Weak Encryption Leaves Mobile Health App at Risk for Hacking

Data Breach Today

DHS, Philips Issue Advisories for HealthSuite Android Health App The lack of strong encryption in Philips' HealthSuite Health Android app leaves the mobile health software vulnerable to hacking, according to a new advisory issued by the medical device manufacturer and an alert from the Department of Homeland Security

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.


Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Kali Project Encryption and Isolation Using Vagrant and BitLocker

Perficient Data & Analytics

Create a BitLocker-protected virtual drive to provide “encryption at rest” data protection for your project files and data portability for archival purposes. Provision a clean Kali Linux virtual machine, configured with an encrypted virtual storage device that provides “encryption at rest” for the virtual machine itself. A configured and Vagrant-managed Kali virtual machine where the associated virtual storage device has been encrypted by Virtualbox.

The Debate Over How to Encrypt the Internet of Things

WIRED Threat Level

So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods. Security Security / Security News

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

The Last Watchdog

Related: Marriott reports huge data breach Ever thought about encrypting the data held on a portable storage device? Launched as a one-man operation in 2007, DataLocker has grown into a leading manufacturer of encrypted external drives, thumb drives, flash drives and self-encrypting, recordable CDs and DVDs. I had the chance at RSA 2019 to visit with Shauna Park, channel manager at DataLocker, to discuss what’s new in the encrypted portable drive space.

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. And I certainly agree that the benefits of a standardized encryption algorithm that we all trust and use outweigh the cost by orders of magnitude.

Backdoor Discovered in Xplora Children's Smartwatch

Data Breach Today

Chinese Manufacturer Issues a Patch to Remove the Code The Xplora 4 kids smartwatch was shipped with a backdoor that could be activated remotely by an encrypted SMS to take secret screenshots.

Pitney Bowes Battles Second Ransomware Attack

Data Breach Today

Mailing Equipment Manufacturer Suffered Another Attack Last October After suffering a ransomware attack last October that left several systems inaccessible, mailing equipment manufacturer Pitney Bowes reports that it recently blocked another ransomware attack before any data was encrypted and says there's "no evidence of further unauthorized access to our IT systems

AUSTRALIA: Assistance and Access Act, December 2018 – Holy grail of uncertainty created by new rushed-in data encryption laws

DLA Piper Privacy Matters

According to its Explanatory Memorandum, the Act is intended to ‘introduce measures to better deal with the challenges posed by ubiquitous encryption ‘ It amends primarily the existing Telecommunications Act 1997 to establish frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies, via the issuing of technical assistance requests, technical assistance notices and technical capability notices.

FTC Orders Mobile Device Manufacturers to Provide Information about Security Updates for Study

Hunton Privacy

On May 9, 2016, the Federal Trade Commission announced it had issued Orders to File a Special Report (“Orders”) to eight mobile device manufacturers requiring them to, for purposes of the FTC’s ongoing study of the mobile ecosystem, provide the FTC with “information about how [the companies] issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.”

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys

WIRED Threat Level

Encryption flaws in a common anti-theft feature expose vehicles from major manufacturers. Security Security / Cyberattacks and Hacks

Hackers are Hurting the Internet of Things in More Ways Than you Think


With this method, they can capture the cryptographic keys to unlock the encryption that secures your IoT data. With keys in hand, cyberthugs can access and sift through data that the encryption was meant to protect. They can also include smart sensors and different apparatuses in critical infrastructure sectors like manufacturing, energy, transportation systems and more than a dozen others that the Department of Homeland Security has identified.

IoT 63

Wi-Fi Chip Vulnerability

Schneier on Security

There's a vulnerability in Wi-Fi hardware that breaks the encryption : The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. encryption hacking hardware patching vulnerabilities wifi

US Navy Memo Raised Cyberscurity Concerns About DJI Drones

Data Breach Today

Army ordered that the use of drones made by Chinese manufacturer DJI be discontinued, citing security concerns. Now, a second classified memo used to support that decision has been released, revealing serious concerns about how cyberspies could intercept video and other encrypted data Once Classified Document Finally Released In 2017, the U.S.

IoT Inspector Tool from Princeton

Schneier on Security

From their blog post : Finding #3: Many IoT Devices Contact a Large and Diverse Set of Third Parties In many cases, consumers expect that their devices contact manufacturers' servers, but communication with other third-party destinations may not be a behavior that consumers expect. Dahua is also a security camera manufacturer, although Amcrest's website makes no references to Dahua. Amcrest customer service informed us that Dahua was the original equipment manufacturer.

