Security News

"Sometimes when you pay for what you get, you really pay for what you get over and over." Meaning that "Buyer beware" is rather more than a surface effect.

Adam February 15, 2024 7:27 AM. I remember watching a video with Brian Snow and Dan Geer and Brian talked about how they took a standard office package and were able to remove 80-90 % of the code and still maintain all the functionality. Because of inefficiencies in the code and poor working structure of the people who wrote it.

One of the hazards lies in the fact that, for some of the programs, downstream crop reversals are possible for viewers or readers of the document, not just the file's creators or editors. Official instruction manuals, help pages, and promotional materials may mention that cropping is reversible, but this documentation at times fails to note that these operations are reversible by any viewers of a given image or document.

Well-known cybersecurity researcher Fabian Bräunlein has featured not once but twice before on Naked Security for his work in researching the pros and cons of Apple's AirTag products. Now, Bräunlein is back with another worthwhile warning, this time about the danger of cloud-based security lookup services that give you a free opinion about cybersecurity data you may have collected.

'Cyber insecurity' in healthcare is leading to increased patient mortality rates. The most common consequences of attacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of respondent healthcare providers and increased complications from medical procedures for nearly half, according to the report Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care.

He walks you through various protocols we see in the wild, and introduces specific hacking techniques to crack Wi-Fi passwords. CyberArk researchers have already proven the ease with which attackers can access Wi-Fi networks, having recently gone on wardriving exercises in San Francisco, Dallas and Tel Aviv to uncover how many Wi-Fi networks could be could cracked using readily-available and cheap equipment.

Oh! No! The wannabe wizard that went to school with a trainee Sith. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

It turns out that ES&S has bugs in their hash-code checker: if the "Reference hashcode" is completely missing, then it'll say "Yes, boss, everything is fine" instead of reporting an error. It's simultaneously shocking and unsurprising that ES&S's hashcode checker could contain such a blunder and that it would go unnoticed by the U.S. Election Assistance Commission's federal certification process.

Chen Ku-Chieh, an IoT cyber security analyst with the Panasonic Cyber Security Lab, is set to talk about the company's physical honeypot and about the types of malware they managed to discover through it at HITB CyberWeek on Wednesday. The use of IoT is increasingly widespread, from home IoT, office IoT to factory IoT, and the use of automation equipment is increasing.

Aviation boffins have found that next-gen collision aircraft avoidance systems appear to be just as vulnerable to signal spoofing attacks as older kit. In a paper distributed via ArXiv, computer scientists at the UK's University of Oxford and Switzerland's Federal Office for Defence Procurement analyzed the Airborne Collision Avoidance System X, due to be deployed on commercial aircraft in the next few years, and found that it can be manipulated by a miscreant to produce fake collision alerts that prompt pilots to take evasive action.