Security researchers have found a vulnerability in the backbone of the electronic ID (eID) cards system used by the German state. The vulnerability, when exploited, allows an attacker to trick an online website and spoof the identity of another German citizen when using the eID authentication option.There are some hurdles that an attacker needs to pass before abusing this vulnerability, but the researchers who found it say their eID spoofing hack is more than doable.The vulnerability doesn't reside in the radio-frequency identification (RFID) chip embedded in German eID cards, but in the software kit implemented by websites that want to support eID authentication.The vulnerable component is named the Governikus Autent SDK and is one of the SDKs that German websites, including government portals, have used to add support for eID-based login and registration procedures.SEC Consult, the German cyber-security firm who discovered the flaw in this SDK, says it already reported the issue to … [Read more...] about German eID card system vulnerable to online identity spoofing
Online cyber security degree
Predictions are tough, but even moreso in the chaotic world of cyber security. The threat landscape is huge, offensive and defensive technologies are evolving rapidly, and nation-state attacks are increasing in terms of scope and sophistication.This cyber “fog of war” makes it hard to see or assess every trend. Last year, for example, CSO’s predictions for 2018 did not anticipate the rapid rise of cryptomining. In hindsight, this relatively easy to execute, lower risk way for cyber criminals to monetize their efforts should have been an obvious choice.Still, we got a few things right: more automation of threat-detection processes, significant rise in attacks using compromised IoT devices, and the decline of trust in the face of rising cyber crime, to name a few.This year, we asked CSO staff and contributors to tell us the biggest events or trends they anticipate for the next 12 months. Here are their top 9.1. Ransomware tapers off, but still wreaks havocRansomware … [Read more...] about 9 cyber security predictions for 2019
Victoria's La Trobe University will be offering an Applied Cloud Technology bachelor's degree thanks to a partnership with cloud giant Amazon Web Services (AWS). The three-year degree, claimed as the first of its kind in Australia, has been developed by online learning provider Didasko, and will be offered as a full or part-time study option exclusively online. The learning content is based on materials adapted from AWS global programs, specifically AWS Educate and AWS Academy, which include resources from AWS Certified Cloud Practitioner and AWS Associate Solutions Architect certifications, as well as focusing on machine learning, big data analytics, and cybersecurity, a statement from AWS explained. "When we speak with our customers across public sector, startups, small-to-medium business, and large enterprises, there is one common theme -- they are all looking for talent skilled in applying AWS services to help them remediate technical debt and drive innovation," regional … [Read more...] about AWS and La Trobe offering applied cloud bachelor’s degree
Video: What could be the real-world consequences of digital attacks? The increasing sophistication and power of state-backed cyber attacks has led some experts to fear that, sooner or later, by design or by accident, one of these incidents will result in somebody getting killed. It might sound far-fetched, but a former head of the UK's intelligence agency has already warned about the physical threat posed by cyber attacks and the potential damage they could do. "Nation-states are getting more sophisticated and they're getting more brazen. They're getting less worried about being caught and being named -- and of course that's a feature of geopolitics," said Robert Hannigan, who served as director general of GCHQ from 2014 to 2017. "The problem is the risk of miscalculation is huge," he said, speaking at a security conference in London last month. "If you start to tamper with industrial control systems, if you start to tamper with health systems and networks, it feels like it's … [Read more...] about Cyberwar: What happens when a nation-state cyber attack kills?
Göran Marby has been named head of the body that manages internet addresses and develops rules and policies for the global online community. The cyber whizz, who is currently director-general of the Swedish Post and Telecom Authority, will take charge of the Internet Corporation for Assigned Names and Numbers (ICANN) in May. The organisation is currently a non-profit organisation with strong links to the US government, but it is transitioning to become a more impactful independent non-governmental body. Marby has described ICANN as evolving and vowed to keep it on course under what is known as "multistakeholder" governance, bringing in business and academia as well as government users of the internet. "The stakeholder model has proven its strength," he told AFP news on Monday. "It is important for me to continue that evolution. That is the way of going forward right now." The Swede will succeed Fadi Chehade as president and chief executive at ICANN. While the transition … [Read more...] about Can this cyber Swede save the internet?