In a groundbreaking initiative announced by the Department of Justice this week, federal contractors will be sued if they fail to report a cyber attack or data breaches. The newly introduced "Civil Cyber-Fraud Initiative" will leverage the existing False Claims Act to pursue contractors and grant recipients involved in what the DoJ calls "cybersecurity fraud." READ MORE...
Threat researchers investigating malware used to target companies in the aerospace and telecommunications sectors discovered a new threat actor that has been running cyber espionage campaigns since at least 2018. Dubbed ShellClient, the malware is a previously undocumented remote access trojan (RAT) built with a focus on being stealthy and for "highly targeted cyber espionage operations." READ MORE...
Unpatched Dahua cameras are prone to two authentication bypass vulnerabilities, and a proof of concept exploit that came out today makes the case of upgrading pressing. The authentication bypass flaws are tracked as CVE-2021-33044 and CVE-2021-33045, and are both remotely exploitable during the login process by sending specially crafted data packets to the target device. For more details on how that works, you may check out the proof of concept (PoC) that was part of today's full disclosure. READ MORE...
Medical device maker Medtronic is recalling remote controllers used with some of its insulin pumps due to cybersecurity risks that could lead to injury and even death. The recall is related to a series of vulnerabilities discovered by a team of cybersecurity researchers in 2018. In June 2019, the U.S. FDA and Medtronic informed the public of a recall of MiniMed 508 and Paradigm series insulin pumps due to vulnerabilities that could allow an attacker to remotely hack the devices. READ MORE...
Canopy, a parental control app that offers a range of features meant to protect kids online via content inspection, is vulnerable to a variety of cross-site scripting (XSS) attacks, according to researchers. The attacks could range from a sneaky kid disabling the monitoring to a much more serious third-party attack delivering malware to parental users. READ MORE...
The Department of Homeland Security (DHS) has teamed up with?the?Department of Commerce's National Institute of Standards?and?Technology (NIST) to release a roadmap on the best way for organizations to navigate the transition to post-quantum cryptography. The guide provides relevant stakeholders with achievable steps they can take to reduce the risks related to the advancement of quantum computing technology. READ MORE...