Collaborate Disseminate
In the news, the entire Nest ecosystem of smart home devices goes offline, how Alphabet plans to keep hackers away from this year’s election, the Node.js Ecosystem is chaotic and insecure, open-source vulnerabilities plague enterprise codebase sy… Continue reading Nest, Node.js, & F.Secure – Application Security Weekly #
After a colleague had their computer stolen from their hotel room during a security conference, these two Finnish researchers were determined to make hotel keys more secure. Continue reading This Master Hotel Key Could Have Unlocked ‘Millions of Doors’ Around the World
DFLabs launches new security incident response platform DFLabs announced a new version of its IncMan Security Orchestration, Automation and Response (SOAR) platform for enterprise SOC and MSSPs. IncMan R3 Rapid Response Runbooks now support ‘User Choic… Continue reading New infosec products of the week: March 16, 2018
Over one-third of all security incidents start with phishing emails or malicious attachments sent to company employees, according to F-Secure. Types of attacks The single most common source of breaches analyzed in the report was attackers exploiting vu… Continue reading Email inboxes still the weakest link in security perimeters
F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitl… Continue reading Intel AMT security issue gives attackers complete control over a laptop
Nearly one in three major CEOs has been pwned using their company email address, according to a new F-Secure study. In other words, a service they access using their company email has been hacked and the password they use for that service has leaked. Without proper password practices, this potentially increases their susceptibility to targeted attacks. F-Secure researched known company email addresses used by top executives from more than 200 of the biggest companies in … More → Continue reading CEO email exposure underscores the importance of password management
If there’s one thing that alarms even the hardened cybersecurity veterans at the Black Hat convention this year, it’s the huge attack surface represented by the burgeoning internet of things — and at least two researchers are presenting solutions designed to secure connected devices. Mikko Hypponen, chief research officer for F-Secure was touting his company’s solution for consumer devices; and Brian Knopf, Neustar’s senior security researcher gave a presentation about an alternative to Public Key Infrastructure encryption that enterprises can use to secure their IoT devices. “PKI is awful,” Knopf told CyberScoop, “It works OK for browsers … but it wasn’t designed for IoT devices … The problem is the scale.” PKI is a form of asymmetric encryption, in which users have a private key and a public key. Anyone with the public key can encrypt a message, which can then only be unscrambled with the private key. PKI is the basis for most internet […]
The post Everyone is working on their own ways to secure IoT appeared first on Cyberscoop.
Continue reading Everyone is working on their own ways to secure IoT
F-Secure researchers have discovered a bucketload of serious security vulnerabilities affecting IP cameras made by Chinese manufacturer Foscam. Even though notified months ago, Foscam has still not fixed the issues. The researchers have found the holes in the Opticam i5 HD device and the Foscam C2, but say it’s very likely that they affect other camera models manufactured by the company, as well as other products Foscam manufactures and sells under other brand names: Chacon, … More → Continue reading Foscam IP cameras riddled with gaping security holes
Security researchers have discovered over a dozen of vulnerabilities in tens of thousands of web-connected cameras that can not be protected just by changing their default credentials.
Vulnerabilities found in two models of IP cameras from China-based… Continue reading Hard-coded Passwords Make Hacking Foscam ‘IP Cameras’ Much Easier
A mysterious group appears to be relying on hacking tools that were originally stolen from Italian surveillance company Hacking Team — and leaked online two years ago — to spy on European government officials, think tanks and journalists, according to new research published Thursday by cybersecurity firm F-Secure. Dubbed the “Callisto Group,” the hackers were first discovered by F-Secure after they sent a wave of phishing emails to a wide array of different targets that were all similarly involved in either discussing or reporting on government policies related to foreign affairs and national security. The BBC reported Thursday that one of those targets was the UK’s Foreign and Commonwealth Office. Several F-Secure contacts received the suspicious phishing emails and sent samples to the Finnish company. The final payload for the malware-laden attachments contained, according to F-Secure, an outdated variant of the Hacking Team’s “Scout” tool, which is typically sold as part […]
The post ‘Amateurish’ espionage campaign launched with leaked Hacking Team tools appeared first on Cyberscoop.
Continue reading ‘Amateurish’ espionage campaign launched with leaked Hacking Team tools