related to the security assessment of chemical facilities. The impact was limited to two systems, which we immediately took offline.
SecureWorld News
DECEMBER 15, 2020
Here are updates coming in: CISA emergency directive to unplug SolarWinds Orion products. The Cybersecurity and Infrastructure Security Agency (CISA) moved quickly to cut government servers from SolarWinds updates. Government. Known affected products: Orion Platform versions 2019.4 through 2020.2.1 through 2020.2.1
Krebs on Security
MAY 17, 2022
government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. government smart cards. government smart cards.
Schneier on Security
MARCH 1, 2021
Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The US government deserves considerable blame, of course, for its inadequate cyberdefense. Who is at fault? There are two problems to solve.
Schneier on Security
DECEMBER 15, 2020
The press is reporting a massive hack of US government networks by sophisticated Russian hackers. Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years.
Security Boulevard
DECEMBER 6, 2023
A security flaw in Adobe’s ColdFusion application development tool that was patched in March continues to be a headache for organizations running unpatched versions of the product. The post CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency appeared first on Security Boulevard. This week, the U.S.
Schneier on Security
AUGUST 11, 2020
Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. And I'm sure they sell to the US government; it's legal and why would they forgo those sales? The company told The Wall Street Journal it restricts the sale of U.S.
Adam Levin
SEPTEMBER 28, 2020
federal, state, and local government agencies, announced that its internal systems were hacked last week. . The company, which provides election, information management and emergency management systems to over 15,000 government offices across the country, announced the hack after its website was taken offline Wednesday, September 23.
Dark Reading
SEPTEMBER 23, 2022
The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.
Krebs on Security
OCTOBER 17, 2023
ARIN’s civil case caught the attention of federal prosecutors in South Carolina, who in May 2019 filed criminal wire fraud charges against Golestan , alleging he’d orchestrated a network of shell companies and fake identities to prevent ARIN from knowing the addresses were all going to the same buyer.
CSO Magazine
MARCH 16, 2022
Germany’s Federal Office for Information Security (BSI) has warned businesses against using Kaspersky virus protection products amid concerns of Russian technology being coerced by Russian government agents and forced to attack target systems against its will or spied on. federal agencies in 2017.
The Last Watchdog
DECEMBER 14, 2023
Nearly $400 million was lost as 28 Toyota production lines shut down. Rebecca Krauthamer , Co-founder and CPO, QuSecure Krauthamer As new standards for quantum-resilient cryptography come into effect, many government agencies will move toward quantum-readiness. Their guidance: Snehal Antani , CEO, Horizon3.ai
Krebs on Security
JUNE 15, 2023
government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.
Schneier on Security
NOVEMBER 24, 2021
NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers. Apple’s lawsuit seeks to ban NSO Group from further harming individuals by using Apple’s products and services.
Malwarebytes
MARCH 5, 2024
A California federal judge has ordered spyware maker NSO Group to hand over the code for Pegasus and other spyware products that were used to spy on WhatsApp users. NSO Group is closely regulated by the Israeli ministry of defense, which reviews and has to approve the sale of all licenses to foreign governments or entities.
Krebs on Security
JUNE 10, 2022
At the outset of their federal criminal trial for hijacking vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct (now Amobee ) have pleaded guilty to lesser misdemeanor charges of fraud and misrepresentation via email.
Joseph Steinberg
MARCH 8, 2022
CyberSecurity Expert Joseph Steinberg and US Congresswoman Claudia Tenney (NY 22) will discuss the cybersecurity threat posed by China to the USA, and how differing security policies at federal and state levels are aggravating matters for Americans in this regard.
Schneier on Security
FEBRUARY 4, 2021
Department of Agriculture, was among the affected organizations, raising fears that data on thousands of government employees may have been compromised. […]. Reuters was not able to establish how many organizations were compromised by the suspected Chinese operation.
CyberSecurity Insiders
JUNE 16, 2022
Ireland government has proclaimed that it is joining Microsoft Government Security Program (GSP) and so will be getting needed help in defending its country’s critical infrastructure from cyber attacks. NOTE 1- GSP is being offered by the American tech giant for people to trust in its products and services.
CyberSecurity Insiders
MARCH 16, 2022
Kaspersky has hit back at the recently released advisory of German authorities that urges organizations to stop using products of the said Anti Virus firm, due to the tensions prevailing between the West and the Russian federation. Ours is a private firm and has nothing to do with the actions of the Russian government in any form.
Security Affairs
NOVEMBER 16, 2022
Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. Log4Shell impacts the products of several major companies that use Log4j, but in many attacks, the vulnerability has been exploited against affected VMware software. Pierluigi Paganini.
Krebs on Security
JANUARY 23, 2019
federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. The loss in productivity and pertinent intelligence is immeasurable.”
Krebs on Security
DECEMBER 18, 2020
government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. 3, and said it learned about the flaw from the NSA. .” ” Also on Dec.
