Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even af

Phishing 228

Phishing Passwords Accountability Authentication 228

Adam Levin

JANUARY 9, 2020

Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. . The attack was first detected the night of December 31. Soon after, the company took its systems offline. A week later, Travelex is processing transactions with pen and paper at its 1,200 branches located in more than 70 countries. . “To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.

Ransomware 157

Ransomware Encryption Insurance VPN 157

Schneier on Security

JANUARY 8, 2020

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7, and chosen-prefix collisions with a complexity of263.4rather than267.1.

Encryption 205

Encryption Software 205

Tech Republic Security

JANUARY 10, 2020

Read insights from industry experts on how artificial intelligence and machine learning will help prevent cybersecurity breaches.

Artificial Intelligence 195

Artificial Intelligence Cybersecurity 195

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JANUARY 10, 2020

Federal investigators on Friday arrested a Virginia man accused of being part of a neo-Nazi group that targeted hundreds of people in “swatting” attacks, wherein fake bomb threats, hostage situations and other violent scenarios were phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

Computers and Electronics 179

Computers and Electronics Internet Internet VPN 179

Troy Hunt

JANUARY 10, 2020

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing. Instead, this week's update is focused primarily on a completely different epic fail, namely Surebet247's handling of a breach impacting their customers.

Passwords 139

Passwords 139

Adam Shostack

JANUARY 9, 2020

Today’s Threat Modeling Thursday is a podcast! I’m on The Humans of InfoSec Podcast, with Caroline Wong: The Human Element of Threat Modeling.

InfoSec 130

InfoSec 130

Tech Republic Security

JANUARY 9, 2020

At CES 2020, Patriot One Technologies explained its Patscan platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

Technology 146

Technology 146

Daniel Miessler

JANUARY 10, 2020

Being in security I think a lot about whether things are tools or weapons. The distinction applies to guns. It applies to encryption. It applies to offensive security tools. And it applies to technologies like machine learning and the use of AI-monitored cameras throughout society. The link I’m highlighting here is: Visibility plus Understanding --> Tools and Weapons Visibility means you have the opportunity to observe a given object or behavior, like a message sent between people, or peop

Internet 100

Internet Internet Engineering Encryption 100

Schneier on Security

JANUARY 6, 2020

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

162

162

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Security Ledger

JANUARY 9, 2020

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like? Yaser Masoudnia, the Senior Director Product Management, Identity Access Management, at LogMeIn* takes us there. The post Eliminate. Read the whole entry. » Related Stories Explained: Two-Factor vs.

Passwords 98

Passwords Data breaches Cyber Risk Authentication 98

Tech Republic Security

JANUARY 6, 2020

CES promises to be more exciting than ever this year. Key topics will likely include 5G, AI, blockchain, quantum computing, AR, and VR.

155

155

WIRED Threat Level

JANUARY 10, 2020

A bad code update allowed anyone to easily reveal which accounts posted to Facebook Pages—including celebrities and politicians—for several hours. .

Accountability 98

Accountability 98

Schneier on Security

JANUARY 7, 2020

BusKill is designed to wipe your laptop (Linux only) if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [ 1 , , 3 ] that executes a series of preset operations.

Authentication 160

Authentication 160

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JANUARY 9, 2020

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.

Malware 100

Malware Wireless Government 100

Tech Republic Security

JANUARY 10, 2020

At CES 2020, Patriot One Technologies explained its PATSCAN platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

Technology 132

Technology 132

WIRED Threat Level

JANUARY 8, 2020

The US has operated an extensive network of missile warning systems for over half a century, but next-generation missiles will put it to the test.

98

98

Daniel Miessler

JANUARY 7, 2020

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Thales Cloud Protection & Licensing

JANUARY 9, 2020

Microservices are changing how organizations are doing business. And nowhere was this more clear than at KubeCon in San Diego last year. Microservices 1 is a powerful technology that is the kernel for modern cloud architecture, and it’s going to drive how people build, manage and deploy secure apps. It’s changing the game for a lot of organizations, especially users and platform providers.

Architecture 105

Architecture Technology Marketing Education 105

Tech Republic Security

JANUARY 10, 2020

Attackers are creating phishing sites from Sway, an effective approach as links for the domain are typically trusted, says security firm Avanan.

Phishing 141

Phishing 141

WIRED Threat Level

JANUARY 4, 2020

Router security has improved a bunch in recent years, but there are still steps you can take to lock yours down even better.

98

98

Security Affairs

JANUARY 8, 2020

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK. “ ATT&CK for ICS is a knowledge base useful for describing the actions an adversary may take while operatin

Advertising 78

Advertising Cyber Risk Cybersecurity Engineering 78

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JANUARY 9, 2020

It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.

70

70

Tech Republic Security

JANUARY 9, 2020

With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.

Accountability 118

Accountability Passwords 118

WIRED Threat Level

JANUARY 10, 2020

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Nearly a year later, Messenger's not even close.

Encryption 87

Encryption 87

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. Maddie Stone published technical details and a proof-of-concept exploit for the high-severity security vulnerability, seven days after she reported it to the colleagues of the Android security team.

Surveillance 78

Surveillance Advertising Marketing Encryption 78

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

JANUARY 7, 2020

The top-three carmakers sell only connected vehicles in the United States - and other manufacturers are catching up - creating a massive opportunity for attacks, which black-hat hackers are not overlooking.

Hacking 89

Hacking Manufacturing 89

Tech Republic Security

JANUARY 10, 2020

The new features come from a partnership with security firm Avira, but they won't be free: They're part of a new package called HomeCare Pro.

119

119

WIRED Threat Level

JANUARY 9, 2020

A state-sponsored group called Magnallium has been probing American electric utilities for the past year.

Passwords 98

Passwords 98

Security Affairs

JANUARY 9, 2020

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online. A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server having a Chinese IP address. The huge trove of data includes names, home addresses, phone numbers, and ages.

Advertising 69

Advertising Government Data breaches 69

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk