According to this link, https://techcrunch.com/2019/07/31/security-lapse-exposed-weak-points-on-hondas-internal-network/, an exposed database at automotive giant Honda allowed anyone to see which systems on its network were vulnerable to unpatched security flaws, potentially giving hackers insider knowledge of the company’s weak points. The server contained 134 million rows of employee systems data from the company’s endpoint security service, containing technical details of each computer and device connected to the internal network The database has no password The data included which operating system a user was running, its unique network identifiers and IP address, the status of the endpoint protection, and which patches were installed What makes this data…
ISBuzz Team
The Department of Homeland Security has issued a security alert for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft. Engine readings, compass data, altitude and other readings “could all be manipulated to provide false measurements to the pilot,” according to the DHS alert. The issue, which was discovered by a Boston-based cybersecurity company and reported to the federal government, found that an attacker could potentially disrupt electronic messages transmitted across a small plane’s network. For example, by attaching a small device to its wiring, that would affect…
Five Eyes, the anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States, has come out against the use of end-to-end encryption and asked technology firms to install backdoor access to encrypted communications. After a two-day summit in London, the ministers from the member countries said the efforts of law enforcement agencies to investigate and prosecute the most serious crimes would be “hampered” if the industry carries out plans to implement end-to-end encryption, “without the necessary safeguards”. However, concerns over the security issues that may arise if end-to-end encryption is scrapped seem to widely shared.
It has been reported that Google’s team of security researchers have discovered six devastating flaws in Apple’s iMessage app, one of which they claim the company has not fixed. Five of the critical bugs which the team found in Apple’s instant messaging service iMessage have now been fixed. One of the flaws impacted both Macs and iPhones, but would cause iPhones to crash and become unusable even after being reset. Another of the flaws could allow an attacker to remotely access an Apple device and copy files off it without the owner even having to respond to a security prompt. These bugs were addressed in…
Sometimes security and risk management professionals – even corporate executives and boards – are so focused on protecting against sophisticated attacks that they take their eyes off the seemingly mundane, but no less important, tasks required to secure an enterprise. Basic vulnerabilities in software and infrastructure are the perfect example. Vulnerability discovery is one area where this oversight challenge commonly dominates operations. Since you can’t fix what you can’t see, only a fraction of vulnerabilities are actually getting patched. By some accounts, as little as 10% of vulnerabilities are actually detected and remediated. Vulnerabilities within software and infrastructure remain, and security initiatives…
Integrating security into DevOps to deliver DevSecOps is no easy task: It requires changing the team’s mindset, processes, and technology. Each company’s ultimate goal should be to keep DevOps collaborative and agile, which means making security silent in DevSecOps. To accomplish this, your team will require very close integration with security systems. This calls for maximum security integration throughout the software development lifecycle. Ideally, every team could integrate security and compliance testing seamlessly into DevSecOps so that developers don’t have to leave their continuous integration tool. While there are many challenges in achieving this, it doesn’t mean it’s impossible. Let’s…
Reports have surfaced about a group of vulnerabilities in OS VxWorks that impacts more than 200 million critical devices. It appears that VxWorks is primarily designed for medical equipment, elevator controllers and satellite modems. According to reports, there is a cluster of 11 vulnerabilities in the platform’s networking protocols, six of which could conceivably give an attacker remote device access, and use a worm to spread the malware to other VxWorks devices around the world. The patching process is expected to be long and difficult, so presenters will be sharing their findings at the Black Hat conference in Las Vegas next week.
Companies today are exposed to an increasingly complex array of risks, threats and uncertainties, which are only expected to accelerate in the years to come. Whether driven by technological developments, cybersecurity threats, data privacy concerns, or natural disasters, coping with accelerating change and the evolving threat landscape is no longer a business advantage, it’s a business necessity. Digital transformation, meanwhile, is accelerating expectations of pace and availability amongst end-users. The demand for always-on services to run and be available without fail 24/7 has created a series of resilience imperatives that companies, and the data centres supporting them, must account for.…
No matter what the industry, you will find employees that often fly under the radar, going mostly unnoticed despite the essential part they play to keep the businesses up and running. System Administrators, or SysAdmins, are one of these humble cogs in the wheel that have a very important job – to consistently monitor and manage IT infrastructures. This ensures that technical issues can be identified and resolved as quickly as possible, and avoids risking the dreaded downtime which can impact big things like customer satisfaction, reputation and profit. To celebrate the work they do, System Administrator Appreciation Day is…
International beauty retailer Sephora has emailed customers in the Southeast Asia region to inform them it has discovered a breach that occurred within the last fortnight. Sephora said some personal information may have been exposed to unauthorised third parties, including first and last name, date of birth, gender, email address, and encrypted password, as well as data related to beauty preferences but company confirmed no credit card information was accessed.