Krebs on Security
APRIL 17, 2019
I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.
Schneier on Security
APRIL 15, 2019
Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony networks globally, has gone to sea. Under its Huawei Marine Networks component, it is constructing or improving nearly 100 submarine cables around the world.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
APRIL 18, 2019
Facebook announced that it “unintentionally” harvested the email contacts of 1.5 million of its users without their consent. The social media company automatically uploaded the information from users who had registered with the site after 2016 and provided their email addresses and passwords. Upon submitting a form to “confirm” their accounts, registrants saw a screen showing that their email contact lists were harvested without any means of providing consent, opting out, or interrupting the pro
Troy Hunt
APRIL 18, 2019
It's another episode with Scott Helme this week as he's back in town for NDC Security on the Gold Coast (still a got a week to get those tickets, folks!) The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root cert which is right up his alley. There's also the whole TicTokTrack kids watch situation which aligns very well with many of both our prior experience.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
APRIL 15, 2019
Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.
Schneier on Security
APRIL 18, 2019
DNS hijacking isn't new, but this seems to be an attack of uprecidented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like.co.uk or.ru that end a foreign web address -- putting all the traffic of every domain in multiple co
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Levin
APRIL 15, 2019
A technical glitch took down a wireless network used by New York City’s municipal government, raising serious questions about security and reliability of operational technology used by the city. The New York City Wireless Network, or NYCWiN, was initially deployed in 2008 at a cost of $500 million. It costs the city an additional $37 million per year to maintain.
Krebs on Security
APRIL 14, 2019
Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site that helps him manage more than
Schneier on Security
APRIL 15, 2019
Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly handshake of WPA3, which in the Wi-Fi standard is better known as the Simultaneous Authentication of Equals (SAE) handshake.
The Last Watchdog
APRIL 17, 2019
It’s edifying what you can find shopping in the nether reaches of the dark web. Related: Why government encryption backdoors should never be normalized. Academic researchers from Georgia State University in the U.S. and the University of Surrey in the U.K. recently teamed up and found evidence of an emerging market for stolen and spoofed machine identities.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
APRIL 19, 2019
Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig , APT34 , and HelixKitten. OilRig is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical
Krebs on Security
APRIL 18, 2019
The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro , India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant , new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.
Schneier on Security
APRIL 17, 2019
Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wrong. In Click Here to Kill Everybody , I outline a strawman proposal; I call it the "National Cyber Office" and model it on the Office of the Director of National Intelligence.
The Last Watchdog
APRIL 16, 2019
A recent poll of some 300 senior executives from U.S.-based life sciences and high-tech manufacturing companies sheds light on how digital transformation – and the rising role of third-party partners – have combined to create unprecedented operational challenges in the brave new world of digital commerce. Related: AI one-upsmanship prevails in antivirus field.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
APRIL 18, 2019
Iranian intelligence seems to be getting its own taste of a Shadow Brokers-style leak of secrets.
Krebs on Security
APRIL 19, 2019
Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry worm.
Schneier on Security
APRIL 19, 2019
The source code of a set of Iranian cyberespionage tools was leaked online.
The Last Watchdog
APRIL 18, 2019
Imposing just the right touch of policies and procedures towards mitigating cyber risks is a core challenge facing any company caught up in digital transformation. Related: Data breaches fuel fledgling cyber insurance market. Enterprises, especially, tend to be methodical and plodding. Digital transformation is all about high-velocity innovation and on-the-fly change.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
APRIL 19, 2019
Other problems for Facebook that admitted to have stored m illions of Instagram users’ passwords in plaintext. Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission. In March, Facebook admitted to have stored the passwords of hundreds of millions of users in plain text, including “tens of thousands” passwords belong
WIRED Threat Level
APRIL 15, 2019
Hackers spent months with full access to Outlook, Hotmail, and MSN email accounts—and got in through Microsoft's customer support platform.
Schneier on Security
APRIL 16, 2019
FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good -- but older -- article on Triton. We don't know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations. Fireeye report. BoingBoing post.
Threatpost
APRIL 18, 2019
The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
APRIL 16, 2019
Ecuador suffered 40 million cyber attacks on websites of public institutions since the arrest of Wikileaks founder Julian Assange. Last week, WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London. after Ecuador withdrew asylum after seven years. In response to the arrest acktivist communities launched several attacks against the Ecuador government.
Dark Reading
APRIL 17, 2019
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
WIRED Threat Level
APRIL 17, 2019
A mysterious new group called Sea Turtle targeted 40 organizations in a DNS hijacking spree.
Threatpost
APRIL 18, 2019
The incident was the work of malicious cyberattackers.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
APRIL 15, 2019
Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature. The DDoS attack peaked at a massive 7,500 requests per second and delivered more than 70 million requests over a four-hour period from around 4,000 user IPs. “We recently investigated a DDoS attack which was generated
Dark Reading
APRIL 15, 2019
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
eSecurity Planet
APRIL 17, 2019
A vulnerability assessment is a core requirement for IT security. We outline the benefits and steps for keeping your network and data safe.
Threatpost
APRIL 17, 2019
The ubiquitous nature of the flaw opens the door for rapidly spreading, crippling cyberattacks.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
Let's personalize your content