Hackers Still Outpace Breach Detection, Containment Efforts

Dark Reading cybersecurity news website

#Hackers Still Outpace #DataBreach Detection, Containment Efforts | #TpromoCom #Hacker #CyberSecurity | Research shows time to discovery and containment of breaches slowly shrinking, but attackers don’t need a very big window to do a lot of damage.

It’s breach report season and one of the prevailing trends uncovered by security researchers is that organizations are ever-so-slowly improving the window between when a compromise occurs and when it gets detected. In spite of this slight gain, the fact solidly remains that the typical breach timeline still completely favors attackers.

Two different reports this spring showed that organizations are shortening the time to discovery of data breaches. Most recently, the Trustwave 2019 Global Security Report released late last month found that the time between an intrusion and detection of that incident shrank almost in half. That study showed that the median time between intrusion and detection fell from 26 days in 2017 to 14 days in 2018.

To read the remainder of this news article, click here.

Please follow and like us:
error

DoS Attack Blamed for U.S. Grid Disruptions

SecurityWeek news and information

#DoS Attack Blamed for U.S. #Grid Disruptions | #TpromoCom #Power #CyberSecurity #Hackers | According to the National Energy Technology Laboratory’s OE-417 Electric Emergency and Disturbance Report for the first quarter of 2019, a cyber event caused “interruptions of electrical system operations.”

The report shows that the incident impacted an unidentified utility in the region overseen by the Western Electricity Coordinating Council (WECC), which is responsible for compliance monitoring and enforcement in the Western Interconnection, and affected California (Kern County and Los Angeles County), Utah (Salt Lake County) and Wyoming (Converse County).

However, the report shows that the incident did not result in any power outages. The cyber event occured on March 5 — it started at 9:12 AM and systems were restored by 6:57 PM on the same day.

To read the remainder of this news article, click here.

[image] TpromoCom provides affordable websites & blogs.
TpromoCom provides affordable websites & blogs. Call 330-956-9003, or click on banner.
Please follow and like us:
error

Pre-Installed Software Flaw Exposes Most Dell Computers to Remote Hacking

Hacker News

Pre-Installed #Software Flaw Exposes Most Dell #Computers to Remote #Hacking | #TpromoCom | Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that comes pre-installed on most Dell computers.

Dell SupportAssist, formerly known as Dell System Detect, checks the health of your computer system’s hardware and software.

The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests.

To read the remainder of this news article, click here.

Call ESC of Ohio for help with your security and fire protection needs.
Contact ESC of Ohio for help with your security and fire protection needs.
Please follow and like us:
error

Majority of Encrypted Email Clients Vulnerable to Signature Spoofing

Majority of Encrypted Email Clients Vulnerable to Signature Spoofing | #TpromoCom #Email #Encryption #Security | Researchers have found that encrypted emails are not always as secure as we might think. From more than two dozen popular encrypted email clients, they found that the majority are vulnerable to one or more signature spoofing attacks.

Good cryptography is nearly impossible to break with contemporary commercial computers — so attackers don’t often attempt to. Instead, they attack the implementation and use of cryptography, where the weaknesses are more often found. This is especially true for email, where the implementation of encrypted emails is particularly challenging.

Researchers from the Ruhr University Bochum and Munster University of Applied Sciences have investigated (PDF) the implementation of the two major email encryption standards, OpenPGP and S/MIME, and have found them largely wanting. While the use of encrypted emails is not widespread, wherever it is used is likely to secure valuable or particularly sensitive content. So, it is disturbing that the researchers found flaws in the design of many leading secure email clients. Fourteen out of 20 tested OpenPGP-capable clients, and 15 out of 22 clients supporting S/MIME were susceptible to digital signature spoofing.

To read the remainder of this news article, click here.

Please follow and like us:
error

A New Consensus Is Emerging On How to Handle The Risk from China’s 5G

A New Consensus Is Emerging On How to Handle The Risk from China’s 5G | #TpromoCom #China #Spy #5G | Chinese telecom tech is invading the physical world, but Europeans and industry have strategies to contain the threat.

“No one calls it an intelligence risk, but national security agencies across the world are concerned about China’s 5G modems and other devices,” says Al Colombo, Senior Design Specialist with TpromoCom of Canton, Ohio.

