Plant security

Phishing attacks are still one of the best ways to gain access to a system. While there are solutions that provide the ability to capture and detect those types of threats in the email, many are missed. (Food Engineering)

Data breaches often originate behind your Defenses

While people who have shown themselves to be untrustworthy in the past are certainly a gamble, even good people have the capacity to willfully misuse their data privileges, particularly when someone feels as though they have been mistreated or disrespected, an otherwise trustworthy person could develop the motivation and ability to retaliate. (Infosecurity Magazine)

To err is human; to automate, divine

Misconfigurations are most likely to occur during security change processes – that is, when new rules are added, or existing ones changed or removed on a firewall. (Infosecurity Magazine)

Navy cyber director amps use of AI and computer automation

Computer automation can both track potential intru­ders and use advanced algorithms to replicate human behavior online by using deception techniques to lure and then track attackers. (Defence Systems)

Lab mistakenly ships radioactive material aboard commercial plane

The radioactive material had been packaged for ground transport, but by mistake was shipped via a commercial air cargo service. (Homeland Security News Wire)

Earthquake early warning vital for city transit

Slowing down the trains will reduce the number of derailments, and that will have a direct effect on reducing the number of injuries and deaths. (Homeland Security News Wire)

Microsoft patches critical windows DNS client vulnerabilities

”The Windows DNS client doesn’t do enough sanity checking when it processes a DNS response that contains an NSEC3 record,” Freeman wrote in a report released today. ”Malformed NSEC3 records can trigger this vulnerability and corrupt the memory of the DNS client. If this is done carefully, it can result in arbitrary code execution on the target system.” (Threatpost)

Asus patches router vulnerabilities

The vulnerabilities were found in a native web interface on the devices and allow an attacker on the same local network to change router settings, steal Wi-Fi passwords or leak system information. (Threatpost)

Google busy removing more malicious Chrome Extensions from web store

Swift on Security said the developer used Cyrillic Unicode characters in the extension name allowing the malicious plugins to again sidestep Google’s malware filters. (Threatpost)

Where do security vulnerabilities come from?

There are three major causes: code quality, complexity, and trusted data inputs. (Dark Reading)

Few major cloud storage security slip-ups

One text file contained more than four million records with information like user names, Mac accesses, serial numbers, account numbers, and transaction IDs. Other databases had addresses and phone numbers for TWC customers. (Dark reading)

Why size doesn’t matter in DDoS attacks

Small and midsize companies are tempting targets because often they are armed less with heavy tech investments, services, and staff. (Dark Reading)

4G cellular networks at risk of DoS attacks

Many mobile network operators were under the impression that all their security problems would be fixed with LTE/diameter-based protocol. (Dark Reading)

4G vulnerabilities put mobile users and even Smart Cities at risk, study

Fundamental deficiencies in the Evolved Packet Core could allow the disconnection one or more sub­scribers, the interception of Internet traffic and text messages, operator equipment malfunction, and other illegitimate actions. (SC Media)