Krebs on Security

JANUARY 31, 2020

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges.

Penetration Testing 302

Penetration Testing Education Accountability Mobile 302

Schneier on Security

JANUARY 31, 2020

From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC's favorites. Here are Motherboard's favorites. I have a related personal story. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or another. These sorts of security awareness posters were everywhere, but there was one I especially liked -- and I asked for a copy.

Security Awareness 289

Security Awareness 289

Adam Levin

JANUARY 27, 2020

A subsidiary of Avast antivirus is selling sensitive user browsing data to many companies, including Revlon, Microsoft, Google, Yelp, Condé Nast, and TripAdvisor. According to a recent joint investigation by Vice’s Motherboard and PCMag, highly granular and sensitive user data from users of Avast antivirus is being repackaged and sold to companies via a subsidiary called Jumpshot which promises buyers of the data information on “Every search.

Data collection 243

Data collection Antivirus Software Malware 243

Troy Hunt

JANUARY 31, 2020

Well that's the audio issues fixed - mostly. The Zoom H6 is an awesome recorder, I just can't quite work out the right adaptors for the mic. I've got a couple of Saramonic SR-XLM1 lav mics and the guy at the DJ store I bought the Zoom from was convinced we'd be fine with just with 3.5mm to 6.35mm jack converters which appears to be incorrect. Someone else hen said we'd need a TRRS to TRS adaptor so we grabbed a couple of Rode SC3s which also didn't solve the problem.

163

163

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JANUARY 28, 2020

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

Retail 299

Retail Banking Malware Accountability 299

Schneier on Security

JANUARY 29, 2020

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here's an article about Ralphs, a California supermarket chain owned by Kroger: the form proceeds to state that, as part of signing up for a rewards card, Ralphs "may collect" information such as "your level of education, type of employment, information about your health and information about insurance coverage y

Consumer Protection 306

Consumer Protection Data privacy Insurance Education 306

Tech Republic Security

JANUARY 29, 2020

Data privacy is an increasing concern for companies and individuals. Learn more about what's on the landscape for 2020.

Data privacy 211

Data privacy 211

Krebs on Security

JANUARY 29, 2020

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues w

Social Engineering 243

Social Engineering Telecommunications Data privacy Engineering 243

Schneier on Security

JANUARY 30, 2020

Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information , and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal. "What we were able to do is alarming because we can now find vulnerabilities in people's online presence very quickly," Metropolitansky said.

Hacking 297

Hacking Passwords 297

Thales Cloud Protection & Licensing

JANUARY 28, 2020

January 28, 2020 marks the 13th iteration of Data Privacy Day. An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Its aim is to foster dialogue around the importance of privacy.

Data privacy 150

Data privacy Unstructured Data Encryption Identity Theft 150

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 29, 2020

Is a Linux SSH GUI in your future? Jack Wallen believes once you try Snowflake, there's no going back.

215

215

Security Affairs

JANUARY 25, 2020

Cisco addressed a vulnerability in Cisco Webex that could be exploited by a remote, unauthenticated attacker to join a protected video conference meeting. Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting.

Mobile 131

Mobile Passwords Advertising Authentication 131

Schneier on Security

JANUARY 31, 2020

The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage. The Army banned the use of Chinese-made DJI drones three years ago following warnings from the Navy about "highly vulnerable" drone systems.

Encryption 296

Encryption Internet Internet Government 296

Threatpost

JANUARY 31, 2020

APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments.

Malware 108

Malware Government Hacking 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JANUARY 28, 2020

Here are 10 important tasks security administrators should perform to keep devices protected and secure.

211

211

Security Affairs

JANUARY 25, 2020

The Greek government announced that a DDoS cyber attack hit the official state websites of the prime minister, the national police and fire service and several important ministries. Yesterday the Greek government announced that the official websites of the prime minister, the national police and fire service and several important ministries were hit by a DDoS cyberattack that took them down.

DDOS 132

DDOS Government Cyber Attacks Advertising 132

Schneier on Security

JANUARY 27, 2020

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, they must verify their submissions and then submit a signature on the touch screen of their device.

Internet 285

Internet Internet Technology Authentication 285

Threatpost

JANUARY 28, 2020

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

Encryption 99

Encryption IoT DDOS Cyber Attacks 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JANUARY 31, 2020

Falling prey to a hacker because it neglected to properly patch its systems, the United Nations also failed to publicly disclose the hack. Here's how your organization can avoid the same mistakes.

Data breaches 155

Data breaches Hacking 155

Security Affairs

JANUARY 25, 2020

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. According to ZDNet, the hackers involved in the attack against the Mitsubishi Electric have exploited a zero-day vulnerability in Trend Micro OfficeScan to infect company servers. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data.

Antivirus 130

Antivirus Hacking Advertising Media 130

Schneier on Security

JANUARY 28, 2020

Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants , where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time.

Surveillance 229

Surveillance Government 229

Threatpost

JANUARY 30, 2020

The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.

Manufacturing 100

Manufacturing Firmware 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JANUARY 29, 2020

The latest version of the BitWarden Android client supports facial recognition. Find out how to enable it.

Password Management 201

Password Management Mobile Passwords 201

Security Affairs

JANUARY 31, 2020

Crooks sometimes damage their mobile devices to destroy evidence, NIST tests forensic methods for getting data from damaged mobile phones. Criminals sometimes damage their mobile phones in an attempt to destroy evidence. They might smash, shoot, submerge or cook their phones, but forensics experts can often retrieve the evidence anyway. Now, researchers at the National Institute of Standards and Technology (NIST) have tested how well these forensic methods work.

Mobile 124

Mobile Manufacturing Media Advertising 124

WIRED Threat Level

JANUARY 30, 2020

A former telecoms entrepreneur, the Virginia senator says that saving the industry (and democracy) might mean blowing up Big Tech as we know it.

99

99

Elie

JANUARY 29, 2020

This talk provides a data driven analysis of how accounts get compromised. Then it provides an in-depth overview of the defense we found effective at Google to protect users from account compromise. In particular we will cover how to mitigate password reuse, build a risk aware login system, and how to setup an Advanced Protection Program to protect users at risk of targeted attacks.

Accountability 83

Accountability Passwords Risk 83

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JANUARY 30, 2020

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks.

Cybersecurity 149

Cybersecurity Risk Mobile 149

Security Affairs

JANUARY 30, 2020

Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin. A high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417 , in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin.

Hacking 119

Hacking Advertising Accountability Information Security 119

Threatpost

JANUARY 31, 2020

Microsoft OS flaws, out-of-bounds reads, ICS gear and a record number of high-severity bugs marked 2019 for the ZDI program.

IoT 104

IoT Mobile Hacking 104

Dark Reading

JANUARY 30, 2020

A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.

Data breaches 100

Data breaches 100

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk