In-brief: a 2013 ruling by the Supreme Court that limited the right of Amnesty International to sue the government for damages caused by the actions of the secretive Foreign Intelligence Surveillance Act (FISA) court is being used by Home Depot to question consumers’ right to sue for damages related to a massive theft of credit cards from that company in 2014.
In-brief: serious breaches of hospital networks are almost certainly more common than has been reported, as compromised medical devices often hide the telltale signs of malware infection and data theft, according to a report from the security firm TrapX.
In-brief: Is the massive breach at the U.S. Government’s Office of Personnel Management a success story? Given the dire state of risk management within the federal government, the answer may be ‘yes.’
In-brief: Security Ledger sat down with Dell’s CISO Alan Daines last Friday for a conversation about managing risk in one of the world’s largest technology firms. You can check out the video of our conversation now.
If you want an object lesson in the dangers that await us on the Internet of Things, check out SEC Consult’s write up on NetUSB, a widely used technology developed by an obscure Taiwanese company that just happens to contain a nasty, remotely exploitable vulnerability. According to this alert, published on Tuesday, NetUSB “suffers from a remotely exploitable kernel stack buffer overflow” that could be used to run malicious code on affected devices. Even worse: the NetUSB component is ubiquitous – found in a long list of devices, from low-end wireless access points and broadband routers for small office and home office deployments to what SEC Consult called “high end devices…released very recently.” Networking devices from 26 vendors, including TP-Link, NetGear and others were found to use the NetUSB technology in their products. The vulnerability discovered by SEC Consult is straight-forward enough. According to their advisory, the NetUSB code does an inadequate […]
