China is attempting to cover up inexplicable delays in public reporting of high-risk software security holes by changing the dates of vulnerability-publication to its national vulnerability database so they match those in the U.S. database, according to new research by Recorded Future.
Podcast: Play in new window | DownloadSubscribe: Android | RSSIn this week’s episode of The Security Ledger Podcast (#86) we speak with Dr. Kevin Fu of the University of Michigan about research he conducted that casts doubts on reports of mysterious acoustic attacks on US embassy employees in Havana, Cuba. Also: Chip Block of Evolver talks about the Securities and Exchange Commission’s expanded cyber security guidance. And finally: thousands of radiologic sensors were deployed in the U.S. following the attacks of September 11 2001. We’ll look at new efforts to secure those systems from cyber attack.
Equifax on Thursday disclosed that 2.4 million additional customers had information stolen in a 2017 cyber attack. The company said it overlooked the victims in prior forensic analysis of the incident.
Iran’s Chafer hacking group is targeting aviation repair and maintenance firms in an apparent effort to obtain information needed to shore up the safety of that country’s fleet of domestic aircraft, according to research by the firm Symantec.
Consumer advocates and proponents of right to repair laws in 17 states have a new enemy to worry about. The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers.*