IoT 64

Qualcomm and MediaTek Wi-Fi chips impacted by Kr00k-Like attacks

Security Affairs

Wi-Fi chips manufactured by Qualcomm and MediaTek are impacted by vulnerabilities similar to the Kr00k issue disclosed early this year. Unlike Kr00k attacks, the attacker is not able to access to all the encrypted data because the process doesn’t use a single zero key for encryption.

DoppelPaymer ransomware gang hit Foxconn electronics giant

Security Affairs

Electronics contract manufacturer Foxconn is the last victim of the DoppelPaymer ransomware operators that hit a Mexican facility. The hackers also claim to have stolen unencrypted files before encrypting the targeted systems.

Spotlight Podcast: Synopsys’ Dan Lyon on the Challenge of Securing Connected Medical Devices

The Security Ledger

Dan and I discuss some of the flaws in the approach that medical device makers take to security, and how manufacturers can take a page out of their own book: applying the same standards to cyber security as they do to – say- device safety. . How is it that a manufacturer can possess the design savvy to make an electronic device that lives within the human body, yet fail utterly to understand and account for the possibility of even trivial electronic manipulation and attacks?

IPG Photonics high-performance laser developer hit with ransomware

Security Affairs

manufacturer of high-performance fiber lasers for diverse applications and industries was hit by a ransomware attack that disrupted its operations. IPG Photonics manufactures high-performance fiber lasers, amplifiers, and laser systems for diverse applications and industries.

New Guidance Published on Cybersecurity and Medical Devices

Data Matters

New European medical device guidance will require manufacturers to carefully review cybersecurity and IT security requirements in relation to their devices and in their product literature. The Guidance is intended to assist medical device manufacturers meet the new cybersecurity requirements in the Medical Devices Regulation (MDR) and the In Vitro Diagnostic Regulation (IVDR) (collectively, the Regulations).

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo

Krebs on Security

Ransomware attackers often spend weeks or months inside of a target’s network before attempting to deploy malware across the network that encrypts servers and desktop systems unless and until a ransom demand is met.

KNOB attack threatens over a billion Bluetooth-enabled devices

Security Affairs

A vulnerability tracked as CVE-2019-9506 and referred as Key Negotiation of Bluetooth ( KNOB ) attack could allow attackers to spy on encrypted connections. Researchers at the Center for IT-Security, Privacy and Accountability (CISPA) found a new Bluetooth vulnerability, referred as Key Negotiation of Bluetooth (KNOB) attack, that could allow attackers to spy on encrypted connections. “The encryption key length negotiation process in Bluetooth BR/EDR Core v5.

eCh0raix ransomware is back and targets QNAP NAS devices again

Security Affairs

The ransomware targets poorly protected or vulnerable NAS servers manufactured by Taiwan-based QNAP Systems, attackers exploits known vulnerabilities or carry out brute-force attacks. The ransomware, tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali, is written in the Go programming language and uses AES encryption to encrypt files. encrypt extension to filenames of encrypted files.

Technology giant Konica Minolta hit by a ransomware attack

Security Affairs

The company manufactures business and industrial imaging products, including copiers, laser printers, multi-functional peripherals (MFPs) and digital print systems for the production printing market.

5 Ways to Ensure Home Router Security with a Remote Workforce

Adam Levin

Ensure remote workers are more secure by following these five tips: Change the Default Password: Routers should have the manufacturer default password updated the moment it’s turned on and connected. Update the Firmware: Router manufacturers are constantly issuing updates and patches for newly discovered firmware vulnerabilities. Enable Wireless Encryption: Most households use wireless rather than cabled routers to access the internet.

Consumer Reports Reviews Wireless Home-Security Cameras

Schneier on Security

The video is encrypted, and it travels from the camera through D-Link's corporate servers, and ultimately to the user's phone. Users can also access the same encrypted video feed through a company web page, mydlink.com. If you do this, the web server on the camera doesn't encrypt the video. This is the sort of sustained pressure we need on IoT device manufacturers. Consumer Reports is starting to evaluate the security of IoT devices.

