Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

Mobile 216

Mobile Cryptocurrency Accountability Authentication 216

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

Internet 152

Internet Internet Encryption Authentication 152

Schneier on Security

AUGUST 15, 2018

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everythin

Hacking 132

Hacking Cryptocurrency Ransomware Malware 132

Adam Levin

AUGUST 13, 2018

Security researchers at the recent Black Hat and Def Con security conferences in Las Vegas have placed malware on pacemakers as a proof-of-concept hack to highlight the potential for security vulnerabilities in IoT-enabled medical devices. Another separate demonstration revealed that patients’ vital signs could be falsified in real time. The malware attack on IoT medical devices made it possible for a hacker to deliver shocks to a target’s heart via an unencrypted connection, and as such represe

IoT 124

IoT Encryption Healthcare Manufacturing 124

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

AUGUST 12, 2018

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine

Banking 210

Banking Accountability Retail Phishing 210

Troy Hunt

AUGUST 17, 2018

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.

112

112

Adam Shostack

AUGUST 13, 2018

The slides from my Blackhat talk, “ Threat Modeling in 2018: Attacks, Impacts and Other Updates ” are now available either as a PDF or online viewer.

113

113

Krebs on Security

AUGUST 17, 2018

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive : The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

Banking 182

Banking Accountability Data breaches Malware 182

Adam Levin

AUGUST 15, 2018

It’s long been known that organizations need to exercise extreme caution when jettisoning old office equipment, especially if it has built-in memory—and that it’s even more crucial to bear in mind that hackers can utilize digital or carbon-based memory. An Israeli-based company recently found another way older communication devices—and new versions of older technology—provide hackers entree into office networks—in this case an all-in-one, network-connected device that faxes, scans and copies.

CISO 106

CISO Healthcare Banking Malware 106

Schneier on Security

AUGUST 14, 2018

Google is tracking you, even if you turn off tracking : Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

Surveillance 113

Surveillance Internet Internet Accountability 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Shostack

AUGUST 13, 2018

I remember an interview I read with Ahmet Ertegün, the founder of Atlantic Records. He was talking about Aretha, and he said that one of his producers came in, saying that she wasn’t measuring up. He asked the producer what was up, and was told that they were trying to get her to sing like the other successful soul singers, and it wasn’t working out.

100

100

Krebs on Security

AUGUST 15, 2018

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “ zero-day ” flaws that attackers were already exploiting before Microsoft issued patches to fix them.

Backups 111

Backups Software Internet Internet 111

Adam Levin

AUGUST 17, 2018

A 16-year old private school student in Australia has pleaded guilty to hacking Apple’s network multiple times, downloading over 90GB of secure data from Apple for an entire year. His excuse? He’s a fan of Apple. The Melbourne teenager admitted to hacking Apple’s network multiple times from his suburban home using tools stored in a folder named as “Hacky hack hack”, local media The Age reported.

Hacking 100

Hacking VPN Accountability Mobile 100

Schneier on Security

AUGUST 13, 2018

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous.

Hacking 107

Hacking 107

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Thales Cloud Protection & Licensing

AUGUST 17, 2018

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories. A quick and efficient patch also needs a quick and efficient certification. To maintain security over a product’s lifetime, it is a best practice for companies to implement a vulnerability management process.

Manufacturing 86

Manufacturing Software Risk 86

WIRED Threat Level

AUGUST 13, 2018

A new report shows that Google still tracks your location even if you thought you opted out.

108

108

Dark Reading

AUGUST 17, 2018

Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

Malware 76

Malware 76

Threatpost

AUGUST 14, 2018

The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.

VPN 58

VPN Encryption Internet Internet 58

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Thales Cloud Protection & Licensing

AUGUST 16, 2018

On May 16, the Department of Homeland Security (DHS) released a new cybersecurity strategy to keep pace with the evolving cyber risk landscape. As we inch closer to the mid-term elections in November, I wanted to share what I hope (expect) to see as part of this strategy going forward. A wide scope of topics – With any cybersecurity strategy, it is important to ensure all stakeholders, pieces and potential battlefronts are included in the scope and that it is understandable to everyone.

Cybersecurity 54

Cybersecurity Cyber Risk Manufacturing IoT 54

WIRED Threat Level

AUGUST 16, 2018

A band of activist-entrepreneurs is building a sensor network to warn when and where air strikes will hit—a constant threat under Bashar al-Assad's regime.

76

76

Security Affairs

AUGUST 11, 2018

UpGuard discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems. Experts at cybersecurity firm UpGuard have reported that another big company was victim of a data leak, it is the domain name registrar and web hosting company GoDaddy. The popular UpGuard’s risk analyst Chris Vickery discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems. R

Advertising 56

Advertising Cyber Risk Risk Accountability 56

Threatpost

AUGUST 14, 2018

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.

Authentication 67

Authentication Phishing 67

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Privacy and Cybersecurity Law

AUGUST 15, 2018

The ICO have been discussing data breach reporting under GDPR in a new webinar. Here are the key points: GDPR […].

Data breaches 52

Data breaches 52

WIRED Threat Level

AUGUST 13, 2018

A new study found that just 42,000 of those hacked home devices could be enough to leave a country of 38 million people in the dark.

Hacking 74

Hacking 74

Security Affairs

AUGUST 16, 2018

Cosmos Bank, one of the largest Indian cooperative banks, confirmed it was the victim of a cyberheist, over the weekend hackers stole over 940 million rupees ($13.5 million) in three days. Hackers stole over 940 million rupees ($13.5 million) in three days from the Indian cooperative Cosmos bank. The Cosmos bank publicly disclosed the attacks in a press conference on Tuesday, according to the financial institution, the hackers stole the funds in three attacks using a malware. “Hackers mana

Banking 54

Banking Malware Advertising Cybercrime 54

Threatpost

AUGUST 11, 2018

LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses’ […].

Hacking 55

Hacking 55

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Privacy and Cybersecurity Law

AUGUST 15, 2018

The ICO have been discussing data breach reporting under GDPR in a new webinar. Here are the key points: GDPR introduces mandatory breach reporting. This applies to accidental breaches and internal breaches – not just those that are deliberate or are about losing personal data externally. Don’t forget about integrity and availability breaches (e.g. damage to records due to fire or flood as well as ransomware).

Data breaches 45

Data breaches Risk Education Government 45

WIRED Threat Level

AUGUST 11, 2018

Analysis of five body camera models marketed to police departments details vulnerabilities could let a hacker manipulate footage.

Hacking 75

Hacking Marketing 75

Security Affairs

AUGUST 17, 2018

According to Australian media, a teen hacker broke into Apple mainframe and downloaded 90GB of secure files. He dreams to work for the Tech Giant. I believe it is time for Apple to hire an Australian 16-year old schoolboy who hacked its computer systems. Yes, it is not a joke, according to Australian media the teen hacker broke into Apple mainframe and downloaded 90GB of secure files.

Hacking 53

Hacking Media Mobile Advertising 53

Threatpost

AUGUST 15, 2018

In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid.

IoT 61

IoT Internet Internet Hacking 61

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk