Schneier on Security
APRIL 22, 2019
This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical systems in general -- in here.
Krebs on Security
APRIL 26, 2019
A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
APRIL 9, 2019
Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans. The malware, called CT-GAN, served as a proof of concept to show the potential for hacking medical devices with fake medical news that was convincing enough to fool medical technicians. In a video demonstrating the exploit, researchers at Ben Gurion University described how such an attack might be deployed.
The Last Watchdog
APRIL 29, 2019
In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything. Related: Why Active Directory is so heavily targeted For companies running Microsoft Windows, one such touch-all systems is Active Directory, or AD, the software that organizes and provides access to information across the breadth of Windows systems.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
APRIL 21, 2019
Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the users.
WIRED Threat Level
APRIL 30, 2019
Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
APRIL 15, 2019
Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.
Adam Levin
APRIL 22, 2019
The European Union’s parliament voted to create a biometric database of over 350 million people. The Common Identity Repository, or CIR, will consolidate the data from the EU’s border, migration, and law enforcement agencies into one system to be quickly accessible and searchable by any or all of them. Information will include names, birthdates, passport numbers as well as fingerprints and face scans.
The Last Watchdog
APRIL 5, 2019
The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation. Related: CASBs needed now, more than ever. Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.
Security Affairs
APRIL 15, 2019
Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature. The DDoS attack peaked at a massive 7,500 requests per second and delivered more than 70 million requests over a four-hour period from around 4,000 user IPs. “We recently investigated a DDoS attack which was generated
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
APRIL 12, 2019
These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
Schneier on Security
APRIL 23, 2019
From a G7 meeting of interior ministers in Paris this month, an " outcome document ": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the r
Krebs on Security
APRIL 14, 2019
Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site that helps him manage more than
Adam Levin
APRIL 18, 2019
Facebook announced that it “unintentionally” harvested the email contacts of 1.5 million of its users without their consent. The social media company automatically uploaded the information from users who had registered with the site after 2016 and provided their email addresses and passwords. Upon submitting a form to “confirm” their accounts, registrants saw a screen showing that their email contact lists were harvested without any means of providing consent, opting out, or interrupting the pro
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
APRIL 10, 2019
Last week, we welcomed Gemalto as an official part of the Thales Group, marking the start of a bold new chapter in our company’s history. Together, Thales and Gemalto will have the ability to cover the digital needs of our customers and partners, in civilian and defense businesses, across all Thales market segments, with a unique portfolio of advanced technologies in the fields of digital security and the Internet of Things.
Security Affairs
APRIL 6, 2019
Security experts at Bad Packets uncovered a DNS hijacking campaign that is targeting the users of popular online services, including Gmail, Netflix, and PayPal. Experts at Bad Packets uncovered a DNS hijacking campaign that has been ongoing for the past three months, attackers are targeting the users of popular online services, including Gmail, Netflix, and PayPal.
Dark Reading
APRIL 3, 2019
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent - even in the face of a skills shortage.
Schneier on Security
APRIL 18, 2019
DNS hijacking isn't new, but this seems to be an attack of uprecidented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like.co.uk or.ru that end a foreign web address -- putting all the traffic of every domain in multiple co
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Krebs on Security
APRIL 11, 2019
Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. As first disclosed by KrebsOnSecurity last summer , Google maintains it has not had any of its 85,000+ employees successfully phished on their work-related acco
Spinone
APRIL 23, 2019
Accidental and intentional file deletion is extremely common among corporate employees. You may have Google Workspace (formerly G Suite) users who have deleted a file or a number of files only to realise it was not the file or files they assumed. Another common scenario is when you have your coworkers who perform a Save operation instead of a Save As operation by overwriting valuable data.
WIRED Threat Level
APRIL 25, 2019
In a small Minnesota town, an IT technician found his way to the darkest corner of the web. Then he made a deadly plan.
Security Affairs
APRIL 2, 2019
Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites. Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads. Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Dark Reading
APRIL 23, 2019
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Schneier on Security
APRIL 15, 2019
Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly handshake of WPA3, which in the Wi-Fi standard is better known as the Simultaneous Authentication of Equals (SAE) handshake.
Krebs on Security
APRIL 4, 2019
An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations.
eSecurity Planet
APRIL 17, 2019
A vulnerability assessment is a core requirement for IT security. We outline the benefits and steps for keeping your network and data safe.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
WIRED Threat Level
APRIL 3, 2019
Galperin has already convinced Kaspersky to flag domestic abuse spyware as malware. She expects more to follow.
Security Affairs
APRIL 4, 2019
The German chemicals giant Bayer confirmed that of a cyber attack, it confirmed the incident but clarified that no data has been stolen. The chemicals giant Bayer is the last victims of a cyber attack, it confirmed the incident, but pointed out the hackers haven’t stolen any data. According to the company, at the beginning of 2018, it detected an intrusion that linked to Winnti threat actors, a group of Chinese APTs belonging to the Beijing intelligence apparatus, Groups under the Winnti u
Dark Reading
APRIL 2, 2019
New data from ISC(2) shows younger women are making more money than in previous generations in the field - but overall gender pay disparity persists.
Schneier on Security
APRIL 4, 2019
Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road. Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research results on Black Hat USA 2017 and 2018 in a row. Based on the ROOT privilege of the APE (Tesla Autopilot ECU, software version 18.6.1), we did some further interesting research work on this module.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
268 
Let's personalize your content