news

Report: Hacked Password Behind Compromise of 75m JPMorgan Accounts

The top news this week is about Wall Street giant JP Morgan Chase, which disclosed on Thursday that a previously disclosed breach was much larger than initially believed, affecting more than 75 million account holders. And once again, reports suggest that a compromised employee account may be at the root of the incident. Bloomberg, which first broke the news of the cyber attack on JPMorgan Chase in August, said on Friday that hackers exploited an employee’s access to a development server as part of an attack on a JPMorgan Chase & Co. server that led to one of the largest cyber-attacks ever and the theft of data on 76 million households and 7 million small businesses. According to the Bloomberg report, which cited “people familiar with the bank’s review,” the breach started in June when an employee’s user name and password for what’s described as “a web-development server” were compromised. From that […]

Continue Reading

Unpatchable USB Malware Now Open Source | WIRED

Andy Greenberg over at Wired has an interesting piece of news coming out of last week’s Derbycon hacker conference in Louisville, Kentucky. According to Greenberg and Wired, researchers Adam Caudill and Brandon Wilson showed off their own version of Karsten Nohl and Jakob Lell’s BadUSB malware, and that they’d released the code on Github.   Their presentation raises the stakes for USB manufacturers to fix the BadUSB problem or leave hundreds of millions of users vulnerable, Greenberg writes. At a presentation at the Black Hat Briefings in August, Nohl and Lell, both of Security Research Labs (SRLabs), showed how the controller chips inside common USB devices can be reprogrammed, allowing USB peripherals to impersonate other kinds of devices.  Among other things, Nohl demonstrated how a BadUSB infected device could emulate a USB keyboard, issuing commands to a connected machine using the permissions of the logged-in user. Alternatively, an infected USB could spoof a […]

Continue Reading

DARPA Tech Identifies Counterfeit Microelectronics

The U.S. Defense Advanced Research Projects Administration (DARPA) announced on Wednesday that advanced software and equipment it developed to spot counterfeit microelectronics in U.S. weapons and cyber security systems has been handed over to military contractors to continue development. DARPA said the product of its Integrity and Reliability of Integrated Circuits (IRIS) program: the Advanced Scanning Optical Microscope (ASOM) technology was transferred to the Naval Surface Warfare Center (NSWC) in Crane, Indiana, where it will be used to inspect microelectronics for signs of tampering or compromise. The technology was developed with the help of SRI International, an IRIS contractor. Read more Security Ledger coverage of supply chain risks. “The ASOM technology housed at NSWC Crane will help engineers provide forensic analysis of microelectronics, including integrated circuits (IC) confiscated by law enforcement officials,” DARPA said in a statement. The DoD is a major buyer of integrated circuit chips, which are mainly manufactured outside the U.S. […]

Continue Reading

FDA Issues Guidance on Security of Medical Devices

The U.S. Food and Drug Administration (FDA) issued final guidance on Wednesday that are designed to strengthen the safety of medical devices. The FDA called on medical device manufacturers to consider cyber security risks as part of the design and development of devices. The document, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices,” asks device makers to submit documentation to the FDA about any “risks identified and controls in place to mitigate those risks” in medical devices. The guidance also recommends that manufacturers submit documentation of plans for patching and updating the operating systems and medical software that devices run. The document, which will be released on Thursday, does not contain specific requirements. Rather, it describes the kinds of things that medical device manufacturers should consider when preparing pre-market submissions for medical devices in areas such as information confidentiality, integrity, and availability, the FDA said. The release of the document follows the […]

Continue Reading

For Cyber Security Awareness Month: Change Your Passwords, Or Ditch Them?

October has arrived. And while that means colorful foliage and Halloween for many of us, it is also a special time in the information security industry: cyber security awareness month – or NCSAM. Security Ledger will be supporting NCSAM this month with banner ads and other content that highlight NCSAM events. Cyber Security Awareness Month – in its 11th year-  is a public-private effort to raise public awareness about online security and safety. It’s best known for the “Stop. Think. Connect.” meme, but also is an occasion for elected officials and private sector firms to highlight cyber security issues. In a Presidential Proclamation released on Tuesday, President Obama called cyber threats “one of the gravest national security dangers the United States faces.” “They jeopardize our country’s critical infrastructure, endanger our individual liberties, and threaten every American’s way of life. When our Nation’s intellectual property is stolen, it harms our economy, […]

Continue Reading
1 53 54 55 56 57 76