Lifeboat Foundation

It’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

More than a dozen U.S. utilities that were targets in a recent wave of cyberattacks have been identified by The Wall Street Journal. Some of the utilities, most of which are relatively small, are located near dams, locks and other critical infrastructure.

These electricity providers were singled out in a hacking campaign that was brought to light in August by researchers at a Silicon Valley cybersecurity company. But little was known about the attacks until now.

Hacking the Pixel’s Titan M chip and finding exploits in the developer preview versions of Android will earn you the big bucks.

The recent shift away from IT networks raises the possibility that Iran’s APT33 is exploring physically disruptive cyberattacks on critical infrastructure.

The botnet’s main function is the ability to conduct DDoS attacks, a feature it has not used yet.

Google has increased the maximum prize for its Android bug bounty program to $1 million for anyone who can compromise the Titan M security chip found in its Pixel phones. The top prize is for a “full chain remote code execution exploit with persistence” of the dedicated security chip. On top of that, there’s an additional 50 percent bonus if a security researcher is able to find an exploit on specific developer preview versions of Android, resulting in a potential prize of $1.5 million. The new rewards take effect starting today.

Introduced with 2018’s Pixel 3, Google’s Titan M security chip cordons off your smartphone’s most sensitive data from its main processor to protect against certain attacks. Google says the chip offers “on-device protection for login credentials, disk encryption, app data, and the integrity of the operating system.” Since its introduction, the chip has also been integrated with Android’s security key functionality where it’s used to store a person’s FIDO credentials. Suffice it to say, the integrity of the Titan M is an important element for the security of recent Pixel devices.

The healthcare industry stores some of the sensitive personal information there can be about people: hackers know this and are looking to exploit what they view as an easy target.

PureLocker ransomware appears to have links to some of the most prolific cyber-criminal operations active in the world today.

Fortress Information Security and AEP launched the Asset to Vendor (A2V) Network to help electric utility providers collaborate for more effective cybersecurity.