Category: Security News

How to fix the military’s software SNAFU

Posted on by esimantiras

How to fix the military’s software SNAFU

source: defenseone.com  |  image: pexels.com

 

Too many of its apps are built on code riddled with vulnerabilities—and distributed by the Pentagon itself.

The only institution more mired in acronyms than the U.S. military is, in my experience, the software industry. The former’s thorough embrace of the latter is reflected, for example, in this recent piece by serious commentators that includes a four-page glossary. To be sure, software’s ability to supercharge military operations make this alphabet soup palatable—but it also conceals a dangerous security SNAFU.  

If software is to be more of a benefit than a liability, its inevitable flaws must be spotted and fixed before they can be exploited by China, Russia, and other adversaries. Unfortunately, in an analysis I conducted of popular open source software made available by the Pentagon for its units and contractors to use, there is strong evidence that the U.S. military is shipping software that is insecure and contains many known software vulnerabilities—CVEs, in software-speak.

Continue reading “How to fix the military’s software SNAFU”

Majority of Consumers Feel Safe With DIY Home Security: Parks Study

Posted on by esimantiras

Majority of Consumers Feel Safe With DIY Home Security: Parks Study

 

source: technewsworld.com  |  image:  pexels.com

 

Some 60% of consumers believe their self-monitoring home security systems keep them just as safe as monitoring provided by security pros, according to research released by Parks Associates.

“Consumers view self-monitoring as a way to be notified of what’s going on in their homes. For many of them, that can provide the peace-of-mind that’s safe enough for certain households,” Parks President and CEO Elizabeth Parks told TechNewsWorld.

Based on a survey of 8,000 U.S. internet households, the research also found that the major reason for canceling professional monitoring systems was cost, with 25% of consumers citing “fees too high” as their reason for terminating their monitoring services.

Also mentioned as reasons for cutting professional monitoring were an increased sense of neighborhood safety and a realization that the household doesn’t use its system enough.

While many consumers feel their self-monitoring systems keep them safe, professional monitoring services remain popular.

Continue reading “Majority of Consumers Feel Safe With DIY Home Security: Parks Study”

NSA shares zero-trust guidance to limit adversaries on the network

Posted on by esimantiras

NSA shares zero-trust guidance to limit adversaries on the network

source: bleepingcomputer.com (contributed by FAN, Steve Page)  |  image: nsa.gov

 

The National Security Agency is sharing new guidance to help organizations limit an adversary’s movement on the internal network by adopting zero-trust framework principles.

A zero-trust security architecture requires strict controls for accessing resources on the network, be they inside or outside the physical perimeter, to minimize the impact of a breach.

Compared to the traditional IT security model, which presumes that everything and everyone on the network is trusted, the zero-trust design assumes that a threat already exists and does not allow free rein inside the network. 

Continue reading “NSA shares zero-trust guidance to limit adversaries on the network”

SpaceX Launched Military Satellites Designed to Track Hypersonic Missiles

Posted on by esimantiras

SpaceX Launched Military Satellites Designed to Track

Hypersonic Missiles

source: wired.com  |  image: pexels.com

 
The prototype satellites hitched a ride on a Falcon 9 rocket.

 

Two prototype satellites for the Missile Defense Agency and four missile-tracking satellites for the US Space Force rode a SpaceX Falcon 9 rocket into orbit Wednesday from Florida’s Space Coast.

These satellites are part of a new generation of spacecraft designed to track hypersonic missiles launched by China or Russia and perhaps emerging missile threats from Iran or North Korea, which are developing their own hypersonic weapons.

Continue reading “SpaceX Launched Military Satellites Designed to Track Hypersonic Missiles”

China had “persistent” access to U.S. critical infrastructure

Posted on by esimantiras

China had “persistent” access to U.S. critical infrastructure

source: https://www.axios.com, contributed by FAN, Steve Page  |  image: pexels.com

 

China-backed hackers have had access to some major U.S. critical infrastructure for “at least five years,” according to an intelligence advisory released Wednesday.

Why it matters: The hacking campaign laid out in the report marks a sharp escalation in China’s willingness to seize U.S. infrastructure — going beyond the typical effort to steal state secrets.

  • The advisory provides the fullest picture to-date of how a key China hacking group has gained and maintained access to some U.S. critical infrastructure.

Details: The U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Federal Bureau of Investigation released an advisory Wednesday to warn critical infrastructure operators about China’s ongoing hacking interests.

Continue reading “China had “persistent” access to U.S. critical infrastructure”

Behind the Curtain: U.S. not ready for robotic, AI world wars

Posted on by esimantiras

Behind the Curtain: U.S. not ready for robotic, AI world wars

 

source: Axios.com (contributed by Bill Amshey)  | image: Pexels.com

 

America’s ability to remain the world’s most lethal military hinges on two interrelated — and vexing — mysteries, Jim VandeHei and Mike Allen write.

  • Can soon-to-retire four-star generals truly foresee the awesome power of artificial intelligence in time to break generation-old habits and shift warfare theories?
  • If they do, can they convince the brightest coding minds to chuck lucrative gigs at Google to build AI-powered systems for America faster or better than their rivals in China?

