Schneier on Security
AUGUST 28, 2019
The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.
Krebs on Security
AUGUST 27, 2019
Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of We
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
AUGUST 26, 2019
Australia! Sunshine, good coffee and back in the water on the tail end of "winter". I'm pretty late doing this week's video as the time has disappeared rather quickly and I'm making the most of it before the next round of events. Be that as it may, there's a bunch of new stuff this week not least of which is the unexpected limit I hit with the Azure API Management consumption tier.
Adam Levin
AUGUST 26, 2019
The data breach of Capital One was big news, but it was also a familiar story: a major financial company with the budget and means to secure its data didn’t bother to do so, and the personal information of over a hundred million of its customers and applicants was exposed. The discovery, announcement, and subsequent arrest of the alleged perpetrator all happened within a week of the FTC’s settlement with Equifax for its own 2017 mega-breach.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
AUGUST 30, 2019
Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn't imagine that they would be necessary. The results are predictable.
Krebs on Security
AUGUST 29, 2019
PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various denta
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
AUGUST 24, 2019
Researchers at Wordfence reported an ongoing hacking campaign exploiting security flaws in some WordPress plugins. Researchers from Wordfence uncovered an ongoing hacking campaign exploiting security vulnerabilities in some WordPress plugins to redirect visitors to websites under the control of the attackers. The campaign specifically targeted flaws in WordPress plugins developed by the developer NicDark (now renamed as “Endreww”), such as a plugin called Simple 301 Redirects – Addon – Bulk Uplo
Schneier on Security
AUGUST 26, 2019
Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them : The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices -- like sensors, smartphones, or vehicle tracking hardware -- from card skimmers that ar
Krebs on Security
AUGUST 30, 2019
Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.
The Last Watchdog
AUGUST 29, 2019
Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers’ personal data. The EU slammed the UK airline with a $230 million fine , and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU’s toughened General Data Protection Regulation , which took effect May 25, 2018.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
AUGUST 27, 2019
Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on Google Play Store. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data.
Schneier on Security
AUGUST 29, 2019
Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in speech, flattening them.
Thales Cloud Protection & Licensing
AUGUST 30, 2019
Originally published in Forbes on July 29, 2019. Brands are under pressure to protect themselves and their customers from increasingly sophisticated cyber attacks. With daily media headlines and new regulations, consumers have never been more aware of the threats out there. As a result, businesses are being forced to take the issue of cybersecurity more seriously, facing it head on and putting in place the necessary steps (e.g., encryption, two-factor authentication and key management) to protec
The Last Watchdog
AUGUST 26, 2019
Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
AUGUST 25, 2019
BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 fl
Schneier on Security
AUGUST 27, 2019
Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about.
eSecurity Planet
AUGUST 28, 2019
Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.
Thales Cloud Protection & Licensing
AUGUST 27, 2019
This past March at RSAC 2019, Pure Storage and Thales introduced the security industry’s first end-to-end data encryption framework that realizes storage array data reduction efficiencies. Historically, host data encryption and array data reduction are like oil and water – they simply don’t mix. Our partner Vaughn Stewart from Pure Storage wrote about our work together to overcome this problem in this blog post.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
AUGUST 30, 2019
The company behind DDS Safe solution used by hundreds of dental offices was hit by a ransomware attack and it is working to restore access to client data. PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental backup system that provides dental offices triple the protection of traditional online back-up solutions.
Dark Reading
AUGUST 27, 2019
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
CTOVision Cybersecurity
AUGUST 24, 2019
Have you been numbed by constant reports of breaches? They get old for sure, especially since so many have at their core common issues that could have been avoided by application of best practices. Now here is an interesting/new story: A NASA astronaut is accused of hacking her estranged spouse’s bank account from space I […].
WIRED Threat Level
AUGUST 26, 2019
If you think dropping a nuclear bomb into the eye of a hurricane is a bad idea, wait'll you see what they had in mind for the polar ice caps.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
AUGUST 26, 2019
A new ransomware, dubbed Nemty, appeared in the threat landscape over the weekend, it spreads via compromised RDP connections. A new ransomware, called Nemty ransomware, has been discovered over the weekend by malware researchers. The name of the ransomware comes after the extension it adds to the encrypted file names, the malicious code also deletes their shadow copies to make in impossible any recovery procedure.
Dark Reading
AUGUST 28, 2019
An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses.
Threatpost
AUGUST 27, 2019
A round of phishing emails purports to be from job seekers - but actually uses a slew of detection evasion tactics to download malware on victim systems.
WIRED Threat Level
AUGUST 30, 2019
For two years, a handful of websites have indiscriminately hacked thousands of iPhones.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
AUGUST 29, 2019
HackerOne announced that five more hackers have become millionaires thanks to their contributes to the bug bounty programs managed by the platform. Bug bounty platform HackerOne announced that four more hackers have become millionaires after participating in the bug bounty programs managed by the platform. In March, HackerOne announced that two of its members have each earned more than $1 million by participating bug bounty programs.
Dark Reading
AUGUST 26, 2019
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
Threatpost
AUGUST 28, 2019
TrickBot malware targets users of U.S. mobile carriers Verizon, T-Mobile and Sprint via web injects to steal their PIN codes; enabling SIM swapping attacks.
WIRED Threat Level
AUGUST 24, 2019
The paper being presented suggested that the two researchers had a method to quickly find large semiprime numbers and essentially break RSA-2048 and any other semiprime-based encryption.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
252 
Let's personalize your content