Adam Levin

JANUARY 15, 2019

U.S. citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. The two primary websites created by the government as resources for victims of identity theft, IdentityTheft.gov and FTC.gov/complaint , are currently offline as part of the partial shutdown of the Federal Trade Commission. This effectively leaves victims unable to file reports or get documentation of their stolen identities, which is typically a first step for mitigating

Identity Theft 219

Identity Theft Scams Government Phishing 219

Schneier on Security

JANUARY 17, 2019

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage.

Marketing 205

Marketing Surveillance Government Software 205

Troy Hunt

JANUARY 17, 2019

And then there was the biggest data breach to go into HIBP ever! I wrote that sentence from home just after publishing all the data, then I got on a plane. Holy cow that's a lot of emails! Hundreds upon hundreds of emails came in whilst on the way to Dubai, more than I'll ever be able to respond to. Plus, I'm actually trying to have some downtime with my son on this trip particularly over the next few days so a bunch of stuff is going to have to go unanswered or at best, delayed.

Data breaches 163

Data breaches Hacking Internet Internet 163

WIRED Threat Level

JANUARY 15, 2019

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along.

Data collection 111

Data collection 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

JANUARY 18, 2019

A gigantic trove of email addresses and passwords containing over 2 billion records has been discovered online. The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt , is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords. Hunt found an archive of the data on MEGA, a file-sharing site and has been featured on at least one hacking forum.

Accountability 198

Accountability Passwords Data breaches Data collection 198

Schneier on Security

JANUARY 16, 2019

Impressive police work : In a daring move that placed his life in danger, the I.T. consultant eventually gave the F.B.I. his system's secret encryption keys in 2011 after he had moved the network's servers from Canada to the Netherlands during what he told the cartel's leaders was a routine upgrade. A Dutch article says that it's a BlackBerry system.

Encryption 198

Encryption 198

WIRED Threat Level

JANUARY 16, 2019

Collection #1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open.

Passwords 104

Passwords 104

Adam Levin

JANUARY 15, 2019

AT&T and T-Mobile announced that in March 2019 they would stop selling user location data to third parties. The announcements came on the heels of a Motherboard article that reported on the ability to track individual cellular phones via “location aggregator” companies with access to mobile customer information. Cellular location data was sold as a customer-friendly feature that could streamline things like roadside assistance and fraud prevention.

Mobile 198

Mobile Accountability Risk Technology 198

Schneier on Security

JANUARY 14, 2019

I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and not just a matter of data.

Internet 197

Internet Internet 197

Security Affairs

JANUARY 12, 2019

The American hacktivist Martin Gottesfeld (34) has been sentenced to 10 years in prison for carrying out DDoS attacks against two healthcare organizations in the US in 2014. The alleged Anonymous member, Martin Gottesfeld, was accused of launching DDoS attacks against the two US healthcare organizations in 2014, the Boston Children’s Hospital and the Wayside Youth and Family Support Network.

DDOS 99

DDOS Healthcare Advertising Cyber Attacks 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

JANUARY 17, 2019

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. Much has changed since then but the core goals remain the same: limit who has access to certain information and prove the authenticity of who sent a message. 25 years of evolution and coming into the mainstream. The last 25 years has primarily been evolutionary with advances in symmetric and asymmetric cryptography focused on increasing key sizes and developing newer an

Encryption 79

Encryption Artificial Intelligence Technology Data privacy 79

Adam Levin

JANUARY 18, 2019

A massive leak of unprotected data on a server belonging to the Oklahoma Securities Commission was discovered in December 2018. Three terabytes of data were leaked, including evidence from hundreds of FBI investigations. Details in the material gone walkabout included financial transactions, emails relating to cases as well as letters from witnesses.

