A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account. James Bercegay, a security researcher with GulfTech Research and Development, discovered and reported these flaws to Western Digital in June...
Read More
Organizations are scrambling to put in place fixes for the Meltdown and Spectre flaws as makers of operating systems, cloud services, mobile devices and more start to release patches. Meltdown and Spectre are flaws in many microprocessors that attackers could use to steal kernel data, including passwords and encryption keys. Security experts say all organizations should put mitigations in place as soon as possible, preferably starting...
Read More
2017 has been a very challenging year for healthcare institutions as these organizations remain under sustained attack by cybercriminals that continue to target their networks. End of year research conducted by Cryptonite indicates that there were a total of 140 data breach events characterized and reported to HHS/OCR as IT/hacking in 2017 representing a 23.89% increase over the 113 IT/hacking events reported in 2016. The number of...
Read More
The US Customs and Border Protection (CBP) agency published last week a new guideline containing updated procedures for searching travelers’ electronic devices at US borders. CBP, an agency part of the US Department of Homeland Security (DHS), last updated the guidelines in August 2009. New procedures reign in border searches According to a 12-page set of rules and a 22-page privacy assessment, border agents can still search electronic...
Read More
Apparel retailer Forever 21 says point-of-sale systems in some of its stores were infected by malware for up to seven months, compromising shoppers’ payment card data. On Tuesday, Forever 21 issued an update on its investigation into the “payment card security incident” that it first announced in November. The retailer now says that an investigation conducted by a third-party incident response firm that it hired...
Read More
