Krebs on Security

FEBRUARY 8, 2019

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

Phishing 278

Phishing Insurance Scams Banking 278

Schneier on Security

FEBRUARY 6, 2019

In Gmail addresses, the dots don't matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" -- and so on. (Note: I own none of those addresses, if they are actually valid.). This fact can be used to commit fraud : Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud.

Accountability 246

Accountability Scams 246

Troy Hunt

FEBRUARY 8, 2019

I'm back home! It was an amazing trip in many ways, not least of which was the time it gave both Scott and myself to reflect on workload and managing lives which can be a bit of a never-ending series of commitments. To that effect, I've been backing off Twitter a bit and as I say in this update, I very quickly remembered why after a couple of short engagements yesterday.

Passwords 174

Passwords Personal Security 174

Adam Levin

FEBRUARY 7, 2019

A recent leak compromised the personal data of all 4,557 active students at the California State Polytechnic University Science School. This was not a case of hackers gaining access through illicit means or an accidental exposure of an unsecured database. The data was inadvertently sent in a spreadsheet as an email attachment by a university employee.

Data breaches 168

Data breaches Passwords VPN Risk 168

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

FEBRUARY 4, 2019

Godaddy.com , the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

DNS 277

DNS Ransomware Accountability Internet 277

Schneier on Security

FEBRUARY 4, 2019

The Wired headline sums it up nicely -- " Facebook Hires Up Three of Its Biggest Privacy Critics ": In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the privacy watchdog Electronic Frontier Foundation, and Robyn Greene, of New America's Open Technology Institute, announced they also are going in-house at Facebook.

Technology 203

Technology 203

The Last Watchdog

FEBRUARY 6, 2019

We’re just a month and change into the new year, and already there have been two notable developments underscoring the fact that some big privacy and civil liberties questions need to be addressed before continuing the wide-scale deployment of advanced facial recognition systems. This week civil liberties groups in Europe won the right to challenge the UK’s bulk surveillance activities in the The Grand Chamber of the European Court of Human Rights.

Surveillance 157

Surveillance Technology Retail Authentication 157

Adam Levin

FEBRUARY 8, 2019

The Chinese government-linked hacking group APT10 is continuing its campaign against US and European businesses with increasingly sophisticated tactics and strategies, warn officials from the Department of Homeland Security. The group is thought to be responsible for recent cyber-espionage campaigns against a U.S. law firm, an international apparel company, and Visma , a major Norwegian software firm according to a report from security firms Recorded Future and Rapid7.

Telecommunications 146

Telecommunications Government Technology Hacking 146

Schneier on Security

FEBRUARY 5, 2019

Zcash just fixed a vulnerability that would have allowed "infinite counterfeit" Zcash. Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary.

Government 203

Government Cryptocurrency 203

Security Affairs

FEBRUARY 7, 2019

A zero-day vulnerability in macOS Mojave can be exploited by malware to steal plaintext passwords from the Keychain. The security expert Linus Henze has disclosed the existence of a zero-day vulnerability in macOS Mojave that can be exploited by malware to steal plaintext passwords from the Keychain. According to Henze, the flaw affects macOS Mojave and earlier versions.

Passwords 111

Passwords Password Management Advertising Malware 111

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

WIRED Threat Level

FEBRUARY 6, 2019

Opinion: Cryptocurrencies are useless. Blockchain solutions are frequently much worse than the systems they replace. Here's why.

Technology 112

Technology Cryptocurrency 112

eSecurity Planet

FEBRUARY 7, 2019

A third of companies are unprepared for some of the most damaging cyber attacks, such as APTs, insider threats, ransomware and DDoS attacks.

DDOS 110

DDOS Cyber Attacks Cybersecurity Ransomware 110

Schneier on Security

FEBRUARY 7, 2019

Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications.

Government 199

Government 199

Security Affairs

FEBRUARY 6, 2019

Google patched a critical flaw in its Android OS that allows an attacker to send a specially crafted PNG image file to hack a target device, Opening an image file on your smartphone could allow attackers to hack into your Android device due to three critical vulnerabilities, CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988. The flaws affect millions of Android devices running versions of the Google OS, ranging from Android 7.0 Nougat to the latest Android 9.0 Pie.

