RSS Reader for Computer Security Articles
It's the day after the 2020 Iowa caucuses, and the Iowa Democratic Party has yet to announce the winner. The app that precinct leaders were supposed to use to report final tallies recorded inconsistent results. Party leaders blamed a "coding issue" within the app, not a hack or attack. Computerworld's Lucas Mearian joins Juliet to discuss the problem with mobile voting and how this snafu may affect the reputation of app voting in the future.
Credit to Author: Preston Gralla| Date: Tue, 04 Feb 2020 03:00:00 -0800
It’s no secret that hackers the world over target Windows vulnerabilities in order to wreak havoc, hold up data and networks for ransom, pull off money-making scams, and disrupt elections and the workings of democracy. They target Windows for a simple reason: volume. The operating system is on the vast majority of desktop and laptop computers worldwide.
Over the years, the U.S. National Security Agency (NSA) has unwittingly helped hackers in some of the world’s most dangerous and notoriously successful attacks by developing tools to exploit Windows security holes, rather than alert Microsoft to those vulnerabilities. Some of the tools have been leaked to hackers and used in massive attacks, including the EternalBlue cyber-exploit, which was used in the WannaCry global ransomware attack that affected computers in more than 150 countries and is estimated to have caused billions of dollars in damage.
Credit to Author: BrianKrebs| Date: Fri, 31 Jan 2020 21:06:18 +0000
On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges. The news came while KrebsOnSecurity was conducting a video interview with the two accused (featured below).
Read More
Credit to Author: Woody Leonhard| Date: Thu, 30 Jan 2020 10:14:00 -0800
Time and again we see the same drama play out. Microsoft releases a security patch and scary warnings appear from every corner. When your local news broadcast tells you that you better patch Windows right now…, more temperate advice should prevail.
A little over two weeks ago, on Patch Tuesday, Microsoft released a patch for a security hole known as CVE-2020-0601 – the Crypt32.dll vulnerability also called ChainOfFools or CurveBall.
Credit to Author: Lucas Mearian| Date: Thu, 30 Jan 2020 03:00:00 -0800
The largest electronic medical record (EMR) vendor in the U.S. is fighting a proposed government rule to allow patients and their physicians greater access to electronic health information – regardless of the technology platform – to promote data exchange.
According to a number of recent reports, EMR vendor Epic Systems is lookng to derail the finalization of a rule from the Department of Health and Human Services (HHS) that would implement some provisions of the 21st Century Cures Act. In particular, the rules governing information-blocking of patient healthcare information and EMR interoperability are at the heart of the fight.
Credit to Author: BrianKrebs| Date: Wed, 29 Jan 2020 19:02:56 +0000
Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web.
Read More
Take stock of how people and devices access your network and block potential avenues of attack.
Credit to Author: BrianKrebs| Date: Tue, 28 Jan 2020 20:12:16 +0000
In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.
Read More