Security Affairs
FEBRUARY 1, 2024
CISA is ordering federal agencies to disconnect Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours. For the first time since its establishment, CISA is ordering federal agencies to disconnect all instances of Ivanti Connect Secure and Ivanti Policy Secure products within 48 hours.
Security Affairs
SEPTEMBER 21, 2022
Federal Communications Commission (FCC) has added more Chinese telecom firms to the Covered List. Federal Communications Commission (FCC) has added Pacific Network Corp, ComNet (USA) LLC, and China Unicom (Americas) Operations Limited, to the Covered List. ” reads the announcement published by the FCC. national security.
CyberSecurity Insiders
MARCH 4, 2022
As Russian President Putin is in a mindset of finishing the war only after he takes control of all Ukrainian cities, tech companies from America are announcing their retaliation backed business withdrawals in the said region, in compliance with the government sanctions.
SecureWorld News
JANUARY 29, 2024
The mandate under the Defense Production Act is part of sweeping measures to manage the risks of AI laid out in a recent Executive Order. However, Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, said that government and industry partnerships are key for achieving more secure, ethical AI. "AI Department of Commerce.
Security Boulevard
MARCH 3, 2023
Have you started pulling together information for the government’s requirement of self-attestation as to the security practices you follow in your SDLC for any software used or purchased by the U.S. federal government?
Security Affairs
DECEMBER 5, 2023
CISA warns that threat actors are actively exploiting a critical vulnerability in Adobe ColdFusion to breach government agencies. Cybersecurity and Infrastructure Security Agency (CISA) is warning about threat actors actively exploiting a critical vulnerability ( CVE-2023-26360 ) in Adobe ColdFusion to breach government agencies.
Malwarebytes
MARCH 7, 2024
Intellexa is based in Greece but the Treasury Department imposed the sanctions because of the use of the spyware against Americans, including US government officials, journalists, and policy experts. The Entity List is a trade control list created and maintained by the US government.
Security Boulevard
MARCH 14, 2023
One of the requirements of Executive Order 14028, issued in May 2021 and designed to improve the nation’s cybersecurity, is that software producers who supply the federal government provide a software bill of materials (SBOM) for each product.
Security Boulevard
SEPTEMBER 10, 2022
Cloud companies that wish to do business with the United States federal government can only do so if they receive authorization under the Federal Risk and Authorization Management Program (FedRAMP).
eSecurity Planet
JANUARY 22, 2021
As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point. government, standards will not apply to the IoT market at-large. government, standards will not apply to the IoT market at-large.
Krebs on Security
MARCH 5, 2021
Cybersecurity & Infrastructure Security Agency (CISA), other government agencies, and security companies, to ensure it is providing the best possible guidance and mitigation for its customers. ” the government cybersecurity expert said. ’ But how are they securing their non-cloud products?
Security Affairs
DECEMBER 14, 2020
Hackers broke into the networks of federal agencies and FireEye by compromising SolarWinds’ Orion Network Management Products. The US agency is calling on all federal civilian agencies to review their networks for indicators of compromise power down SolarWinds Orion products immediately. .
SecureWorld News
MAY 18, 2022
Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring F ederal Civilian Executive Branch (FCEB) agencies to update specific VMWare products or remove them from agency networks until the update can be applied.
Security Boulevard
SEPTEMBER 19, 2022
Most organizations develop three to five-year phasing plans for most IT and cyber products to align with the manufacturer’s end-of-development, end-of-support, and end-of-life product life cycles and keep up with the latest security risks. Separating Product Sunsetting from Process. The risk of products going early end of life.
Security Affairs
NOVEMBER 24, 2022
The British government banned the installation of Chinese-linked security cameras at sensitive facilities due to security risks. Reuters reports that the British government ordered its departments to stop installing Chinese security cameras at sensitive buildings due to security risks. Federal Communications Commission (FCC).
Thales Cloud Protection & Licensing
SEPTEMBER 2, 2021
To achieve its goal, the EO sets forward specific requirements: “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture ; accelerate movement to secure cloud services” [Section 3(a)]. develop a Federal cloud-security strategy and provide guidance to agencies accordingly” [Section 3(c)(i)].
CSO Magazine
MARCH 21, 2023
Ping Identity, a Colorado-based IAM software vendor, is making a new product, PingOne Neo, available in a limited early access program. PingOne Neo is designed as a decentralized platform, as opposed to the heavily federated systems commonly in use. It works something like a wallet, according to the company.
Security Boulevard
MARCH 21, 2023
More and more organizations are deploying a software bill of materials (SBOM) to identify and track the various components of the software products they develop or use. federal government mandates, improve the software supply chain or some other reason. What’s in an SBOM? The post What’s in an SBOM?
Security Affairs
FEBRUARY 12, 2023
Australia’s Defense Department announced that they will remove surveillance cameras made by Chinese firms linked to the government of Beijing. Australia’s Defense Department is going to replace surveillance cameras made by Chinese firms Hikvision and Dahua, who are linked to the government of Beijing. ” reported The Guardian. .”
Expert insights. Personalized for you.
We have resent the email to
Are you sure you want to cancel your subscriptions?
Let's personalize your content