Krebs on Security

AUGUST 27, 2019

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of We

Cybersecurity

Schneier on Security

AUGUST 28, 2019

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

Computers and Electronics

Troy Hunt

AUGUST 26, 2019

Australia! Sunshine, good coffee and back in the water on the tail end of "winter". I'm pretty late doing this week's video as the time has disappeared rather quickly and I'm making the most of it before the next round of events. Be that as it may, there's a bunch of new stuff this week not least of which is the unexpected limit I hit with the Azure API Management consumption tier.

InfoSec

The Last Watchdog

AUGUST 26, 2019

Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.

Hacking

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

AUGUST 29, 2019

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various denta

Backups

Schneier on Security

AUGUST 30, 2019

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn't imagine that they would be necessary. The results are predictable.

Malware

The Last Watchdog

AUGUST 29, 2019

Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers’ personal data. The EU slammed the UK airline with a $230 million fine , and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU’s toughened General Data Protection Regulation , which took effect May 25, 2018.

Big data

Krebs on Security

AUGUST 30, 2019

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Phishing

Schneier on Security

AUGUST 26, 2019

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them : The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices -- like sensors, smartphones, or vehicle tracking hardware -- from card skimmers that ar

Wireless

WIRED Threat Level

AUGUST 30, 2019

For two years, a handful of websites have indiscriminately hacked thousands of iPhones.

Hacking

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Last Watchdog

AUGUST 26, 2019

Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.

Hacking

Security Affairs

AUGUST 27, 2019

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on Google Play Store. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data.

Malware

Schneier on Security

AUGUST 27, 2019

Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about.

eSecurity Planet

AUGUST 28, 2019

Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.

Artificial Intelligence

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

AUGUST 26, 2019

If you think dropping a nuclear bomb into the eye of a hurricane is a bad idea, wait'll you see what they had in mind for the polar ice caps.

Security Affairs

AUGUST 30, 2019

The company behind DDS Safe solution used by hundreds of dental offices was hit by a ransomware attack and it is working to restore access to client data. PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental backup system that provides dental offices triple the protection of traditional online back-up solutions.

Backups

Schneier on Security

AUGUST 29, 2019

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in speech, flattening them.

Dark Reading

AUGUST 26, 2019

Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.

Media

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

AUGUST 24, 2019

Xbox eavesdropping, email scammers, and more of the week's top security news.

Cryptocurrency

Security Affairs

AUGUST 29, 2019

HackerOne announced that five more hackers have become millionaires thanks to their contributes to the bug bounty programs managed by the platform. Bug bounty platform HackerOne announced that four more hackers have become millionaires after participating in the bug bounty programs managed by the platform. In March, HackerOne announced that two of its members have each earned more than $1 million by participating bug bounty programs.

Internet

Thales Cloud Protection & Licensing

AUGUST 30, 2019

Originally published in Forbes on July 29, 2019. Brands are under pressure to protect themselves and their customers from increasingly sophisticated cyber attacks. With daily media headlines and new regulations, consumers have never been more aware of the threats out there. As a result, businesses are being forced to take the issue of cybersecurity more seriously, facing it head on and putting in place the necessary steps (e.g., encryption, two-factor authentication and key management) to protec

Cyber Attacks

Dark Reading

AUGUST 27, 2019

Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.

Ransomware

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

AUGUST 24, 2019

The paper being presented suggested that the two researchers had a method to quickly find large semiprime numbers and essentially break RSA-2048 and any other semiprime-based encryption.

Encryption

Security Affairs

AUGUST 25, 2019

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 fl

VPN

Thales Cloud Protection & Licensing

AUGUST 27, 2019

This past March at RSAC 2019, Pure Storage and Thales introduced the security industry’s first end-to-end data encryption framework that realizes storage array data reduction efficiencies. Historically, host data encryption and array data reduction are like oil and water – they simply don’t mix. Our partner Vaughn Stewart from Pure Storage wrote about our work together to overcome this problem in this blog post.

Encryption

Dark Reading

AUGUST 30, 2019

Practical steps municipal governments can take to better prevent and respond to ransomware infections.

Ransomware

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

AUGUST 27, 2019

The same researchers who figured out how to clone a Tesla Model S key fob have done it again, cracking the replacement that was meant to fix the problem.

Hacking

Security Affairs

AUGUST 24, 2019

Researchers at Wordfence reported an ongoing hacking campaign exploiting security flaws in some WordPress plugins. Researchers from Wordfence uncovered an ongoing hacking campaign exploiting security vulnerabilities in some WordPress plugins to redirect visitors to websites under the control of the attackers. The campaign specifically targeted flaws in WordPress plugins developed by the developer NicDark (now renamed as “Endreww”), such as a plugin called Simple 301 Redirects – Addon – Bulk Uplo

Hacking

Threatpost

AUGUST 27, 2019

A round of phishing emails purports to be from job seekers - but actually uses a slew of detection evasion tactics to download malware on victim systems.

Phishing

Dark Reading

AUGUST 28, 2019

An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses.

Government

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!