Krebs on Security
NOVEMBER 7, 2018
A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.
Schneier on Security
NOVEMBER 21, 2018
Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
NOVEMBER 7, 2018
It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed. The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing
Adam Levin
NOVEMBER 5, 2018
The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017. That attack was attributed to a Russian hacking group alternately called Fancy Bear and APT28. News of this new hack was made public after FIFA documents were published on a website called Football Leaks , a whistleblower website dedicated to the soc
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
NOVEMBER 13, 2018
Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria. At the time it is not clear if the incident was the result of an error or a cyber attack on the BGP protocol.
WIRED Threat Level
NOVEMBER 16, 2018
When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
NOVEMBER 15, 2018
A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signature instead of chip-and-PIN, obviating the most critical security benefit of the chip. And two, US merchants still accept magnetic stripe cards, meaning that thieves can steal credentials from a chip card and create a working cloned mag stripe car
Dark Reading
NOVEMBER 15, 2018
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
Adam Levin
NOVEMBER 13, 2018
The American business and financial services company Moody’s will start factoring risk of getting hacked into their credit ratings for companies. The move is seen as part of a wider initiative to gauge the risk of cyberattacks and data breaches to companies and their investors. “We’ve been in the risk management business for a very long time. This is to enhance our thinking about credit as cyber becomes more and more important,” said Derek Valda, head of Moody’s Investors Services Cyber Ri
Security Affairs
NOVEMBER 8, 2018
Security researchers revealed in a recent paper that over the past years, China Telecom used BGP hijacking to misdirect Internet traffic through China. Security researchers Chris C. Demchak and Yuval Shavitt revealed in a recent paper that over the past years, China Telecom has been misdirecting Internet traffic through China. China Telecom was a brand of the state-owned China Telecommunications Corporation, but after marketization of the enterprise spin off the brand and operating companies as
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
NOVEMBER 17, 2018
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
Krebs on Security
NOVEMBER 23, 2018
‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online. Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple r
Schneier on Security
NOVEMBER 1, 2018
This is not surprising : This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before -- dispersed, disorganized, and susceptible to manipulation.
Dark Reading
NOVEMBER 30, 2018
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Adam Levin
NOVEMBER 23, 2018
Krebs on Security reported a security weakness that affected millions of USPS customers. The vulnerability in question allowed anyone with an account on USPS.com to view granular information about the site’s more than 60 million users. In what has become an all too familiar scenario, Krebs on Security was contacted by a researcher who discovered the problem a year earlier.
Security Affairs
NOVEMBER 10, 2018
Nginx developers released security updates to address several denial-of-service (DoS) vulnerabilities affecting the nginx web server. nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, it is used by 25.28% busiest sites in October 2018. Nginx development team released versions 1.15.6 and 1.14.1 to address two HTTP/2 implementation vulnerabilities that can cause a DoS condition in Nginx versions 1.9.5 through 1.15.5.
WIRED Threat Level
NOVEMBER 21, 2018
Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.
Krebs on Security
NOVEMBER 21, 2018
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Schneier on Security
NOVEMBER 9, 2018
This is a new thing : The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape. This feels like an example of the US's new strategy of actively harassing foreign government actors.
Dark Reading
NOVEMBER 14, 2018
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
Threatpost
NOVEMBER 1, 2018
Weighing the impact of GDPR and how the historic legislation has shaped privacy protection measures in the U.S., so far.
Security Affairs
NOVEMBER 10, 2018
North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs. Security experts from Symantec have discovered a malware, tracked as FastCash Trojan , that was used by the Lazarus APT Group , in a string of attacks against ATMs. The ATP group has been using this malware at least since 2016 to siphon millions of dollars from ATMs of small and midsize banks in Asia and Africa.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
NOVEMBER 4, 2018
If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser.
Krebs on Security
NOVEMBER 2, 2018
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones.
Schneier on Security
NOVEMBER 8, 2018
This is really just to point out that computer security is really hard : Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode. [.]. A bad actor would need physical access to the phone that they are targeting and has a few options for viewing the victim's contact information.
Dark Reading
NOVEMBER 29, 2018
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Threatpost
NOVEMBER 12, 2018
A full 60 million U.S. cards were compromised in the past 12 months. While 93 percent of those were EMV chip-enabled, merchants continued to use mag stripes.
Security Affairs
NOVEMBER 27, 2018
Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0.
WIRED Threat Level
NOVEMBER 27, 2018
Recent developments in the special counsel investigation show indicate that things are about to heat up.
Krebs on Security
NOVEMBER 1, 2018
A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
278 
Let's personalize your content