Contact
(877) 747-7959
info@sofiaitc.com

News

How secure is your car? Unpatchable flaw lets attackers disable safety features (ZDNet)

Researchers have discovered a security flaw that probably affects all new vehicles. It allows an attacker to turn off safety features, such as airbags, ABS brakes, and power-steering -- or any of a vehicle's computerized components connected to its controller area network or CAN bus. More security news Because it's a design flaw affecting the CAN bus messaging ...

Don't panic, Chicago, but 1.8 million of your voters' records leaked from a weak AWS silo (The Register)

Personal info spills from another poorly secured Amazon service A voting machine supplier for dozens of US states left records on 1.8 million Americans unsecured, in public view for anyone to download, in a misconfigured AWS storage system. ES&S says it was notified by UpGuard researcher Chris Vickery of the vulnerable database that contained personal information it collected from ...

Android Security Bulletin August 2017: What you need to know (TechRepublic)

It seems the Android Security Bulletin has opted to offer up a bit less information on the surface; migrating from a fairly complete description of vulnerabilities, to more a listing of vulnerabilities, categorized by component. Even with that change, it is possible to discern there are, as expected, still vulnerabilities in need of resolution. Let's take a look at what ...

Raspberry Pi OS refresh: Raspbian's update to Debian Stretch is out now (ZDNet)

The Raspbian Stretch update includes new versions of pre-installed apps, Bluetooth improvements, changes to the default login, and a key security fix. Image: Sony UK TEC On the heels of the Debian 9 Stretch release, Raspberry Pi's Debian-based Raspbian OS has been updated and is now available for download. The

Formulating Your Collaboration Strategy – be a Leader (IT Toolbox Blogs)

Over the past two posts, I’ve been examining the “disrupt or be disrupted” theme in terms of collaboration. This mantra applies to many flavors of technology, but my focus here is to help decision-makers choose the right strategy. With strapped resources and outsized expectations to support the business, these days IT is more likely to be ...

Email brute-forcing. Aadhaar woes. Leaked Equation Group exploits remain a problem. Hijacked Chrome extensions. Pulse wave DDoS. FBI interviews “Profexor.” Extremism and vigilantism. OurMine hacks HBO Twitter, Facebook.

Download Audio

Cloud Security and Why It Deals with Your Health Records (IT Toolbox Blogs)

The Internet has made our wide world feel small by offering not only better ways to connect with people internationally but to share our thoughts, photos, and personal information. Time hasn’t made the Internet diverge from this interconnected path, either; it seems more and more likely that, as we march boldly into the future, we’ll ...

Leaked Exploits Fueled Millions of Attacks in Q2: Kaspersky (SecurityWeek)

The public availability of new exploit packages has fueled millions of new attacks on popular applications during the second quarter of 2017, a recent report from Kaspersky Lab reveals. The Moscow-based security company said that it blocked more than five million attacks involving in-the-wild exploits during the three-month period, but the actual number of incidents should be significantly higher. ...

Flashpoint Launches Intelligence Academy (SecurityWeek)

New Intelligence Academy Aims to Help Organizations Reduce Risk by Better Understanding Threats and Prioritizing Response Business Risk Intelligence (BRI) is a term that is easy to understand in concept, but difficult to action in practice. The problem is that business structures are all too often silos of individual responsibilities. Cyber security risk is a good example. Different cyber security control functions are ...

Hacker claims to have decrypted Apple's Secure Enclave, destroying key piece of iOS mobile security (TechRepublic)

A hacker going by the handle xerub has just released what he claims to be a full decryption key for Apple's Secure Enclave Processor (SEP) firmware. More about IT Security This could be a major blow for iOS security because of the importance of the SEP: It handles Touch ID transactions and is completely isolated from the ...

Regulations and Threats: Adapting to the Landscape (InfoRiskToday)

From zero-day exploits to IoT vulnerabilities to the sheer number of prospective adversaries, the threat landscape is ever-shifting. And global regulatory pressures are only mounting. How must security leaders respond? Symantec's Renault Ross offers insight. Ross, the Chief Cybersecurity Business Strategist for Symantec Americas Strategic Programs, says organizations need to build their response upon a foundation of heightened ...

NotPetya Attack Costs Big Companies Millions (SecurityWeek)

Some of the big companies hit by the NotPetya malware in late June have reported losing hundreds of millions of dollars due to the cyberattack. The NotPetya malware outbreak affected tens of thousands of systems in more than 65 countries, including ones belonging to major organizations such as Rosneft, AP Moller-Maersk, Merck, FedEx, Mondelez International, Nuance Communications, Reckitt Benckiser ...

Don't Turn out the Lights on Dark Web Marketplaces (SecurityWeek)

We’ve all heard the phrase: “When one door closes, a window opens.” You can bet that as you’re reading this, those engaged in cyber crime on the dark web are looking for that next ‘market place window’ to open. The takedown of AlphaBay by an international law enforcement investigation, followed soon thereafter by the takedown of Hansa, ...

