Krebs on Security

NOVEMBER 26, 2019

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Marketing 302

Marketing Cybercrime Retail Advertising 302

Adam Levin

NOVEMBER 26, 2019

One terabyte of data belonging to a major hotel booking platform was found leaked online. A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations.

B2B 295

B2B Spyware VPN Phishing 295

Troy Hunt

NOVEMBER 25, 2019

When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference. I didn't have an opportunity to create anything usable by others until years later and perhaps most importantly in the context of this blog post, I didn't have anyone in my family able to teach me about coding.

Software 286

Software 286

Schneier on Security

NOVEMBER 29, 2019

Interesting research: " TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents ": Abstract: : Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process.

289

289

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

NOVEMBER 25, 2019

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I’m not alone. “I believe this is the first time I’ve seen a camera on a gas pump with a Bluetooth card skimmer,” said Detective Matt Jogodka of the Las Vegas Police Departm

Banking 301

Banking Wireless Encryption Mobile 301

Tech Republic Security

NOVEMBER 27, 2019

Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot.

Firmware 177

Firmware Encryption 177

Schneier on Security

NOVEMBER 27, 2019

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development. The DHS is seeking public feedback.

Government 263

Government 263

Security Affairs

NOVEMBER 26, 2019

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. According to the company, the cause of behavior that violates their policies is a couple of “malicious” software development kits (SDKs) used by the third-party iOS and Android apps.

Accountability 136

Accountability Mobile Advertising Media 136

Tech Republic Security

NOVEMBER 28, 2019

As cloud complexity increases, hackers are relying on more targeted attacks, scoping out weak points across a larger attack surface.

Cybersecurity 207

Cybersecurity 207

Troy Hunt

NOVEMBER 28, 2019

I recently had the pleasure of spending a few days in Switzerland, firstly in Geneva visiting ( and speaking at ) CERN followed by a visit to the nation's capital, Bern. There I spent some time with a delegation of the National Cybersecurity Centre discussing the challenges they face and where HIBP can play a role. Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome Switzerland as the 7th national gov

Government 212

Government Cybersecurity 212

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

NOVEMBER 25, 2019

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.

Cybersecurity 127

Cybersecurity 127

Security Affairs

NOVEMBER 26, 2019

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide.

Cryptocurrency 126

Cryptocurrency Malware Encryption Advertising 126

Tech Republic Security

NOVEMBER 26, 2019

There's not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path.

Cybersecurity 208

Cybersecurity 208

CTOVision Cybersecurity

NOVEMBER 25, 2019

Thanks to the power of computing you can watch Commodore Grace Hopper delivering her landmark lecture at MIT Laboratory on 25 April 1985. The entire presentation is excellent and worth listening to. But my favorite line is right around 23 minutes in, when after describing the nature of technology innovation she says: “Probably the most […].

Technology 113

Technology 113

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

NOVEMBER 26, 2019

Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.

Scams 112

Scams Media Malware Phishing 112

Security Affairs

NOVEMBER 28, 2019

A piece of the Ryuk Ransomware infected the network of the multinational cybersecurity firm Prosegur, forcing the company to shut down it. The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. Comunicado sobre incidencia de seguridad informática pic.twitter.com/TMdOJzkFCB — Prosegur (@Prosegur) November 27, 2019.

Ransomware 121

Ransomware Cybersecurity Telecommunications Advertising 121

Tech Republic Security

NOVEMBER 26, 2019

Cyber insurance can help protect your organization from the financial costs associated with data breaches. Learn the details to decide if it's the right fit for your company.

Cyber Insurance 172

Cyber Insurance Insurance Data breaches 172

Thales Cloud Protection & Licensing

NOVEMBER 26, 2019

Originally published in Security Magazine on November 20, 2019. With the holidays approaching, many of us are thinking about taking time off from work to be with friends and family, as well all the last minute shopping that needs to be done. The sad truth is that cyber criminals do not take vacations and may be looking at the holidays as yet another opportunity to steal and monetize consumer data.

Retail 148

Retail Cybercrime Threat Reports 148

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

NOVEMBER 25, 2019

Researchers show how AI programs can be sabotaged by even subtle tweaks to the data used to train them.

Hacking 111

Hacking 111

Security Affairs

NOVEMBER 25, 2019

Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr is highly reliable, scalable and fault-tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, ce

Advertising 116

Advertising Firewall Engineering Authentication 116

Tech Republic Security

NOVEMBER 29, 2019

Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Risk 195

Risk 195

Thales Cloud Protection & Licensing

NOVEMBER 25, 2019

Originally published in City A.M. on November 20, 2019 (Page 23). Be afraid, be very afraid, for here are the security fears lurking under your firm’s bed. The choices that characters make in scary movies can often seem baffling. Why do they never turn the lights on when entering the house at night alone? How come they always run upstairs and never outside when being chased?

104

104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

NOVEMBER 26, 2019

Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.

94

94

Security Affairs

NOVEMBER 23, 2019

Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities. Some of the vulnerabilities found by the experts could lead to remote code execution.

Software 116

Software Advertising Manufacturing Hacking 116

Tech Republic Security

NOVEMBER 26, 2019

Holiday shopping scams try to bait consumers with special giveaways, giftcards, discounts, and coupons, according to a new report from cyber security company ZeroFOX.

Scams 131

Scams 131

Threatpost

NOVEMBER 27, 2019

The COPRA legislation would provide GDPR-like data protections, and create a new FTC enforcement bureau.

Data privacy 103

Data privacy Government 103

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

NOVEMBER 27, 2019

By donating their security expertise, infosec professionals are supporting non-profits, advocacy groups, and communities in-need.

InfoSec 89

InfoSec Cybersecurity 89

Security Affairs

NOVEMBER 26, 2019

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services.

Encryption 116

Encryption Antivirus DNS Advertising 116

Tech Republic Security

NOVEMBER 28, 2019

Education and legislation are needed to combat the significant threat of deepfakes.

Education 185

Education 185

WIRED Threat Level

NOVEMBER 27, 2019

Black Friday is going to be overrun with cheap, internet-connected gifts. Just make sure you know exactly what you’re buying.

Internet 88

Internet Internet 88

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk