Nakedsecurity – Government agencies still send sensitive files via hackable .zips
Even users who have access to AES-based ZIP crypto in their archiving tool don’t always use it …
Nakedsecurity – Hacker threw Molotov cocktail, dropped USB drive of his DDoS deeds
HLN reports that the case law isn’t clear about whether hacking with ethical purposes is prohibited or not. That’s surprising to hear, particularly if you’re in the US, where prosecutors come down like a ton of bricks on hackers, noble intent or no.
Forbes – NASA Has Been Hacked
“It reveals that an unauthorized Raspberry Pi computer connected to the JPL servers was targeted by hackers, who then moved laterally further into the NASA network.” “Everything from poor IT asset visibility and security violation ticket resolution shortcomings, through to untimely delays in patching known vulnerabilities were detailed by the auditors.”
Helpnetsecurity – Human error still the cause of many data breaches.
When assessing additional causes of data breaches, the report found that nearly half of all C-suite executives (47%) and one in three Small Business Owners (31%) say human error or accidental loss by an employee/insider was the cause.
Tweakers – Lek in systeem van UvA maakte inzage in cijfers van 34.000 studenten mogelijk
“David viel het op dat er een studentnummer in de url stond. Toen logde ik in en vulde zijn studentnummer in. Vervolgens kreeg ik voor een halve seconde zijn naam, naam van het vak en cijfer te zien, waarna we doorverwezen werden naar een foutmelding.”
VRTNWS – Hacking bij bedrijf in vliegtuigonderdelen, 1.000 werknemers in ons land 2 dagen technisch werkloos.
“Werknemers van het bedrijf Asco in Zaventem zijn twee dagen technisch werkloos, omdat de servers van het bedrijf gehackt zijn.”
Arstechnica – Baltiumore’s bill for ransomware: Over $18 million, so far
“Baltimore City Council President Brandon Scott, who will chair a committee reviewing the ransomware incident, published a statement last week calling for the governor to declare a disaster and request funding.”
Tweakers – Onderzoekers vinden nieuwe kritieke lekken in vrijwel alle Intel-cpu’s
“Gebruikers wordt aangeraden om software zoals het besturingssysteem en browsers up-to-date te houden.”
NakedSecurity – Ex-student records himself using USB Killer to fry college computers
“The defendant, using his personal iPhone, recorded himself inserting the ‘USB Killer’ device into computers and other hardware owned by the college, and making statements including, “I’m going to kill this guy,” then inserting the ‘USB Killer’ device into a USB port, and – after destroying the host device – stating “it’s dead”, and, in […]
The Register – You don’t need a PhD to phish a Brit university: Nonprofit claims 100% hit rate is easy peasy
British university admin folk are alarmingly easy to phish, according to an academic support body which claims a 100 per cent success rate “within two hours”.