Krebs on Security

MAY 29, 2019

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this partic

Phishing 238

Phishing Scams Education Internet 238

Schneier on Security

MAY 30, 2019

The term "fake news" has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it's hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise reasonable people believe lies. The trends fostering fake news are more general, though, and we need to start thinking about how it could affect different areas of our lives.

Internet 221

Internet Internet 221

Troy Hunt

MAY 25, 2019

I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been a hell of a lot going on, particularly around HIBP and I'll be talking a lot more about that in the weeks to come.

Password Management 168

Password Management Passwords Advertising 168

Adam Shostack

MAY 29, 2019

There’s a fascinating paper, “ Tuning Out Security Warnings: A Longitudinal Examination Of Habituation Through Fmri, Eye Tracking, And Field Experiments.” (It came out about a year ago.). The researchers examined what happens in people’s brains when they look at warnings, and they found that: Research in the fields of information systems and human-computer interaction has shown that habituation—decreased response to repeated stimulation—is a serious threat to the effectiv

Mobile 113

Mobile 113

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MAY 31, 2019

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.

Financial Services 210

Financial Services Insurance Banking Authentication 210

Schneier on Security

MAY 31, 2019

The International Committee of the Red Cross has just published a report: " The Potential Human Cost of Cyber-Operations." It's the result of an "ICRC Expert Meeting" from last year, but was published this week. Here's a shorter blog post if you don't want to read the whole thing. And [link] by one of the authors.

Malware 217

Malware 217

Security Affairs

MAY 29, 2019

The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor. The Google Project Zero researcher Tavis Ormandy announced the discovery of a code execution flaw in Microsoft’s Notepad text editor. Am I the first person to pop a shell in notepad? … believe it or not, It's a real bug!

Advertising 111

Advertising Hacking Cybersecurity Information Security 111

Krebs on Security

MAY 30, 2019

Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Federal Communications Commission (FCC), executed a search warrant in tandem with the Royal Canadian Mounted Police (RCMP) at the home of a Toronto softwa

Computers and Electronics 194

Computers and Electronics Malware Software Telecommunications 194

Schneier on Security

MAY 28, 2019

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you're a small business.

Insurance 217

Insurance Small Business Accountability 217

Thales Cloud Protection & Licensing

MAY 30, 2019

As I noted in my last blog post , containers, which are now pervasive in enterprises, are ephemeral, and microservices frameworks like Kubernetes treat them as such. Data security is a complex subject, and, unfortunately, microservices only add to the complexity. I frequently try to untangle the threads of knotty issues by asking questions. So, in this and my next few blogs, I will share some questions you might want to ask as you go about securing your data in a microservices environment.

Authentication 97

Authentication Software Network Security 97

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MAY 31, 2019

The Russian army seems to be in the process of replacing the Windows system with the Debian-based Linux distribution Astra Linux. Cyber security seems to subvert the globalization concept, governments are working to develop their own technology fearing possible espionage and sabotage activities of foreign states. The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux.

Government 111

Government Advertising Data privacy Manufacturing 111

Dark Reading

MAY 28, 2019

Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.

Authentication 102

Authentication Passwords 102

Schneier on Security

MAY 29, 2019

Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching.

CISO 164

CISO Media 164

Threatpost

MAY 31, 2019

A lack of security training for interns, and their obsession with sharing content on social media, could lead to a perfect storm for hackers looking to collect social engineering data.

Media 87

Media Social Engineering Engineering Phishing 87

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

MAY 30, 2019

Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt. Recent research by the cybersecurity experts at VPNpro shows that the popular mobile VPN developer Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt.

VPN 107

VPN Small Business Mobile Advertising 107

Dark Reading

MAY 29, 2019

Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.

Ransomware 90

Ransomware Risk 90

The Last Watchdog

MAY 28, 2019

159

159

WIRED Threat Level

MAY 27, 2019

Google knows more about you than you might think. Here's how to keep it from knowing your location, web browsing, and more.

98

98

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

MAY 31, 2019

Security experts at Intezer have discovered a new Linux malware tracked as ‘HiddenWasp’ that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. . “Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity.

Malware 101

Malware Advertising DDOS Architecture 101

Dark Reading

MAY 30, 2019

Baltimore has so far refused to comply with a ransom demand. It's being forced to make a decision all such victims face: to act morally or practically.

Government 89

Government Ransomware 89

Threatpost

MAY 30, 2019

One of the most popular U.S. drive-through restaurants has been hit with a data breach due to POS malware.

Malware 101

Malware Data breaches 101

WIRED Threat Level

MAY 26, 2019

We've picked our favorite password managers for PC, Mac, Android, iPhone, and web browsers.

Password Management 109

Password Management Passwords 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MAY 25, 2019

0patch, released a security patch to address the BlueKeep vulnerability, that can be deployed by administrators to protect always-on servers. Microsoft Patch Tuesday updates for May 2019 address nearly 80 vulnerabilities, including an RDS vulnerability dubbed BlueKeep that can be exploited to carry out WannaCry -like attack. The issue is a remote code execution flaw in Remote Desktop Services (RDS) that it can be exploited by an unauthenticated attacker by connecting to the targeted system via

Advertising 94

Advertising Malware Cyber Attacks Authentication 94

Dark Reading

MAY 28, 2019

Fighting cybercrime requires visibility into much more than just the Dark Web. Here's where to look and a glimpse of what you'll find.

Cybercrime 95

Cybercrime 95

Threatpost

MAY 31, 2019

As 5G deployments continue to increase, what are the top security risks for enterprises? We discuss with an expert during GSMA's Mobile360 conference.

Risk 83

Risk IoT Hacking 83

WIRED Threat Level

MAY 31, 2019

At this rate, it will take years to fix a critical vulnerability that remains in over 900,000 Windows machines. A worm will arrive much sooner.

Hacking 77

Hacking 77

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

MAY 30, 2019

The WordPress plugin Convert Plus is affected by a critical flaw that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. The WordPress plugin Convert Plus is affected by a critical vulnerability that could be exploited by an unauthenticated attacker to create accounts with administrator privileges. A vulnerability ties with the lack of filtering when processing a new user subscription via a form implemented by the Convert Plus plugin that already

Accountability 92

Accountability Firewall Passwords Advertising 92

Dark Reading

MAY 28, 2019

Nearly a decade in, the famous analogy has underpinned a sea change in enterprise IT, but still falls short of the security mark. More recent developments can help.

84

84

Threatpost

MAY 28, 2019

Researchers have discovered one million devices that are vulnerable to a "wormable" Microsoft flaw, which could open the door to a WannaCry-like cyberattack.

Hacking 80

Hacking 80

WIRED Threat Level

MAY 25, 2019

You don't have to get your hands dirty to do the most important spring cleaning of the year.

82

82

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk