Hacks & Hackers

Two security firms say that malicious software discovered in a December attack in Ukraine is designed to cripple electrical substations.

Update – Security Firms: New Malware Built to Hobble Electric Grid

In-brief: Experts from two security firms are warning that a newly discovered piece of malware dubbed Crash Override is designed to shut down and even damage electrical substations and other components of the electrical grid. 

Companies without up to date browser and operating system software were much more likely to suffer data breaches, a study by the firm BitSight concluded.

Behind Breaches: Lots of Outdated Software | Digital Guardian

In-brief: data from the firm BitSight finds a link between outdated web browser and operating system software and headline-grabbing breaches. Are we surprised? 

the U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools.

Podcast – Smart Vehicle Security: A Report from the Lab

In-brief: In this Security Ledger podcast, Paul speaks with Sameer Dixit of Spirent Security Labs, a leading tester of connected (“smart”) vehicles. Truly secure, connected vehicles may be years away, he says. In the meantime, security flaws and poorly implemented features are a major issue, Dixit says, with many car companies still preferring bolt on security fixes over secure design. 

Report: Major Upgrade, Investments Needed to Secure Connected Vehicles, Infrastructure

Report: Major Upgrade, Investments Needed to Secure Connected Vehicles, Infrastructure

In-brief: a report by the Cloud Security Alliance calls for a bottom up remake of infrastructure to support connected vehicles and warns of more, serious attacks as connected vehicles begin interacting with each other and with connected – but insecure – infrastructure. 

A visualization of infections linked to the WannaCry ransomware.  (Image courtesy of MalwareTech.com)

Updated: Fatal Flaw Slows WannaCry Ransomware Spread, but Threats Remain

In-brief: A fatal flaw in its design slowed the spread of WannaCry, a virulent ransomware program that has infected more than 100,000 organizations and individuals globally.