Security News

University loses 77TB of research data due to backup error
2021-12-30 16:02

The Kyoto University in Japan has lost about 77TB of research data due to an error in the backup system of its Hewlett-Packard supercomputer. The incident occurred between December 14 and 16, 2021, and resulted in 34 million files from 14 research groups being wiped from the system and the backup file.

Intel is Maintaining Legacy Technology for Security Research
2021-11-30 07:28

Intel's issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Ethical hackers and the economics of security research
2021-11-22 05:30

Bugcrowd released a report which provides CIOs and CISOs valuable insight on ethical hackers and the economics of security research. This comprehensive annual study offers an in-depth look at ethical hackers to reveal how they reduce risk, which industries leverage their expertise most, and what organizations are doing to attract high-performing security researchers to their programs.

Research: Supply chain and COVID-19 challenges forces companies to shift their security strategies
2021-11-11 17:18

64% of survey respondents reported that their companies have concerns about security risks for supply chains. Toss in the COVID-19 pandemic and supply chain disruptions, and it's no wonder that enterprises are shifting their cybersecurity strategies.

Research finds consumer-grade IoT devices showing up... on corporate networks
2021-10-21 09:27

Increasing numbers of "Non-business" Internet of Things devices are showing up inside corporate networks, Palo Alto Networks has warned, saying that smart lightbulbs and internet-connected pet feeders may not feature in organisations' threat models. According to Greg Day, VP and CSO EMEA of the US-based enterprise networking firm: "When you consider that the security controls in consumer IoT devices are minimal, so as not to increase the price, the lack of visibility coupled with increased remote working could lead to serious cybersecurity incidents."

Romance scams with a cryptocurrency twist – new research from SophosLabs
2021-10-13 18:01

All those dubious excuses needed by traditional romance scammers to talk you into using wire transfer services to send money, or into buying them gift cards and sending through the redemption codes, are replaced by a sense of structure: there's a genuine app for this investment! The cryptorom scammers will even offer you an app if you have an iPhone, where Apple's "Walled garden" approach of requiring all consumer app downloads to come from the Apple App Store almost certainly persuades many victims that the cryptorom app must indeed have some sort of official authorisation or approval.

Is it OK to use stolen data? What if it's scientific research in the public interest?
2021-09-17 13:02

There's a fine line between getting hold of data that may be in the public interest and downright stealing data just because you can. To kick off, Marcello Ienca, a research fellow at the Swiss Federal Institute of Technology, and Effy Vayena, deputy head of the Swiss Institute of Translational Medicine, offered the definition that "Hacked" data is "Data obtained in an unauthorized manner through illicit access to a computer or computer network." They claim it is increasingly being used in scientific research such as conflict modelling studies based on WikiLeaks datasets, and studies on sexual behaviour based on data leaked from Ashley Madison, a dating website whose database was pilfered by a group of attackers calling themselves The Impact Team in 2015.

Security bods boost Apple iPhone hardware attack research with iTimed toolkit
2021-09-14 16:45

Openc8... is applicable to a range of iPhone models all the way up to the iPhone X - though the research paper focuses on its use in the iTimed toolkit to audit and attack the Apple A10 Fusion chip inside an iPhone 7. The trio's - Seetal Potluri was the third researcher - checkm8 reimplementation, which brings with it a range of claimed improvements, is dubbed openc8, and is applicable to a range of iPhone models all the way up to the iPhone X - though the research paper focuses on its use in the iTimed toolkit to audit and attack the Apple A10 Fusion chip inside an iPhone 7.

Rapid7 says Computer Misuse Act should include 'good faith' infosec research exemption
2021-09-03 15:16

Infosec firm Rapid7 has joined the chorus of voices urging reform to the UK's Computer Misuse Act, publishing its detailed proposals intended to change the cobwebby old law for the better. "It's worth noting that neither the National Crime Agency or the CPS seem to be recklessly pursuing frivolous investigations or prosecutions of good-faith security research. Nonetheless, the current legal language does expose researchers to legal risk and uncertainty, and it would be good to see some clarity on the topic," said Rapid7 in a blog post published over the sleepy summer period.

Education and research sector hit by highest number of cyberattacks in July
2021-08-18 13:48

Facilities in the sector saw an average of 1,739 attacks per organization each week last month, according to Check Point Research. A report published Wednesday by cyber threat intelligence provider Check Point Research looks at the latest wave of cyberattacks against educational and research facilities in particular and offers tips on how to better combat them.