The U.S. Federal Trade Commission announced a settlement with ASUSTeK Computer over sloppy security settings tied to its routers.
Tag Archives: Uncategorized
Healthcare data breaches lead more patients to withhold information from doctors
New survey suggests medical data breaches increase the number of patients who hold back information from doctors due to concerns about the security or privacy of medical records, undermining treatment.
The post Healthcare data breaches lead more patients to withhold information from doctors appeared first on We Live Security.
Facebook, Researcher Spar Over Instagram Vulnerabilities
Facebook is at odds with a security researcher over a number of Instagram vulnerabilities that allowed the researcher to access SSL and other private keys, as well as user and employee data.
One BadBarcode Spoils Whole Bunch
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
One BadBarcode Spoils Whole Bunch
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
The great car hacking debate
Can cars be hacked remotely or is the idea of remotely hackable cars still only a hypothetical threat? Evidence is presented to help answer this question.
The post The great car hacking debate appeared first on We Live Security.
Viruses, bulletins, surveys, and gender: hashtag #VB2015
Virus Bulletin 2015 in Prague could be the biggest ever, a great place to discover the latest developments in malware protection and information security, and address issues like the infosec skills gap.
The post Viruses, bulletins, surveys, and gender: hashtag #VB2015 appeared first on We Live Security.
UK’s NCA calls for global approach to cybercrime
An international effort between security organizations is needed to fight cybercrime, says the UK’s National Crime Agency.
The post UK’s NCA calls for global approach to cybercrime appeared first on We Live Security.
Important security notice regarding signing key and distribution of Red Hat Ceph Storage on Ubuntu and CentOS
Last week, Red Hat investigated an intrusion on the sites of both the Ceph community project (ceph.com) and Inktank (download.inktank.com), which were hosted on a computer system outside of Red Hat infrastructure.
download.inktank.com provided releases of the Red Hat Ceph product for Ubuntu and CentOS operating systems. Those product versions were signed with an Inktank signing key (id 5438C7019DCEEEAD). ceph.com provided the upstream packages for the Ceph community versions signed with a Ceph signing key (id 7EBFDD5D17ED316D). While the investigation into the intrusion is ongoing, our initial focus was on the integrity of the software and distribution channel for both sites.
To date, our investigation has not discovered any compromised code available for download on these sites. We can not not fully rule out the possibility that some compromised code was available for download at some point in the past.
For download.inktank.com, all builds were verified matching known good builds from a clean system. However, we can no longer trust the integrity of the Inktank signing key, and therefore have re-signed these versions of the Red Hat Ceph Storage products with the standard Red Hat release key. Customers of Red Hat Ceph Storage products should only use versions signed by the Red Hat release key.
For ceph.com, the Ceph community has created a new signing key (id E84AC2C0460F3994) for verifying their downloads. See ceph.com for more details.
Customer data was not stored on the compromised system. The system did have usernames and hashes of the fixed passwords we supplied to customers to authenticate downloads.
To reiterate, based on our investigation to date, the customers of the CentOS and Ubuntu versions of Red Hat Ceph Storage should take action as a precautionary measure to download the rebuilt and newly-signed product versions. We have identified and notified those customers directly.
Customers using Red Hat Ceph Storage products for Red Hat Enterprise Linux are not affected by this issue. Other Red Hat products are also not affected.
Customers who have any questions or need help moving to the new builds should contact Red Hat support or their Technical Account Manager.
Bundestag computer system goes offline
The computer system in the Bundestag is now offline, to allow technicians to perform essential maintenance work.
The post Bundestag computer system goes offline appeared first on We Live Security.
