Enlarge / U.S. President Donald Trump met with a group of government cyber security at the White House January 31, 2017 in Washington, DC, and said the government must do more to protect against cyber attacks. But he doesn’t seem to be taking that advice himself, some members of Congress fear. Representative Ted Lieu, a …

/ Security Assessments News /

Someone calling themselves “Pro_Mast3r” managed to deface a server associated with President Donald Trump’s presidential campaign fundraising on Sunday, The server, secure2.donaldjtrump.com, is behind Cloudflare’s content management and security platform, and does not appear to be directly linked from the Trump Pence campaign’s home page. But it does appear to be an actual Trump campaign …

/ Security Assessments News /

Enlarge / Some connected car apps may be like leaving owners’ keys on the dash for malware to steal. In a presentation at this week’s RSA security conference in San Francisco, researchers from Kaspersky Labs revealed more bad news for the Internet of drivable things—connected cars. Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven …

/ Security Assessments News /

Yahoo has sent out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo’s mail service that allowed an attacker—most likely a “state actor,” according to Yahoo—to use a forged “cookie” created by software stolen from …

/ Security Assessments News /

Enlarge / Chairman of the Science, Space, and Technology Committee Lamar Smith, R-Texas, seen here in 2013. Bill Clark/CQ Roll Call Two Republican members of Congress sent a formal letter Tuesday to the Environmental Protection Agency’s Office of the Inspector General, expressing concern that “approximately a dozen career EPA officials” are using the encrypted messaging app …

For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows …

/ Security Assessments News /

APT28, the Russian hacking group tied to last year’s interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. Like its counterparts for other platforms, the …

/ Security Assessments News /

Enlarge / A phishing e-mail aimed at worker rights activists in Qatar and Nepal crafted to fool targets into giving up their credentials. Amnesty International Over the course of the last year, a number of human rights organizations, labor unions, and journalists were targeted in a “phishing” campaign that attempted to steal the Google credentials …

/ Security Assessments News /

Enlarge / System architecture of a cross-browser tracking system. Researchers have recently developed the first reliable technique for websites to track visitors even when they use two or more different browsers. This shatters a key defense against sites that identify visitors based on the digital fingerprint their browsers leave behind. State-of-the-art fingerprinting techniques are highly …

/ Security Assessments News /

Screengrab via YouTube This weekend, as news of a ballistic missile launch by the Democratic People’s Republic of Korea (North Korea) reached President Donald Trump and Japanese Prime Minister Shinzo Abe, President Trump got on his phone, and Abe consulted with staff. This didn’t happen behind closed doors, however; it took place as members of …