News - New England Safety Partners, LLC

Developer Sabotages Open-Source Software Package

March 21, 2022 Cyber Security Ed Gardner 0

A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software.
The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads…

Friday Squid Blogging: The Costs of Unregulated Squid Fishing

March 18, 2022 Cyber Security Ed Gardner 0

Greenpeace has published a report, “Squids in the Spotlight,” on the extent and externalities of global squid fishing.
News article.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t co…

NESP Welcomes Tim Richardson!

March 18, 2022 Welcome Ed Gardner 0

Tim Richardson brings 25 years of enterprise-level cyber security experience to New England Safety Partners, previously holding senior-level management roles in Auditing, Sales, Sales Engineering, Global Practice Management, Product Management, Product Marketing, and IT Management. Tim has advised clients how to address their cyber security risks and compliance management challenges across their enterprise environment in […]

Why Vaccine Cards Are So Easily Forged

March 18, 2022 Cyber Security Ed Gardner 0

My proof of COVID-19 vaccination is recorded on an easy-to-forge paper card. With little trouble, I could print a blank form, fill it out, and snap a photo. Small imperfections wouldn’t pose any problem; you can’t see whether the paper’s weight is right in a digital image. When I fly internationally, I have to show a negative COVID-19 test result. That, too, would be easy to fake. I could change the date on an old test, or put my name on someone else’s test, or even just make something up on my computer. After all, there’s no standard format for test results; airlines accept anything that looks plausible…

Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware

March 17, 2022 Welcome Ed Gardner 0

Researchers are tracking a number of open-source “protestware” projects on GitHub that have recently altered their code to display “Stand with Ukraine” messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.

“Change Password”

March 17, 2022 Cyber Security Ed Gardner 0

Oops:
Instead of telling you when it’s safe to cross the street, the walk signs in Crystal City, VA are just repeating ‘CHANGE PASSWORD.’ Something’s gone terribly wrong here.

Breaking RSA through Insufficiently Random Primes

March 16, 2022 Welcome Ed Gardner 0

Basically, the SafeZone library doesn’t sufficiently randomize the two prime numbers it used to generate RSA keys. They’re too close to each other, which makes them vulnerable to recovery.

There aren’t many weak keys out there, but there are some:

So far, Böck has identified only a handful of keys in the wild that are vulnerable to the factorization attack. Some of the keys are from printers from two manufacturers, Canon and Fujifilm (originally branded as Fuji Xerox). Printer users can use the keys to generate a Certificate Signing Request. The creation date for the all the weak keys was 2020 or later. The weak Canon keys are tracked as CVE-2022-26351…

NESP Welcomes Toby Miller!

March 15, 2022 Welcome Ed Gardner 0

Toby joined us in November of 2021 to help us with a number of our SOC2 clients. Toby is a strategic, results-driven infrastructure, security, and facilities expert with over 25 years of experience in leadership roles in both public and private companies with experience building, leading and advising technology companies through stages of rapid growth. […]

Lawmakers Probe Early Release of Top RU Cybercrook

March 15, 2022 Welcome Ed Gardner 0

Aleksei Burkov, a cybercriminal who long operated two of Russia’s most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov’s extradition to the U.S. for four years — even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison. But a little more than a year later, he was quietly released and deported back to Russia. Now some Republican lawmakers are asking why a Russian hacker once described as “an asset of supreme importance” was allowed to shorten his stay.

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

March 15, 2022 Welcome Ed Gardner 0

This will be law soon:

Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress.
[…]
The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President Joe Biden soon. It requires any entity that’s considered part of the nation’s critical infrastructure, which includes the finance, transportation and energy sectors, to report any “substantial cyber incident” to the government within three days and any ransomware payment made within 24 hours…

« 1 … 75 76 77 78 79 … 233 »