Hacking 111

Hacking Advertising Manufacturing Mobile 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Dark Reading

FEBRUARY 7, 2019

Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.

Ransomware 106

Ransomware Encryption 106

eSecurity Planet

FEBRUARY 6, 2019

Data breaches and new privacy regulations are prompting increased spending on IT security products and staff.

Data breaches 104

Data breaches 104

Adam Shostack

FEBRUARY 4, 2019

I hate reviewing books by people I know, because I am a picky reader, and if you can’t say anything nice, don’t say anything at all. I also tend to hate management books, because they often substitute jargon for crisp thinking. So I am surprised, but, here I am, writing a review of Kip Boyle’s “ Fire Doesn’t Innovate.” I’m giving little away by saying the twist is that attackers do innovate, and it’s a surprisingly solid frame on which Kip hangs a

CSO 100

CSO Cyber Risk Backups Risk 100

Security Affairs

FEBRUARY 5, 2019

A security expert discovered a severe Remote Code Execution vulnerability in the popular LibreOffice and Apache OpenOffice. The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.

Advertising 111

Advertising Hacking Software 111

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

FEBRUARY 8, 2019

Citrix issues update for encryption weakness dogging the popular security protocol.

Encryption 100

Encryption 100

WIRED Threat Level

FEBRUARY 8, 2019

Meanwhile, two Iowa researchers built an AI engine they say can spot abusive apps on Twitter months before the service itself.

Accountability 96

Accountability Engineering 96

Threatpost

FEBRUARY 4, 2019

Armed with an impressive bag of exploits and other tricks for propagation, researchers believe the new trojan could be the catalyst for an upcoming, major cyber-offensive.

Malware 82

Malware 82

Security Affairs

FEBRUARY 4, 2019

Metro Bank has become the first major bank to disclose SS7 attacks against its customers, but experts believe it isn’t an isolated case. A new type of cyber attack was used for the first time against the Metro Bank, threat actors are leveraging known flaws in the SS7 signaling protocol to intercept the codes sent via text messages to customers to authorize transactions.

Banking 111

Banking Telecommunications Authentication Advertising 111

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

FEBRUARY 6, 2019

Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.

86

86

WIRED Threat Level

FEBRUARY 7, 2019

Lawmakers want more information about Facebook’s Project Atlas program, which collected data from teens and sidestepped device makers’ privacy policies.

94

94

Threatpost

FEBRUARY 6, 2019

A researcher who discovered a flaw letting him steal passwords in MacOS is not sharing his findings with Apple without a macOS bug bounty program.

Passwords 81

Passwords Mobile 81

Security Affairs

FEBRUARY 6, 2019

Researchers at Check Point Software Technologies have discovered more than two dozen vulnerabilities in the popular implementations of the remote desktop protocol (RDP). Security experts at Check Point Software Technologies discovered a total of 25 security flaws in the popular implementations of the remote desktop protocol (RDP). 16 that have been rated as “major,” some of the vulnerabilities could be exploited by a malicious RDP server to hack a device running the client RDP software.

Hacking 111

Hacking Advertising Software Malware 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

FEBRUARY 4, 2019

IoT 86

IoT 86

WIRED Threat Level

FEBRUARY 5, 2019

“Password Checkup” isn’t a password manager but a simple tool that warns you if you’re using a password that’s been exposed in data breaches.

Passwords 83

Passwords Password Management Data breaches 83

Threatpost

FEBRUARY 6, 2019

A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature.

Phishing 78

Phishing Scams 78

Security Affairs

FEBRUARY 4, 2019

Security experts identified nearly 500,000 Ubiquit devices that may be affected by a vulnerability that has already been exploited in the wild. Security experts are warning Ubiquit users of a vulnerability that has already been exploited in the wild. Last week, the researcher Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed that threat actors had been targeting Ubiquiti installs exposed online.

DDOS 111

DDOS Advertising Firmware Hacking 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!