In-brief: the Department of Homeland Security is putting $4 million towards to research projects aimed at securing connected cars. (Updated to add comments from Dan Massey of DHS. – PFR 11/10/2015)
Vulnerabilities
Firm: Two iOS Exploits Could Qualify for $1 Million Bounty
In-brief: One team qualified for the $1 million bounty for a working, remote exploit or jailbreak for devices running Apples iOS 9 operating system, according to the security firm Zerodium. A second may also qualify for at least a partial bounty. However, Apple may only be informed of the holes at a later date.
Security Holes in Power Analyzers More Bad News for Industry
In-brief: Software security holes in widely used industrial equipment known as “power quality analysers” (sp) could enable remote attackers to disrupt or corrupt operations at firms across industries, according to a report released by the firm Applied Risk.
Update: Chinese Govt. Hackers Still Active Despite Truce
In-brief: A truce hammered out between U.S. President Barack Obama and Chinese President Xi Jinping in September hasn’t kept hacking groups that are believed to be affiliated with China’s People’s Liberation Army (PLA) from playing offense, according to a report from the security firm Crowdstrike. (Updated to add comment from Ken Westin of Tripwire. PFR 10/19/2015)
Adobe Flash Zero-Day Used in Attacks on Diplomats
In-brief: Trend Micro warned about targeted attacks on diplomatic missions that take advantage of a previously undiscovered hole in Adobe Flash.
