/ Security Assessments News /

For more than six years, the SHA1 cryptographic hash function underpinning Internet security has been at death’s door. Now it’s officially dead, thanks to the submission of the first known instance of a fatal exploit known as a “collision.” Despite more than a decade of warnings about the lack of security of SHA1, the watershed …

/ Security Assessments News /

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including critical infrastructure, news media, and scientific research. The operation uses malware to capture audio recordings of conversations, screen shots, documents, and passwords, according to a blog post published last week by …

Enlarge / U.S. President Donald Trump met with a group of government cyber security at the White House January 31, 2017 in Washington, DC, and said the government must do more to protect against cyber attacks. But he doesn’t seem to be taking that advice himself, some members of Congress fear. Representative Ted Lieu, a …

/ Security Assessments News /

Someone calling themselves “Pro_Mast3r” managed to deface a server associated with President Donald Trump’s presidential campaign fundraising on Sunday, The server, secure2.donaldjtrump.com, is behind Cloudflare’s content management and security platform, and does not appear to be directly linked from the Trump Pence campaign’s home page. But it does appear to be an actual Trump campaign …

/ Security Assessments News /

Enlarge / Some connected car apps may be like leaving owners’ keys on the dash for malware to steal. In a presentation at this week’s RSA security conference in San Francisco, researchers from Kaspersky Labs revealed more bad news for the Internet of drivable things—connected cars. Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven …

/ Security Assessments News /

Yahoo has sent out another round of notifications to users, warning some that their accounts may have been breached as recently as last year. The accounts were affected by a flaw in Yahoo’s mail service that allowed an attacker—most likely a “state actor,” according to Yahoo—to use a forged “cookie” created by software stolen from …

/ Security Assessments News /

Enlarge / Chairman of the Science, Space, and Technology Committee Lamar Smith, R-Texas, seen here in 2013. Bill Clark/CQ Roll Call Two Republican members of Congress sent a formal letter Tuesday to the Environmental Protection Agency’s Office of the Inspector General, expressing concern that “approximately a dozen career EPA officials” are using the encrypted messaging app …

For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious payloads when exploiting buffer overflows …

/ Security Assessments News /

APT28, the Russian hacking group tied to last year’s interference in the 2016 presidential election, has long been known for its advanced arsenal of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. Like its counterparts for other platforms, the …

/ Security Assessments News /

Enlarge / A phishing e-mail aimed at worker rights activists in Qatar and Nepal crafted to fool targets into giving up their credentials. Amnesty International Over the course of the last year, a number of human rights organizations, labor unions, and journalists were targeted in a “phishing” campaign that attempted to steal the Google credentials …