Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials

A new spy campaign by Mustang Panda uses fake US diplomatic briefings to target government officials. Discover how this silent surveillance operation works...

White House Warns of Possible Russian Cyberattacks

News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. … Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors...

Changing the monolith—Part 2: Whose support do you need?

In Changing the monolith—Part 1: Building alliances for a secure culture, I explored how security leaders can build alliances and why a commitment to change must be signaled from the top. But whose support should you recruit in the first place? In Part 2, I address considerations for the...

Time for day 2 of briefings at BlueHat Seattle!

We hope you enjoyed the first day of our BlueHat briefings and the Bytes of BlueHat reception in our glamping tent complete with toasted marshmallows. Yesterday, we learned a lot about how XboxOne hardware security has advanced the state of hardware security elsewhere, we heard some surprising...

Welcome to the second stage of BlueHat!

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast we have doughnuts! and bacon! and cereal!...

Welcome to the second stage of BlueHat!

We’ve finished two incredible days of security trainings at the Living Computer Museum in Seattle. Now it’s time for the second part of BlueHat: the briefings at ShowBox SoDo. We’ve got a big day planned, so head on down. Please join us for breakfast we have doughnuts! and bacon! and cereal!...

Countdown to Black Hat: Top 10 Sessions to Attend — #1

Black Hat USA 2019 offers a packed and impressive lineup of research briefings and hands-on training courses for the 19,000-plus security pros expected to attend this year’s event. The training sessions provide both offensive and defensive skills that security pros can use to tackle critical...

CISA Awareness Briefing on Chinese Malicious Cyber Activity

The Cybersecurity and Infrastructure Security Agency CISA will conduct a series of virtual awareness briefings on Chinese malicious cyber activity targeting managed service providers MSPs. Briefings will be held from 1–2 p.m. ET on the dates listed below: Wednesday, February 6 Friday, February 22...

Cisco IOS 11.x TFTP Server Long File Name Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5328/info A problem has been discovered in Cisco IOS and MGX switches that could result in a denial of service, and potential code execution. It has been discovered that the TFTP server file name handling of Cisco IOS is...

Android Vulnerability Bypasses App's Digital Signature

A vulnerability exists in the Android code base that would allow a hacker to modify a legitimate, digitally signed Android application package file APK and not break the app’s cryptographic signature—an action that would normally set off a red flag that something is amiss. Researchers at startup...

Virtual Machine Escape Exploit Targets Xen

Details of a dangerous virtual machine escape exploit were revealed Wednesday by French research outfit VUPEN Security. The attack exploits a recently reported vulnerability in Xen hypervisors and allows an attacker within a guest virtual machine to escape to the host and execute code. Virtual...

U.S. Cyber Command Using Classified Intel To Scare CEOs To Action

The U.S.’s Cyber Command is using special, classified briefings with private sector CEOs to scare them into greater vigilance about the threat of cyber attacks, according to an NPR report. The report, quoting unnamed participants in the classified, 2010 briefings said that government officials...

How Facebook and Facial Recognition Are Creating a Minority Report-Style Privacy Meltdown

Researchers at the annual Black Hat Briefings in Las Vegas have demonstrated how cloud computing, facial recognition technology, Facebook, a freely available personal information can be used to match faces in a crowd to detailed online profiles. The demonstration brings us closer to the brink of ...

Black Hat: Google's Chrome OS Could Enable Nasty Web Based Attacks

HED: Three Ways that Google’s Chrome OS Could Enable Really Nasty Web Based Attacks DEK: Researchers at the Black Hat Briefings conference in Las Vegas warn that Google’s new Chrome Operating System could enable certain kinds of Web based attacks Google’s new Chrome Operating System was designed ...

Siemens Patches SCADA Holes, Downplays Threat

In the wake of a report about vulnerabilities in its products, Siemens issued a patch for its Simatic S7 industrial controllers on Monday. ICS CERT, the Cyber Emergency Response Team for Industrial Control Systems, issued an alert advising Siemens customers to apply the patch. Siemens said its...