BayPay Members Blogs

This additional resource is sponsored by The BayPay Forum.

Privilege Escalation Vulnerability Found in Rapid7 InsightIDR

view counter
An easy-to-exploit local privilege escalation vulnerability has been found and patched in Rapid7’s InsightIDR intruder analytics solution, a researcher revealed on Monday. InsightIDR is a product advertised by Rapid7 as a...
Continue reading
  0 Comments
0 Comments

Tales From the SOC: Municipal Edition

view counter
As a threat researcher, I’ve advised security teams of organizations big and small, across both public and private sectors. So after a decade in DFIR, people often ask me about the...
Continue reading
  0 Comments
0 Comments

Apple Unveils Privacy-Focused Authentication System

Sign in with Apple
view counter
Apple announced on Monday at its 2019 Worldwide Developers Conference (WWDC) a new authentication system that should provide better privacy protections compared to similar products from Facebook and Google. The new...
Continue reading
  0 Comments
0 Comments

Top Australian University Reports Vast, 'Sophisticated' Hack

view counter
A top Australian university with close ties to the country's government and security services on Tuesday said it had been the victim of a vast hack by a "sophisticated operator" who...
Continue reading
  0 Comments
0 Comments

Beyond Biometrics: The Future of Authentication

view counter
As organizations become more and more digitally connected, concerns about secure access seem to loom larger than ever. With more users connecting to more resources, how can organizations ensure people requesting...
Continue reading
  0 Comments
0 Comments

Inside GCHQ's Proposed Backdoor Into End-to-End Encryption

view counter
The Open Technology Institute (OTI) has responded to GCHQ/NCSC's article on 'Principles for a More Informed Exceptional Access Debate' with an 'Open Letter to GCHQ on the Threats Posed by the...
Continue reading
  0 Comments
0 Comments

AMCA Breach Hits 12 Million Quest Diagnostics Patients

view counter
A data breach at billing collections service provider American Medical Collection Agency (AMCA) could impact many of the company’s customers. One victim is medical testing firm Quest Diagnostics and roughly 12...
Continue reading
  0 Comments
0 Comments

GandCrab Ransomware Authors Announce Shut Down

view counter
The authors of the GandCrab ransomware have reportedly announced on underground forums that they are closing their operation after claiming that they have earned over $150 million a year.  Offered as...
Continue reading
  0 Comments
0 Comments

New Attack Targets the Touchscreen of Smartphones, Researchers Reveal

view counter
A group of researchers has devised a new proof-of-concept attack that targets the touchscreen of Near-Field Communication (NFC)-enabled mobile devices such as smartphones and allows remote control of the devices.  Dubbed...
Continue reading
  0 Comments
0 Comments

Lab Testing Firm Eurofins Scientific Hit by Ransomware

view counter
Luxembourg-based laboratory testing services giant Eurofins Scientific on Monday revealed that some of its IT systems have been infected with a piece of ransomware. Eurofins Scientific provides food, pharma and environmental...
Continue reading
  0 Comments
0 Comments

Serious Vulnerabilities Found in Kace K1000 Appliance

view counter
Several vulnerabilities have been found and patched in the Kace K1000 systems management appliance from Quest. The impacted appliance allows enterprises to manage their network-connected devices, including to inventory hardware and...
Continue reading
  0 Comments
0 Comments

Hackers Can Bypass macOS Security Features With Synthetic Clicks

macOS security alert - Credits: Intego
Synthetic click attack
view counter
Hackers can use synthetic clicks to bypass many of the privacy and security features implemented last year by Apple in its macOS operating system, a researcher has revealed. Patrick Wardle, co-founder...
Continue reading
  0 Comments
0 Comments

Insight - African Perspectives on the Space Resources Dialogue

On May 23-24, 2019, a group of space agency, space industry, and academic experts from across the continent of Africa, as well as from the United States, Luxembourg, and Japan gathered...
Continue reading
  0 Comments
0 Comments

rkt Container Runtime Flaws Give Root Access to Host

view counter
Unpatched vulnerabilities found in the rkt container runtime can be exploited by an attacker to escape the container and gain root access to the host.  The flaws can be exploited to...
Continue reading
  0 Comments
0 Comments

SWF Scholarships for IAC 2019 are Available to Young Professionals

Secure World Foundation is pleased to announce that we will be accepting applications from young professionals for scholarships to aid in traveling to present papers at the 2019 International Astronautical Congress...
Continue reading
  0 Comments
0 Comments

Chrome Extensions Policy Hits Deceptive Installation Tactics

view counter
Google this week announced a new policy that aims at eliminating the use of deceptive installation tactics among Chrome browser extensions.  The new rules build on the changes the Internet search...
Continue reading
  0 Comments
0 Comments

Researchers Dissect PowerShell Scripts Used by Russia-Linked Hackers

view counter
Security researchers from ESET have analyzed several PowerShell scripts used by the Russia-linked Turla threat group in recent attacks.  Operating since at least 2008, the group is also known as Snake,...
Continue reading
  0 Comments
0 Comments

Microsoft Reminds Users to Patch Wormable 'BlueKeep' Vulnerability

view counter
Microsoft has reminded users to patch the Windows vulnerability tracked as BlueKeep and CVE-2019-0708 due to the high risk of exploitation. The vulnerability affects Windows Remote Desktop Services (RDS) and it...
Continue reading
  0 Comments
0 Comments

Public Exposure of Sensitive Files on the Internet is Getting Worse

view counter
2.3 billion files are currently exposed and accessible through misconfigured network-attached storage (NAS) devices, FTP and rsync servers, and Amazon S3 buckets to anyone on the internet. That's 750 million more...
Continue reading
  0 Comments
0 Comments

Facebook Loses Bid to Block Landmark ECJ Data Security Hearing

view counter
Ireland's supreme court on Friday dismissed a bid by Facebook to block a landmark data security case from progressing to the European Court of Justice. The top European court in Luxembourg...
Continue reading
  0 Comments
0 Comments