Category: Device Security

January 4, 2017
California Law Makes Ransomware Use Illegal
It was nice to see the calendar turn over to 2017, for a lot of reasons, not the least of which is that on Jan. 1 a new law went into effect in California that outlaws the use of ransomware. The idea of needing a new law to make a form of hacking illegal may seem…
Read More →
December 30, 2016
The Weird and Wild Stories of 2016
There are any number of adjectives one could employ to describe 2016, most of which can’t be printed here. One of the gentler descriptors we can use is “interesting”. This year was nothing if not interesting. There were data breaches of epic proportions, companies getting owned in new and creative ways, and all kinds of really unusual…
Read More →
December 29, 2016
FDA Sets Guidance on Medical Device Security
The Food and Drug Administration has published new recommendations for both manufacturers and regulators on how to deal with security for medical devices, including implantable devices. Calling device security a shared responsibility, the FDA guidance focuses on the postmarket cybersecurity issues, such as vulnerability response and remediation. The new document is not a set of regulations, but…
Read More →
December 28, 2016
2016: Maybe Everything Wasn’t Completely Terrible
Let’s face it: 2016 has been pretty rough year. Things didn’t go all that well for humans in the last 12 months, and computers didn’t make out much better. Lots of things broke, and it seemed like whatever didn’t break was compromised, stolen, or lost. But not everything was terrible. There were some encouraging developments…
Read More →
December 21, 2016
House Working Group Says Don’t Weaken Encryption
In a year-end report, a key congressional working group on encryption said that any governmental initiative to backdoor encryption systems is against the interests of the country and that there is no clear solution to the battle over encryption right now. The Encryption Working Group, comprised of members of the House Judiciary Committee and House Energy…
Read More →
December 16, 2016
70 Percent of Enterprise Ransomware Victims Paid Up, Data Shows
Ransomware gangs have been targeting businesses in the last few months, seeking bigger paydays than what they can extract from consumers. The plan has been highly successful, according to new data, which shows that 70 percent of businesses infected with ransomware have paid the ransom to get their data back. Researchers at IBM Security’s X-Force…
Read More →
December 14, 2016
Beta Firmware Update Available for Vulnerable Netgear Routers
With exploit code publicly available and details of the vulnerability widely known, Netgear has released a beta version of new firmware to fix a bug in several of its routers that attackers can use to execute arbitrary code on the devices. The Netgear router vulnerability affects several of the company’s home router models, including the R6250, R6400,…
Read More →
December 12, 2016
iOS 10.2 Security Update Fixes 12 Flaws
Apple has released iOS 10.2, fixing 12 security vulnerabilities in the mobile operating system, including two bugs that could lead to arbitrary code execution. The more serious of the code-execution flaws is related to the way that iOS handles certificates. The bug could allow an attacker to use a malicious certificate to gain code execution on a…
Read More →
December 12, 2016
Some Netgear Routers Open to Remote Code Execution
Two models of Netgear home routers contain a vulnerability that can allow a remote attacker to execute arbitrary code. The bug can be exploited with a simple URL and there’s a publicly available exploit for the flaw. The issue affects the Netgear R7000 and R6400 routers and right now there’s no fix available for the…
Read More →
December 8, 2016
Prosecutor: Some Encryption a ‘Threat to Our Ability to Protect’ Americans
The deployment of default strong encryption on mobile devices and U.S. companies storing user data in foreign countries is hampering the ability of law enforcement to protect Americans from cyber crime and other threats, a top U.S. prosecutor said. In a speech Wednesday, Assistant Attorney General Leslie Caldwell said prosecutors and law enforcement agencies across the country are…
Read More →