Cyber Security and Information Systems Information Analysis Center
Millions of newer Intel microprocessors manufactured after 2012 are vulnerable to a new type of side-channel attack dubbed SWAPGS. SWAPGS is similar to existing side-channel attacks such as Spectre and Meltdown and similarly could allow a hacker to gain access to sensitive data such as passwords and encryption keys on consumer and enterprise PCs.
https://threatpost.com/new-swapgs-side-channel-attack-bypasses-spectre-and-meltdown-defenses/147034/
It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
https://www.vice.com/en_us/article/evj4qw/these-iphone-lightning-cables-will-hack-your-computer
Ransomware has become a major threat to computer systems in recent years, as high-profile attacks have locked users out of personal computers, hospitals, city governments, and even The Weather Channel. Now, security researchers have discovered that another device that might be at risk: a DSLR camera.
In response to a DOD Chief Information Officer (CIO) directive, the Defense Information Systems Agency Services Development Directorate deployed Department of Defense Secure Access File Exchange (DOD SAFE) Aug. 15. DOD SAFE, a replacement for the U.S. Army Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange
https://www.disa.mil/newsandevents/2019/secure-access-file-exchange
This is the nightmare scenario for system administrators around the world: Several severe security flaws affecting all Windows versions since Windows XP have just been made public today and Microsoft has barely released the appropriate security update which took 90 days-which is the common disclosure window before vulnerabilities are made public-to develop.
The device manufacturer in a Thursday Black Hat USA 2019 session said it will open the historically private program to all researchers in the fall. In addition, it plans to drastically boost some rewards for vulnerabilities found in its devices - including a $1 million payout - and adding a much-wanted program for its Mac devices.
https://threatpost.com/apple-upgrades-bug-bounty-program-adds-macs-1m-reward
Security researchers attending the annual Black Hat hacker convention in Las Vegas have managed to bypass the iPhone FaceID user authentication in just 120 seconds. The way they did it may well surprise you, but should it worry you as well?
Here at a session at DEF CON on Thursday, the researchers shed light on their work "breaking" Google Home. What made the talk unique wasn't necessarily that Google Home smart speakers could be compromised using Megellan - that was public news in Dec. 2018 - rather it was how the hack was pulled off.
Several serious privacy flaws in a kid's tablet were disclosed this year at Black Hat, which could allow a bad actor to track or send messages to children.
https://threatpost.com/black-hat-leapfrog-tablet-flaws-let-attackers-track-message-kids/
Capital One and GitHub have been hit with a class-action lawsuit over the recent data breach that resulted in the data of over 100 million Capital One customers and credit card applicants being exposed. The law firm Tycko & Zavareei LLP filed the lawsuit on Thursday, arguing that GitHub and Capital One demonstrated negligence in their response to the breach.
The CSIAC is a DoD-sponsored Center of Excellence in the fields of Cybersecurity, Software Engineering, Modeling & Simulation, and Knowledge Management & Information Sharing.Learn More
| Phone: | 800-214-7921 |
| Email: | info@csiac.org |
| Address: | 266 Genesee St. Utica, NY 13502 |