Much of the Western intelligence debate around Chinese high-speed 5G technology has focused on hardware and software. Once the hardware is already out in the wild — which most think is inevitable — the future of the fight is in managing risk. It’s doable, if not yet widely advertised, according to several experts speaking at a U.S. intelligence conference this week, by quarantining Chinese equipment and deploying smarter electromagnetic spectrum management tools to better handle threats.

Bottom line: Huawei leads the world in the ability to rapidly produce cheap telecom hardware (as well as the underlying software.) Recent reports, including one from NATO, state it plainly. It’s one reason why European countries, including U.S. allies like Germany and the U.K., have been reluctant to ban tech from Huawei outright, even in the face of heavy U.S. pressure.

To read the remainder of this extremely interesting and timely news article, click here.

Please follow and like us:
error

Keeping Your Cloud Safe in the Cloud World

Keeping Your Cloud Safe in the Cloud World: Chrome Enterprise’s unique approach to endpoint security | #TpromoCom #Cloud #Security #Chrome | It’s not just about firewalls and anti-virus. Security is becoming strategic.

82% of CIOs expect their IT and security strategy to be tightly integrated, according to our State of the CIO survey. That’s no doubt driving increases in security spending. Depending on who you ask, security consumes anywhere from 10 to 15 percent of overall IT budgets.

Interested? Click Here!

Please follow and like us:
error

Press Release: NVT Phybridge Warns All Partners, Customers and Stakeholders Regarding Potential Fraudulent Communications, Requests and Misuse of Company Identity

NVT Phybridge Warns All Partners, Customers and Stakeholders Regarding Potential Fraudulent Communications, Requests and Misuse of Company Identity | #TpromoCom #Cyber #Fraud #Identification | In the wake of fraudulent messages concerning the IT industry, NVT Phybridge wishes to alert its partners, stakeholders, customers, suppliers, and all third parties that could be the target of such malicious solicitations.

NVT Phybridge has been made aware of instances of attempted identity theft designed to deceive current or potential company stakeholders through the use of fraudulent tactics. This notice is a reminder that valid and legitimate email addresses belonging to NVT Phybridge follow the naming conventions below:

  • firstname.lastname@nvtphybridge.com
  • firstname.lastname@phybridge.com
  • FirstnameinitialLastname@nvt.com
  • department@nvtphybridge.com
  • mailto:firstname.lastname@nvtphybridge.com
  • function@nvtphybridge.com

Any communications received appearing to be from NVT Phybridge that do not follow the above conventions are not from NVT Phybridge and should be reported immediately to support@nvtphybridge.com. NVT Phybridge will not be held responsible for any harm and/or damages that may result from the fraudulent use of its name or reputation. Accordingly, you should employ an appropriate level of caution to verify the identity of persons corresponding with you. If you suspect you have received a fraudulent message from a correspondent purporting to represent NVT Phybridge, please contact NVT Phybridge to verify its validity. NVT Phybridge is implementing preventative measures in an effort to help prevent and/or combat these malicious tactics.

NVT Phybridge is headquartered in Oakville, Ontario, Canada; with regional sales managers operating throughout the United States of America, México, Colombia, Europe and India – as well as some regions within Asia and the Middle East. Click here for a full list of sales managers in each region.

NVT Phybridge
3457 Superior Crt, Unit 3
Oakville, Ontario L6L 0C4

Please follow and like us:
error

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released

Researcher Reveals Multiple Flaws in Verizon Fios Routers — PoC Released | #TpromoCom #CyberSecurity #Router #Security | A cybersecurity researcher at Tenable has discovered multiple security vulnerabilities in Verizon Fios Quantum Gateway Wi-Fi routers that could allow remote attackers to take complete control over the affected routers, exposing every other device connected to it.

Currently used by millions of consumers in the United States, Verizon Fios Quantum Gateway Wi-Fi routers have been found vulnerable to three security vulnerabilities, identified as CVE-2019-3914, CVE-2019-3915, and CVE-2019-3916.

The flaws in question are authenticated command injection (with root privileges), login replay, and password salt disclosure vulnerabilities in the Verizon Fios Quantum Gateway router (G1100), according to technical details Chris Lyne, a senior research engineer at Tenable, shared with The Hacker News.

To read the remainder of this news article, click here.

Please follow and like us:
error