Posted on

Pentagon’s failed flash drive ban policy: A lesson for every CIO

https://cdn-static.zdnet.com/i/r/story/70/00/017218/data-2-v2-610x407.jpg?hash=BTZlZQD1ZQ&upscale=1

The Pentagon has granted many exceptions, possibly numbering in the thousands, to allow staff members who administer secure computer networks to use flash drives and other portable storage devices, department spokesmen say. […] But officials say waivers go to people who update software and run helpdesk services for the Pentagon’s vast computer network and are needed to run the system efficiently.

Yeah, that’s a thing, apparently.

Tags: 

via https://news.hitb.org/content/pentagons-failed-flash-drive-ban-policy-lesson-every-cio

Posted on

Phishing attacks surge with 87 percent growth over last year, warns Kaspersky

https://www.theinquirer.net/IMG/110/258110/kaspersky-logo-new-270x167.jpg?1368437256

Researchers at Kaspersky Lab have reported significant growth in phishing attacks over the last year.

In a study entitled “The Evolution of Phishing Attacks”, Kaspersky said it found 37.3 million out of its 50 million customers running its security products that were at risk of being phished from 2012 to the present, an 87 percent increase over the same period between 2011 and 2012.

via https://news.hitb.org/content/phishing-attacks-surge-87-percent-growth-over-last-year-warns-kaspersky

Posted on

Malwarebytes unveils ExploitShield-based Anti-Exploit Beta

https://cdn.i.haymarket.net.au/Utils/ImageResizer.ashx?n=https%3a%2f%2fi.haymarket.net.au%2fNews%2fMalwarebytesAntiExploitFull.png&h=480&w=640

Malwarebytes has released the first public beta of Malwarebytes Anti-Exploit, a rebranded and improved version of ZeroVulnerabilityLabs’ ExploitShield.

Just as in its previous incarnation, Anti-Exploit is an extremely easy-to-use tool which protects popular applications from zero-day exploits, web-based vulnerability exploits and more.

via https://news.hitb.org/content/malwarebytes-unveils-exploitshield-based-anti-exploit-beta

Posted on

Could terrorists remotely crash your car?

Could a 14-year-old computer hacker in Indonesia remotely take over control of your car as you drive down the Interstate, cause the car to dangerously accelerate and and kill you by crashing it? That’s the scenario raised and explained by AOL Autos in a story about the threat of terrorists and cars — and one that drew a fairly quick rebuke from … (more)

via https://www.topix.net/tech/computer-security/2013/06/could-terrorists-remotely-crash-your-car?fromrss=1

Posted on

Lock up admin accounts to stop hackers, says Cyber-Ark

Hackers typically target privileged admin accounts to gain access to all computer systems in an organisation, says David Higgins, senior sales manager Cyber-Ark “In many organisations, these accounts are not well managed or controlled, giving hackers unfettered, unaccountable access,” he told the Whitehall Media Identity Management 2013 conference … (more)

Original news article at https://www.topix.com/tech/computer-security on June 20, 2013 at 06:09AM

Posted on

Use This Powerful Microsoft Tool to Provide Better Security for Windows Programs

Zero-Day Exploits. Unpatched security holes. Security weaknesses that the hackers have discovered but haven’t revealed. These security problems are all too common and conventional anti-malware is no help. So what is the PC user to do? Here is some powerful free security software from Microsoft that can help.

https://www.techsupportalert.com/content/use-powerful-microsoft-tool-provide-better-security-windows-programs.htm

Original news article at https://feeds.feedburner.com/gizmosbest on June 19, 2013 at 02:41PM

Posted on

Medical Devices Contain Hard-Coded Passwords, ICS-CERT Warns

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert yesterday warning that some 300 medical devices developed by roughly 40 different vendors contain hard-coded passwords that could be used by unauthorized individuals to access these machines and potentially modify critical settings and device firmware.

US-CERT published the alert in concert with a memo from the United States Food and Drug Administration outlining a set guidelines designed to encourage medical device manufacturers to better secure defibrillators, insulin pumps, pacemakers and other devices before they reach patients.

The warning is based on a yet-unreleased report developed by Cylance researchers Billy Rios and Terry McCorkle. The hundreds of vulnerable devices uncovered by the pair of researchers include surgical and anesthesia devices, ventilators, drug infusion pumps, external defibrillators, patient monitors, and laboratory and analysis equipment.

ICS-CERT is coordinating with affected vendors to identify vulnerable devices and provide fixes for them. In the meantime, they are recommending that device manufacturers, healthcare facilities, and users of these devices take proactive measures to minimize the risk of exploitation of these and other vulnerabilities.

ISC-CERT and the FDA are not aware of any in-the-wild exploits.

The two alerts published yesterday are part of an ICS-CERT and FDA partnership aimed at better protecting patients who may receive treatments involving computerized medical devices.

“The Department of Homeland Security’s (DHS) Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) is working directly with the Food and Drug Administration (FDA) and medical devices manufacturers, health care professionals and facilities to investigate and address the reported vulnerabilities,” said DHS spokesman Sy Lee. “DHS actively collaborates with public and private sector partners every day to identify and reduce adverse impacts on the nation’s critical cyber systems.”

Original news article at https://threatpost.com on June 14, 2013 at 09:35PM