Security News > 2020

Friedman cultivated "a special relationship" with Crypto AG founder Boris Haglin, which resulted in Crypto AG being just about the only commercial crypto equipment supplier in the world. Crypto AG could supply the fully crypto secure algorithm electromechanics to customers, but leave off some or all of the filtering or reclocking circuits that stopped "Side channel" based key leakage to the telegraph lines and other still classified tecniques not to disimilar to the "Infinity device".

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. Gary DeMercurio, 43 of Seattle, and Justin Wynn, 29 of Naples, Fla., are both professional penetration testers employed by Coalfire Labs, a security firm based in Westminster, Colo. Iowa's State Court Administration had hired the company to test the security of its judicial buildings.

Researchers at Intezer uncovered the campaign after detecting a malicious file in January, purporting to be an employee satisfaction survey for Westat employees and customers. "The technical analysis of the new malware variants reveals this Iranian government-backed group has invested substantial efforts into upgrading its toolset in an attempt to evade future detection."

Criminal charges have been dropped against two infosec professionals who were arrested during a sanctioned physical penetration test gone wrong. On Thursday, the Des Moines Register - no relation - reported that a judge in Dallas County, Iowa, formally dismissed the third-degree burglary and possession of burglary tools allegations against Coalfire employees Gary DeMercurio and Justin Wynn.

As health data privacy concerns heat up to a boiling point on multiple fronts, it's more essential than ever that patients get a clear opportunity to make a choice about whether their data is shared, says privacy advocate Twila Brase, who heads the Citizens' Council for Health Freedom. Federal regulators - to carry out a 21st Century Cures Act goal to drive medical innovation and improve patient care - are proposing standards that promote the use of application programming interfaces and consumer health apps to give patients access to their own health data from electronic health records.

From a FOIA request, over a hundred old NSA security awareness posters. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or another.

Well, if you do use OpenSMTPD, you need to make sure you're not vulnerable to a recently-disclosed bug that could let a crook take over your server simply by sending an email containing evil commands. OpenSMTPD allows you to specify a command that it will use to handle the mail that it receives, whether that's email coming in from outside or messages that you're queuing up for delivering to other servers.

Learn how to secure your iOS 13 devices and protect your privacy by tweaking the default settings. Devices using iOS 13 are some of the most secure in the world; however, there are settings you can change to make your iOS experience even more secure.

In terms of bugs themselves, "[we also] saw abused for privilege escalation, had the Samsung handset exploited via baseband for the third Pwn2Own Tokyo in a row and disclosed a significantly impactful SharePoint bug later seen in active attacks," ZDI's Brian Gorenc wrote, in a blog post on Thursday. From a trend perspective, Gorenc said that 2019 saw a shift towards more reports for high-severity flaws - rather than medium-severity bugs making the bulk of advisories as they have in years past.

Police in the United Kingdom have arrested six suspects as part of a months-long money laundering investigation tied to the theft of €13 million from a Maltese bank. As part of the investigations into the bank heist, which has been tied to an organized crime gang, Britain's National Crime Agency says it arrested two men, ages 22 and 17, last week in London.