Threat of Year 2036/2038 vulnerabilities detailed Threat actors could harness the "Year 2036 Problem" and "Year 2038 Problem" rollover vulnerabilities impacting systems using older Network Time Protocol versions and those that leverage a 32-bit integer for time storage, respectively, to prompt significant disruptions over a decade before they are actually triggered, according to SecurityWeek.
Cybersecurity Dive reports that internet-exposed industrial control system devices were discovered by Bitsight to have increased from almost 160,000 to over 180,000 between the beginning and end of 2024, and are poised to exceed 200,000 by the end of 2025.
Hackread reports that the most significant Layer 7 distributed denial-of-service attack aimed at a government entity, which involved a botnet composed of 5.76 million breached internet-connected devices and systems around the world, was averted by Qrator Labs earlier this month.
This week: Americans Can't Hack It, Copy and paste to get malware, Pixel 5 web servers - because you can, How they got in and why security is hard, Vulnerability management is failing - is it dead yet?, Exploiting hacker tools, Bluetooth spending spree!, How to defend your car, IoT security solutions and other such lies, Exploiting IBM i (formerly ...
Dawn Capelli, Head of OT-CERT at Dragos, unpacks the evolving risks to Operational Technology. From nation-state attacks on Ukraine’s infrastructure to hacktivists targeting U.S. water systems, she explains the PIPEDREAM malware, the top five SANS critical OT controls, and how Dragos’ OT-CERT program offers free resources to help organizations defe...
In the secure news: Automakers respond to Flipper Zero attacks, More on the unconfirmed Elastic EDR 0-Day, When Secure Boot does its job too well, Crazy authenitcation bypass, Hacker ultimatums, AI Slop, Impatient hackers, Linux ISOs are malware, Attackers love drivers, Hacking Amazon's Eero, the hard way, Exploits will continue until security impr...
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