Why it matters: Future wars will be won with Stanford nerds, faster chips, superior computing power and precision robotics on land, sea and air. Experts tell us that because of a lethal combination of congressional myopia and constipated Pentagon buying rules, America isn’t mobilizing fast enough to prevail on future battlefields. Continue reading “Behind the Curtain: U.S. not ready for robotic, AI world wars”

This Cryptomining Tool Is Stealing Secrets

Posted on by esimantiras

This Cryptomining Tool Is Stealing Secrets

 

source: wired.com  |  image: pexels.com

 

As the Israel-Hamas war raged on this week and Israel expanded its ground invasion of the Gaza Strip, the territory’s compromised internet infrastructure and access to connectivity went fully dark on Friday, leaving Palestinians without access to ground or mobile data connections. Meanwhile, researchers are bracing for the fallout if Hamas makes good on its threats to distribute hostage execution videos online. And TikTokkers are using a niche livestreaming feature and exploiting the Israeli-Hamas conflict to collect virtual gifts from viewers, a portion of which goes to the social media company as a fee.

As the worst mass shooting in Maine’s history unfolded this week and the gunman remained at large, disinformation about the situation and the suspect flooded social media, adding to the already chaotic and horrific situation. Elon Musk, the owner of X (formerly Twitter) posted remarks earlier this month mocking Ukrainian president Vlodymr Zelensky that were met with a flood of support and enthusiasm from Russian trolls and accounts distributing pro-Russia propaganda.

Continue reading “This Cryptomining Tool Is Stealing Secrets”

The Best Password Managers to Secure Your Digital Life

Posted on by esimantiras

The Best Password Managers to Secure Your Digital Life

 

source: wired.com  |  image: pexels.com

 

PASSWORD MANAGERS ARE the vegetables of the internet. We know they’re good for us, but most of us are happier snacking on the password equivalent of junk food. For nearly a decade, that’s been “123456” and “password”—the two most commonly used passwords on the web. The problem is, most of us don’t know what makes a good password and aren’t able to remember hundreds of them anyway.

The safest (if craziest) way to store your passwords is to memorize them all. (Make sure they are long, strong, and secure!) Just kidding. That might work for Memory Grand Master Ed Cooke, but most of us are not capable of such fantastic feats. We need to offload that work to password managers, which offer secure vaults that can stand in for our memory.

A password manager offers convenience and, more importantly, helps you create better passwords, which makes your online existence less vulnerable to password-based attacks. Read our guide to VPN providers for more ideas on how you can upgrade your security, as well as our guide to backing up your data to make sure you don’t lose anything if the unexpected happens.

Taliban weighs using US mass surveillance plan, met with China’s Huawei

Posted on by esimantiras

Taliban weighs using US mass surveillance plan, met with China’s Huawei

 

source: reuters.com  |  image: pixabay.com

 

KABUL, Sept 25 (Reuters) – The Taliban are creating a large-scale camera surveillance network for Afghan cities that could involve repurposing a plan crafted by the Americans before their 2021 pullout, an interior ministry spokesman told Reuters, as authorities seek to supplement thousands of cameras already across the capital, Kabul.

The Taliban administration — which has publicly said it is focused on restoring security and clamping down on Islamic State, which has claimed many major attacks in Afghan cities — has also consulted with Chinese telecoms equipment maker Huawei about potential cooperation, the spokesman said.

Continue reading “Taliban weighs using US mass surveillance plan, met with China’s Huawei”

Meta spots largest influence network to date

Posted on by esimantiras

Meta spots largest influence network to date

source: axios.com  |  image: pixabay.com

 

Meta said it’s taken down what it believes is the biggest online influence operation of all time.

Why it matters: The wide-reaching, pro-Chinese operation targeted social media users in Taiwan, alongside users in a handful of the island’s allies like the U.S., the U.K. and Japan, as anxieties over a possible Chinese invasion of Taiwan grow.

Details: Meta estimated in its second-quarter threat report, released today, that the China-linked campaign involved 7,704 accounts, 954 pages, 15 groups on Facebook and 15 accounts on Instagram.

  • Researchers uncovered evidence of the campaign on more than 50 online platforms, including YouTube, TikTok, Reddit, Pinterest and X, formerly known as Twitter.
  • The campaign mostly spread pro-China messages, amplified criticisms of U.S. and other Western policies, and targeted journalists, human rights activists and other critics of the Chinese government.

What they’re saying: “This is one of the single-biggest takedowns of coordinated inauthentic behavior that we’ve ever run into,” Ben Nimmo, global threat intelligence lead at Meta, told reporters.

Yes, but: Campaign operators struggled to garner significant, authentic engagement or reach, much like most recent pro-Chinese influence campaigns.

Catch up quick: Meta believes the latest campaign is an extension of an ongoing effort known as “Spamouflage” that emerged in 2019.

The intrigue: Campaign operators started their scheme by posting content directly to Facebook and Instagram, but automated systems were quick to detect the posts, according to the report.

  • This prompted campaign operators to start posting on smaller platforms and later amplify those posts on Meta’s social media sites.

What’s next: Meta researchers expect the threat actors behind the campaign to rebuild and keep trying, despite consistently struggling to reach real people, Nimmo said.