Security News
Locks that use Bluetooth Low Energy to authenticate keys are vulnerable to remote unlocking. The research focused on Teslas, but the exploit is generalizable.
Organizations across every industry are experiencing a wave of innovation driven by digital transformation and the significant volume and diversity of devices coming online. Not all of these devices are built with security in mind which subsequently opens up organizations to new vulnerabilities and risks.
Despite banks working to improve online security protocols, consumers must also do their part in taking advantage of enhanced security features to keep their accounts safe. Since banks strive to make the digital banking experience as intuitive and frictionless as possible for users, this can also present an opportunity for hackers to access unwitting consumers' bank accounts.
The vulnerability, which Oracle patched on Tuesday, affects the company's implementation of the Elliptic Curve Digital Signature Algorithm in Java versions 15 and above. ECDSA is an algorithm that uses the principles of elliptic curve cryptography to authenticate messages digitally.
WithSecure and Cue Health have worked together to address a security issue that WithSecure discovered in Cue's COVID-19 test, which delivers the results of a nasal swab test via bluetooth to a mobile device. The COVID-19 test is a molecular test that offers users results in 20 minutes with accuracy that's comparable to PCR tests performed in labs.
Java versions 15 to 18 contain a flaw in its ECDSA signature validation that makes it trivial for miscreants to digitally sign files and other data as if they were legit organizations. Java 15-18 ECDSA doesn't sanity check that the random x coordinate and signature proof are nonzero; a signature validates any message.
It's important to understand that passwords are not passports. Using biometrics, which is a great security advancement, is not the same as identity, says Leonard Navarro, VP of Business Development at Nametag.
F5 announced a report which shows the challenges organizations face as they transform IT infrastructures to deliver and secure digital services that have become inseparable from everyday activities, such as completing job tasks or consulting a doctor. "Digital transformation efforts have experienced a marked acceleration over the past two years, and we see no indications of a slowdown," said Kara Sprague, EVP and GM, App Delivery, F5. "Our research shows that the average organization manages hundreds of applications across data centers, multiple clouds, and edge deployments-as well as more than 20 different app security and delivery technologies. With these growing and more distributed portfolios, organizations require consistent security, end-to-end visibility, and greater automation in their app deployments to tame debilitating complexity and continuously add value for customers, streamline operations, seize new opportunities, and respond to emerging threats in real time."
A global report released by CyberArk shows that 79% of senior security professionals state that cybersecurity has taken a back seat in the last year in favor of accelerating other digital business initiatives. The report identifies how the rise of human and machine identities - often running into the hundreds of thousands per organization - has driven a buildup of identity-related cybersecurity debt, exposing organizations to greater cybersecurity risk.
A majority of healthcare leaders have established digital transformation as a top priority spurred by the pandemic, yet they're facing a chronic, underlying challenge that's impeding their efforts: data readiness. As a result, the number of healthcare executives planning to invest in technologies designed to improve data readiness and support systemic interoperability is projected to jump 440% by 2025- the highest percentage of increased investment compared to other healthcare IT categories.