Security researchers have found a vulnerability in the backbone of the electronic ID (eID) cards system used by the German state. The vulnerability, when exploited, allows an attacker to trick an online website and spoof the identity of another German citizen when using the eID authentication option.There are some hurdles that an attacker needs to pass before abusing this vulnerability, but the researchers who found it say their eID spoofing hack is more than doable.The vulnerability doesn't reside in the radio-frequency identification (RFID) chip embedded in German eID cards, but in the software kit implemented by websites that want to support eID authentication.The vulnerable component is named the Governikus Autent SDK and is one of the SDKs that German websites, including government portals, have used to add support for eID-based login and registration procedures.SEC Consult, the German cyber-security firm who discovered the flaw in this SDK, says it already reported the issue to … [Read more...] about German eID card system vulnerable to online identity spoofing
Online cyber security degree
Predictions are tough, but even moreso in the chaotic world of cyber security. The threat landscape is huge, offensive and defensive technologies are evolving rapidly, and nation-state attacks are increasing in terms of scope and sophistication.This cyber “fog of war” makes it hard to see or assess every trend. Last year, for example, CSO’s predictions for 2018 did not anticipate the rapid rise of cryptomining. In hindsight, this relatively easy to execute, lower risk way for cyber criminals to monetize their efforts should have been an obvious choice.Still, we got a few things right: more automation of threat-detection processes, significant rise in attacks using compromised IoT devices, and the decline of trust in the face of rising cyber crime, to name a few.This year, we asked CSO staff and contributors to tell us the biggest events or trends they anticipate for the next 12 months. Here are their top 9.1. Ransomware tapers off, but still wreaks havocRansomware … [Read more...] about 9 cyber security predictions for 2019
Victoria's La Trobe University will be offering an Applied Cloud Technology bachelor's degree thanks to a partnership with cloud giant Amazon Web Services (AWS). The three-year degree, claimed as the first of its kind in Australia, has been developed by online learning provider Didasko, and will be offered as a full or part-time study option exclusively online. The learning content is based on materials adapted from AWS global programs, specifically AWS Educate and AWS Academy, which include resources from AWS Certified Cloud Practitioner and AWS Associate Solutions Architect certifications, as well as focusing on machine learning, big data analytics, and cybersecurity, a statement from AWS explained. "When we speak with our customers across public sector, startups, small-to-medium business, and large enterprises, there is one common theme -- they are all looking for talent skilled in applying AWS services to help them remediate technical debt and drive innovation," regional … [Read more...] about AWS and La Trobe offering applied cloud bachelor’s degree
Video: What could be the real-world consequences of digital attacks? The increasing sophistication and power of state-backed cyber attacks has led some experts to fear that, sooner or later, by design or by accident, one of these incidents will result in somebody getting killed. It might sound far-fetched, but a former head of the UK's intelligence agency has already warned about the physical threat posed by cyber attacks and the potential damage they could do. "Nation-states are getting more sophisticated and they're getting more brazen. They're getting less worried about being caught and being named -- and of course that's a feature of geopolitics," said Robert Hannigan, who served as director general of GCHQ from 2014 to 2017. "The problem is the risk of miscalculation is huge," he said, speaking at a security conference in London last month. "If you start to tamper with industrial control systems, if you start to tamper with health systems and networks, it feels like it's … [Read more...] about Cyberwar: What happens when a nation-state cyber attack kills?
The former chief information officer of the US Department of Defense has said an organisation’s cyber security budget is most effectively spent on educating staff, rather than technology.“The single threat to your system is people. Some of it not even malicious. People ask what keeps me up at night? It’s people,” Terry Halvorsen last week told an American Chamber of Commerce event in Sydney. “The best investment anybody can make in security has very little, initially, to do with technology. It’s make sure you have educated your workforce on IT, operations, cyber hygiene,” he added. Halvorsen joined Samsung as executive vice president and CIO of the company's mobile communications division in April last year. His current role came after a two year stint as CIO of the Department of Defense, and time as CIO of the Department of the Navy and deputy commander of the Navy Cyber Forces. Halvorsen, who served as an intelligence officer during the … [Read more...] about Ex US Defense CIO: Spend cyber budget on people before tech