Sat.Nov 23, 2019 - Fri.Nov 29, 2019

article thumbnail

It’s Way Too Easy to Get a.gov Domain Name

Krebs on Security

Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own.gov domain.

article thumbnail

Teach Your Kids to Code with Ari in Oslo and London

Troy Hunt

When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference. I didn't have an opportunity to create anything usable by others until years later and perhaps most importantly in the context of this blog post, I didn't have anyone in my family able to teach me about coding.

Software 341
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Major Hotel Group Leaks 1TB of Customer Data

Adam Levin

One terabyte of data belonging to a major hotel booking platform was found leaked online. A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations.

B2B 295
article thumbnail

Manipulating Machine Learning Systems by Manipulating Training Data

Schneier on Security

Interesting research: " TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents ": Abstract: : Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process.

257
257
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Hidden Cam Above Bluetooth Pump Skimmer

Krebs on Security

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I’m not alone. “I believe this is the first time I’ve seen a camera on a gas pump with a Bluetooth card skimmer,” said Detective Matt Jogodka of the Las Vegas Police Departm

Banking 348
article thumbnail

Weekly Update 166

Troy Hunt

Kangaroos! I've been trying to line these guys up for weeks to no avail but finally, they've delivered. Speaking of delivering, I actually got 3 blog posts out this week which I've not done for a while, the most significant of which relates to "data enrichment" companies (also often referred to as "data aggregators"). I have a fundamental issue with the very premise of how these firms operate and I'm getting a little sick of finding my own data in there.

VPN 247

LifeWorks

More Trending

article thumbnail

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

Schneier on Security

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development. The DHS is seeking public feedback.

article thumbnail

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

Krebs on Security

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Marketing 341
article thumbnail

Welcoming the Swiss Government to Have I Been Pwned

Troy Hunt

I recently had the pleasure of spending a few days in Switzerland, firstly in Geneva visiting ( and speaking at ) CERN followed by a visit to the nation's capital, Bern. There I spent some time with a delegation of the National Cybersecurity Centre discussing the challenges they face and where HIBP can play a role. Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome Switzerland as the 7th national gov

article thumbnail

How credential stuffing attacks work, and how to prevent them

Tech Republic Security

Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Risk 218
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide.

article thumbnail

Tainted Data Can Teach Algorithms the Wrong Lessons

WIRED Threat Level

Researchers show how AI programs can be sabotaged by even subtle tweaks to the data used to train them.

Hacking 130
article thumbnail

Han Solo, Frozen in Carbonite

Adam Shostack

Apparently, someone was baked at Williams Sonoma.

26
article thumbnail

The top cybersecurity mistakes companies are making (and how to avoid them)

Tech Republic Security

There's not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. According to the company, the cause of behavior that violates their policies is a couple of “malicious” software development kits (SDKs) used by the third-party iOS and Android apps.

article thumbnail

Home Safe: 20 Cybersecurity Tips for Your Remote Workers

Dark Reading

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.

article thumbnail

Taking Stock of Your Data Security to Deliver a Happy Holiday Shopping Season

Thales Cloud Protection & Licensing

Originally published in Security Magazine on November 20, 2019. With the holidays approaching, many of us are thinking about taking time off from work to be with friends and family, as well all the last minute shopping that needs to be done. The sad truth is that cyber criminals do not take vacations and may be looking at the holidays as yet another opportunity to steal and monetize consumer data.

Retail 114
article thumbnail

The sinister timing of deepfakes and the 2020 election

Tech Republic Security

Education and legislation are needed to combat the significant threat of deepfakes.

Education 216
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

A Ransomware infected the network of the cybersecurity firm Prosegur

Security Affairs

A piece of the Ryuk Ransomware infected the network of the multinational cybersecurity firm Prosegur, forcing the company to shut down it. The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. Comunicado sobre incidencia de seguridad informática pic.twitter.com/TMdOJzkFCB — Prosegur (@Prosegur) November 27, 2019.

article thumbnail

Travel Back To 1985 For A Guest Lecture By Commodore Grace Hopper on The Future of Computing

CTOVision Cybersecurity

Thanks to the power of computing you can watch Commodore Grace Hopper delivering her landmark lecture at MIT Laboratory on 25 April 1985. The entire presentation is excellent and worth listening to. But my favorite line is right around 23 minutes in, when after describing the nature of technology innovation she says: “Probably the most […].

article thumbnail

Black Friday Shoppers Targeted By Scams and Fake Domains

Threatpost

Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.

Scams 112
article thumbnail

How Microsoft is using hardware to secure firmware

Tech Republic Security

Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot.

Firmware 212
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Kaspersky found dozens of flaws in 4 open-source VNC software

Security Affairs

Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities. Some of the vulnerabilities found by the experts could lead to remote code execution.

Software 144
article thumbnail

Think Twice Before Giving Gifts With a Microphone or Camera

WIRED Threat Level

Black Friday is going to be overrun with cheap, internet-connected gifts. Just make sure you know exactly what you’re buying.

Internet 111
article thumbnail

ThreatList: Healthcare Breaches Spike in October

Threatpost

38 million consumer health records have been exposed so far in 2019.

article thumbnail

How Cyber insurance works to protect companies in case of a breach

Tech Republic Security

Cyber insurance can help protect your organization from the financial costs associated with data breaches. Learn the details to decide if it's the right fit for your company.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

PoC exploit code for Apache Solr RCE flaw is available online

Security Affairs

Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr is highly reliable, scalable and fault-tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, ce

article thumbnail

The Debate Over How to Encrypt the Internet of Things

WIRED Threat Level

So-called lightweight encryption has its place. But some researchers argue that more manufacturers should stick with proven methods.

article thumbnail

Scary Movie: The horror facing business

Thales Cloud Protection & Licensing

Originally published in City A.M. on November 20, 2019 (Page 23). Be afraid, be very afraid, for here are the security fears lurking under your firm’s bed. The choices that characters make in scary movies can often seem baffling. Why do they never turn the lights on when entering the house at night alone? How come they always run upstairs and never outside when being chased?

105
105
article thumbnail

The sinister timing of deepfakes and the 2020 election

Tech Republic Security

Education and legislation are needed to combat the significant threat of deepfakes.

Education 175
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!