IoT 151

IoT Engineering Passwords Risk 151

Schneier on Security

JANUARY 14, 2019

This is a current list of where and when I am scheduled to speak: I'm speaking at A New Initiative for Poland in Warsaw, January 16-17, 2019. I'm speaking at the Munich Cyber Security Conference (MCSC) on February 14, 2019. The list is maintained on this page.

134

134

Security Affairs

JANUARY 12, 2019

Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients. Microsoft recently fixed a vulnerability in Office 365 that was exploited by attackers to bypass existing phishing protections and deliver malicious messages to victims’ inboxes.

Phishing 90

Phishing Advertising Banking Internet 90

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

JANUARY 18, 2019

An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.

80

80

WIRED Threat Level

JANUARY 15, 2019

Opinion: GPS-monitored violent offenders are 95 percent less likely to commit a new crime. We need to implement an integrated, nationwide domestic violence program that tracks domestic abusers.

Technology 71

Technology 71

Thales Cloud Protection & Licensing

JANUARY 16, 2019

It was recently announced that GCHQ has created a new competition for girls aged 12 – 13 in codebreaking, in a bid to create the next generation of female cybersecurity professionals. This initiative, CyberFirst Girls Competition, kicks off on January 21 and offers female students an opportunity to learn about cybersecurity and practice skills in a simulated real-world environment.

Data breaches 66

Data breaches Education Media Cybersecurity 66

Security Affairs

JANUARY 18, 2019

Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end of August by the threat analyst nao_sec , at the time it was used to distribute the GandCrab ransomware and other malicious codes, including droppers and

Advertising 88

Advertising Ransomware Healthcare Malware 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

JANUARY 18, 2019

For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.

Cyber threats 78

Cyber threats Government 78

Threatpost

JANUARY 17, 2019

Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.

73

73

Spinone

JANUARY 14, 2019

What is Google Team Drives? Google Team Drives is a revolutionary user-centric enterprise storage management system designed with enterprise team collaboration patterns in mind. Digital technologies are continuously changing the way people work today. Innovation is in Google’s DNA, and by being focused on core business processes, the company has put over a thousand hours of the user experience research engineers into this.

Backups 49

Backups Technology Cloud Migration Engineering 49

Security Affairs

JANUARY 13, 2019

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. Security researchers at Proofpoint researchers discovered two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang. The ServHelper is a backdoor, experts analyzed two variants of it, while FlawedGrace is a remote access trojan (RAT). “In November 2018, TA505 , a prolific actor tha

Malware 85

Malware DNS Financial Services Retail 85

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

JANUARY 17, 2019

Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.

Malware 80

Malware 80

Threatpost

JANUARY 17, 2019

Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.

Data breaches 80

Data breaches 80

WIRED Threat Level

JANUARY 16, 2019

From potential nation state hacks to a brain drain, the shutdown has done nothing good for cybersecurity.

Government 65

Government Risk Hacking Cybersecurity 65

Security Affairs

JANUARY 14, 2019

Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The US food giant Mondelez is suing Zurich for $100 Million after the insurance company rejected its claim to restore normal operations following the massive NotPetya ransomware attack. On the other side, Mondelez was requesting the payment of a policy that was promising to conver “ all risks of physical loss or damage ” as w

Cyber Insurance 80

Cyber Insurance Insurance Cyber Attacks Advertising 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

JANUARY 14, 2019

In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.

Phishing 89

Phishing Cybercrime Ransomware 89

Threatpost

JANUARY 15, 2019

Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.

Cyber Attacks 71

Cyber Attacks Hacking 71

WIRED Threat Level

JANUARY 16, 2019

Epic Games has since patched the attack, which would have allowed attackers to view account info, listen in on in-game conversations, and more.

Accountability 50

Accountability 50

Security Affairs

JANUARY 14, 2019

Security expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. The huge trove of data belongs to job seekers in China, its records include personal information of individuals like names, height, weight, email IDs, marriage status, political leanings, skills and wor

Advertising 79

Advertising Cyber Risk Engineering Authentication 79

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk