A whitehat has discovered what he claims is a zero-day privilege vulnerability in the world’s largest PC video game distributor that affects over 100 million users. Security researcher “Felix” identified the privilege escalation vulnerability within the platform Steam, an online PC video game distribution platform owned by the Valve Corporation. A privilege escalation vulnerability is a flaw in a system that allows a hacker to execute a command with administrative level privileges.
Election security continues to be a top concern – from social media misinformation campaigns, to vulnerabilities in the actual voting machines themselves. At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that elections are facing. On one hand, election security is now top of mind for the information operations space in Facebook, Twitter and other social media companies looking to battle misinformation campaigns, cyber-influence operations and other, newer threats like deep fakes. On the other hand, voting machines themselves and the vendors who make them are becoming more vigilant about vulnerability issues in their platforms.
First there came DevOps, in which processes between software development and IT teams were automated to speed up the building, testing, and release of software. Then with bad actors using automated vulnerability-finding tools, eagle-eyed regulators closely watching for data breaches, and code breaking regularly, DevSecOps was next.
Remember after last month’s relatively serene cyber security scene we said this wasn’t the beginning of the GDPRevolution? July was bound to be a bounce-back month, but we couldn’t have expected the frighteningly high total of 2,359,114,047 breached records. Granted, a big chunk of those come from a single incident – a mammoth breach involving a Chinese smart tech supplier – but as unimaginative football commentators say, ‘they all count’.
The scientists’ rogue engineering workstation posed as a so-called TIA (Totally Integrated Automation Portal) engineering station that interfaced with the Simatic S7-1500 PLC controlling the industrial system.