The Growing Presence (and Security Risks) of IoT

Thales eSecurity

In the absence of IoT security regulations, many smart product manufacturers simply release new devices that lack built-in security measures and have not undergone proper security review and testing. Take manufacturing, for instance. As systems become increasingly automated, manufacturers will begin deploying Industrial Internet of Things (IIoT) on the plant floor and/or incorporating smart gadgets into their products.

A new NAS Ransomware targets QNAP Devices

Security Affairs

The ransomware targets poorly protected or vulnerable NAS servers manufactured by Taiwan-based QNAP Systems, attackers exploits known vulnerabilities or carry out brute-force attacks. The ransomware , tracked by Intezer as “ QNAPCrypt ” and “ eCh0raix ” by Anomali , is written in the Go programming language and uses AES encryption to encrypt files. encrypt extension to filenames of encrypted files. base64 encoded encrypted data].

Attack Against PC Thunderbolt Port

Schneier on Security

The attack requires physical access to the computer, but it's pretty devastating : On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer -- and even its hard disk encryption -- to gain full access to the computer's data.

IoT Cybersecurity: 5 Major Vulnerabilities and How to Tackle Them

Security Affairs

As an example, we could use communications between systems that are not properly encrypted. Improper encryption. Hackers or other malicious sources can intercept poorly encrypted communications on the web. The Flaws in Manufacturing Process.

IoT 92

P2P Weakness Exposes Millions of IoT Devices

Krebs on Security

But according to an in-depth analysis shared with KrebsOnSecurity by security researcher Paul Marrapese , iLnkP2P devices offer no authentication or encryption and can be easily enumerated, allowing potential attackers to establish a direct connection to these devices while bypassing any firewall restrictions. “Software-based remediation is unlikely due to the infeasibility of changing device UIDs, which are permanently assigned during the manufacturing process.

IoT 196

Facebook Plans on Backdooring WhatsApp

Schneier on Security

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. Embedding content scanning tools directly into phones would make it possible to scan all apps, including ones like Signal, effectively ending the era of encrypted communications.

Sodinokibi ransomware gang stole 1TB of data from Brown-Forman

Security Affairs

Based in Louisville, Kentucky, it manufactures several well-known brands throughout the world, including Jack Daniel’s, Early Times, Old Forester, Woodford Reserve, GlenDronach, BenRiach, Glenglassaugh, Finlandia, Herradura, Korbel, and Chambord.

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

The Last Watchdog

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI , a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. The role of the CAs is to diligently verify the authenticity of websites, and then help the website owners encrypt the information that consumers type into their web page forms. Fortanix is supplying the advanced encryption technology underpinning Google’s new service.

MY TAKE: Why IoT systems won’t be secure until each and every microservice is reliably authenticated

The Last Watchdog

First, the identities of any two digital entities – a sensor and a control server, for instance, or even a microservice and a container — must be authenticated, and, second, the data exchanged between any two such digital instances must be encrypted. I’m referring to the Public Key Infrastructure, or PKI, and the underlying TLS/SSL authentication and encryption protocols.

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

Security Affairs

Ransomware operators leverage a custom antivirus killing p ackage that is delivered to workstations to disable security solution before starting encryption. “Sophos has been investigating two different ransomware attacks where the adversaries deployed a legitimate, digitally signed hardware driver in order to delete security products from the targeted computers just prior to performing the destructive file encryption portion of the attack.”

Ransomware at IT Services Provider Synoptek

Krebs on Security

based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

Carried out by ReRez Research , DigiCert’s poll queried senior officials at organizations in the fields of healthcare, industrial manufacturing, consumer products and transportation ranging in size from 999 to 10,000 employees. The companies with a good handle on things have discovered how to leverage robust authentication and encryption regimes to help maintain the integrity of their IoT systems.”.

IoT 135

A new piece of Snake Ransomware targets ICS processes

Security Affairs

Then the malware encrypts the files on the system, skipping Windows system files and folders. a file named invoice.doc is encrypted and renamed like invoice.docIksrt. The experts noticed that the malware appends the ‘ EKANS ‘ file marker to each encrypted file. Deleting or locking targeted ICS processes would prohibit manufacturing teams from accessing vital production-related processes including analytics, configuration and control,” reads the report published by Otorio.

QakBot Big Game Hunting continues: the operators drop ProLock ransomware for Egregor

Security Affairs

First, the initial access is always gained via QakBot delivered through malicious Microsoft Excel documents impersonating DocuSign-encrypted spreadsheets. Egregor’s favorite sectors are Manufacturing (28.9%