Perform Exchange EDB Recovery Repair Exchange Database Using Eseutil Command (IT Toolbox Blogs)

Exchange Server is a wide platform that brings multiple Outlook client accounts together at a single location. This is often found being used within large as well as small-scale enterprises. Exchange Server has been one of the most powerful creations of Microsoft. Microsoft Exchange server saves all its data in mailboxes that is stored in MS Exchange Database (EDB) Files. ...

Fresh Vehicle Hack Disables Airbags, Anti-lock Brakes (InfoRiskToday)

Cybersecurity , Network & Perimeter , TechnologyFindings Mean the CAN Bus Protocol Needs a Rewrite Jeremy Kirk (jeremy_kirk) • August 17, 2017     Researchers report that the Controller Area Network in cars can be exploited if attackers "error ...

Philips' DoseWise Portal Vulnerabilities

OVERVIEW Philips has identified Hard-coded Credentials and Cleartext Storage of Sensitive Information vulnerabilities in Philips’ DoseWise Portal (DWP) web application. Philips has updated product documentation and produced a new version that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following Philips DWP versions are affected: DoseWise Portal, Versions 1.1.7.333 and 2.1.1.3069 IMPACT Successful exploitation may allow a remote attacker to gain access to ...

'Indefensible' hack could leave modern cars vulnerable to critical cybersecurity attack (TechRepublic)

Image: iStockphoto/chombosan A new, vendor-neutral connected car hack has been discovered that is "indefensible by modern car security technology" and could put many drivers at risk of a critical cyberattack, according to a Wednesday blog post from security firm Trend Micro. The hack was discovered by Trend Micro's Forward-looking Threat Research (FTR) team, ...

Authorities: 4 Insiders Leaked 'Game of Thrones' Episode (InfoRiskToday)

Data Breach , Data Loss , FraudExperts Discuss Insider Threat Mitigation Suparna Goswami • August 17, 2017     The recent online leak of an episode of HBO's Game of Thrones, which has been linked to four insiders at a ...

U.S. Army to Protect Warfighters With Continuous Biometric Authentication (SecurityWeek)

U.S. Army's NETCOM to Deploy Continuous Biometric Authentication Software to Protect Warfighters The fundamental basis of security is to stop bad guys (or things) getting in; and then, if that fails, to discover those who got in as rapidly as possible. Authentication is used for the former, and network anomaly detection is increasingly used for the latter. Both controls can be good ...

Women in cybersecurity: IBM wants to send you to a hacker conference for free (TechRepublic)

It's no secret that cybersecurity professionals are in great demand—about 1 million open jobs currently exist in the field, and that number is projected to reach 1.8 million jobs by 2022. Further, this industry is missing a key demographic: Women, who make up only 11% of the world's cybersecurity workforce, and just 1% of its ...

London council 'failed to test' parking ticket app, exposed personal info (The Register)

Authority fined £70k after missing URL manipulation A London council has been fined £70,000 after design faults in its TicketViewer app allowed unauthorised access to 119 documents containing sensitive personal information. The parking ticket application, set up in 2012, was developed by Islington council's internal application team for the authority's parking services. It allowed people issued with a parking ticket in the north ...

Raspberry Pi owners: Update now to block this Wi-Fi hack (TechRepublic)

The official OS for the $35 Raspberry Pi computer has been updated, fixing a bug that could allow the Pi to be hacked via its Wi-Fi chip. More about Innovation The Pi's official Raspbian OS is built on the Linux-based OS Debian and has been updated to the latest Debian 9 release, known as Stretch. The update ...

Maersk Previews NotPetya Impact: Up to $300 Million (InfoRiskToday)

Anti-Malware , Breach Response , Data BreachShipping Giant Lauded for Crisis Communications Following Malware Outbreak Mathew J. Schwartz (euroinfosec) • August 17, 2017     The bow of container ship Majestic Maersk. (Photo: Teralaser, via Flickr/CC) Danish ...

Locky Ransomware Campaign Ramps Up (SecurityWeek)

The Locky ransomware family that dominated the charts last year has returned, and has been distributed through high volume campaigns over the past week. Closely tied to the activity of the Necurs botnet, Locky has been nearly completely absent from the threat landscape this year. Following several months of total silence, the ransomware was present in

LambdaLocker ransomware victim? Now you can decrypt your files for free (ZDNet)

The too allows ransomware victims to decrypt their locked files for free. Image: iStock Victims of LambdaLocker ransomware can now get their files back for free using a decryption tool released as part of the No More Ransom initiative. The scheme was launched last year, with the goal of bringing law enforcement ...

SofiaITC sign up form


Thank you for signing up for SofiaITC's Newsletter and Articles.

SofiaITClogin form