Language Selection

English French German Italian Portuguese Spanish

Security: Updates, US Weapons Systems, and Voting Risks

Filed under
Security
  • Security updates for Thursday
  • US Weapons Systems Are Easy Cyberattack Targets, New Report Finds

    Specifically, the report concludes that almost all weapons that the DOD tested between 2012 and 2017 have “mission critical” cyber vulnerabilities. “Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” the report states. And yet, perhaps more alarmingly, the officials who oversee those systems appeared dismissive of the results.

  • Election security groups warn of cyber vulnerabilities for emailed ballots

    Experts from both the private and public sector have warned about the vulnerabilities of online voting for years, but the report comes at a time of heightened alarm about election interference from hostile nation-states or cyber criminals.

More in Tux Machines

Today in Techrights

Security: Nest Lockout, Moment of Truth for Cyber Insurance, DNS Hijacking Attacks and Australian Cracking

  • Nest is locking customers out of accounts until they fix their security

    Emails were sent last night to all users that may have been affected by recent [breaches], with a new password being mandatory, as it tries to avoid the "I'll do it later" attitude that means that often vulnerable passwords remain in use for months or years.

  • A Moment of Truth for Cyber Insurance

    Mondelez’s claim represents just a fraction of the billions of dollars in collateral damage caused by NotPetya, a destructive, indiscriminate cyberattack of unprecedented scale, widely suspected to have been launched by Russia with the aim of hurting Ukraine and its business partners. A compromised piece of Ukrainian accounting software allowed NotPetya to spread rapidly around the world, disrupting business operations and causing permanent damage to property of Mondelez and many others. According to reports, Zurich apparently rejected Mondelez’s claim on the grounds that NotPetya was an act of war and, therefore, excluded from coverage under its policy agreement. If the question of whether and how war risk exemptions apply is left to the courts to decide on a case-by-case basis, this creates a profound source of uncertainty for policyholders about the coverage they obtain.

  • A Deep Dive on the Recent Widespread DNS Hijacking Attacks

    The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

    This post seeks to document the extent of those attacks, and traces the origins of this overwhelmingly successful cyber espionage campaign back to a cascading series of breaches at key Internet infrastructure providers.

  • With elections weeks away, someone “sophisticated” [cracked] Australia’s politicians

    With elections just three months away, Australian Prime Minister Scott Morrison announced on February 18 that the networks of the three major national political parties had been breached by what Australian security officials described as a "sophisticated state actor."

  • Australia's major political parties [cracked] in 'sophisticated' attack ahead of election

    Sources are describing the level of sophistication as "unprecedented" but are unable to say yet which foreign government is behind the attack.

  • Parliament attackers appear to have used Web shells

    Attackers who infiltrated the Australian Parliament network and also the systems of the Liberal, National and Labor Parties appear to have used Web shells – scripts that can be uploaded to a Web server to enable remote administration of a machine.

Android Leftovers

How Linux testing has changed and what matters today

If you've ever wondered how your Linux computer stacks up against other Linux, Windows, and MacOS machines or searched for reviews of Linux-compatible hardware, you're probably familiar with Phoronix. Along with its website, which attracts more than 250 million visitors a year to its Linux reviews and news, the company also offers the Phoronix Test Suite, an open source hardware benchmarking tool, and OpenBenchmarking.org, where test result data is stored. According to Michael Larabel, who started Phoronix in 2004, the site "is frequently cited as being the leading source for those interested in computer hardware and Linux. It offers insights regarding the development of the Linux kernel, product reviews, interviews, and news regarding free and open source software." Read more