Security Alerts & News
by Tymoteusz A. Góral

History
#224 Wearable warning: IEEE highlights top security risks for fitness trackers
The report, “WearFit: Security Design Analysis of a Wearable Fitness Tracker”, argues poorly designed wearables are a security threat. The IEEE report says the popularity of wearables coupled with the amount of sensitive personal data they collect and share with third-parties make them an attractive target. IEEE’s focus for this report is on fitness trackers worn on the wrist that track heart rate, physical activity, have sensors such as accelerometers and can use a third-party device’s connecti
#223 Honeypots illustrate scores of vulnerabilities in medical devices
In the eyes of many, including Scott Erven, a medical device security advocate who spoke at last week’s Security Analyst Summit, the healthcare sector is a good 10 to 15 years behind the retail sector when it comes to security.
#222 The Secret Behind CryptoWall’s Success - IMPERVA report (PDF)
The team was very interested in peeling the layers in the financial transactions and seeing how far we could go with information available in the open. They wanted to find out if there were indeed many criminals behind the ruthless ransomware or just a handful of very organized gangs. Also, much of the data analyzed is from before the FBI, in October 2015, advised victims to pay up to recover the data.
#221 Apple rejects order to unlock gunman's iPhone
Tim Cook: We oppose this order, which has implications far beyond the legal case at hand
#220 How to bypass LG V10 smartphone’s fingerprint security in just 30 seconds
A troubling vulnerability has been uncovered that may make you think twice about ever even temporarily allowing a friend, partner or acquaintance to use your new LG V10 Android smartphone.
#219 How to Safely Store a Password in 2016
Proactively upgrading legacy hashes is a security win over an opportunistic strategy (rehashing when the user logs in, but leave the insecure hashes in the database for inactive users): With a proactive strategy, if your server gets compromised before everyone logs in again, their passwords are already using an acceptable algorithm.
#218 Russian cyberspy group uses simple yet effective Linux Trojan
A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.
#217 FBI: Apple ordered to unlock San Bernardino gunman's iPhone
A court order demands Apple help circumvent security software on Farook's iPhone, which the FBI said contains crucial information.
#216 Australia: WA Parliament experiences cybersecurity breach: Report
it has been reported that the phone, internet, and email systems at Western Australia's Parliament House are down as the result of a cyber breach that occurred Tuesday night.
#215 Massive US-planned cyberattack against Iran went well beyond Stuxnet
The Stuxnet computer worm that destroyed centrifuges inside Iran's Natanz uranium enrichment site was only one element of a much larger US-prepared cyberattack plan that targeted Iran's air defenses, communications systems, and key parts of its power grid, according to articles published Tuesday.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12