Schneier on Security

JUNE 3, 2019

Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data breaches and companies mishandling of customer data, a bipartisan consensus has emerged in support of legislation to give consumers more control over their personal information, require companies to discl

Cybersecurity 273

Cybersecurity Data breaches Government Information Security 273

Krebs on Security

JUNE 4, 2019

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Insurance 268

Insurance Banking Accountability Data privacy 268

Troy Hunt

JUNE 7, 2019

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved ????

Data breaches 216

Data breaches 216

The Last Watchdog

JUNE 4, 2019

There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems

Cybersecurity 193

Cybersecurity Computers and Electronics Technology Marketing 193

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

JUNE 7, 2019

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb" mode. It also sends a quick text to a predetermined contact to tell them you've been pulled over, and it starts recording using the iPhone's front-facing camera.

269

269

Krebs on Security

JUNE 3, 2019

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “ Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “ Eternal Blue ,” a hacking tool developed by the U.S.

Ransomware 252

Ransomware Accountability Malware Government 252

Adam Shostack

JUNE 6, 2019

New at Dark Reading, my When Security Goes Off the Rails , Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis. (As I watch the competing stories, “ Baltimore City leaders blame NSA for ransomware attack. ,” and “ N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says ,” I’d like to see an investigations capability that can give us facts.).

Ransomware 113

Ransomware 113

Schneier on Security

JUNE 6, 2019

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system : Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac.

Hacking 253

Hacking Government 253

Security Affairs

JUNE 7, 2019

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account. The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank.

Cybersecurity 111

Cybersecurity Scams Banking Accountability 111

Adam Levin

JUNE 4, 2019

At least 11 million public and private photographs were found on an unsecured database connected to an online photo sharing service. Researchers from VPNMentor discovered an online database that they traced back to Theta360, a photo service specializing in panoramic photos taken with Ricoh-brand cameras. The unsecured data contained photographs, usernames, full names, and photo captions, including those marked by users as private.

IoT 127

IoT Engineering 127

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Dark Reading

JUNE 6, 2019

Experts share the cybersecurity threats to watch for and advice to stay protected.

Scams 111

Scams Cybersecurity 111

Schneier on Security

JUNE 4, 2019

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud.The use of social networks has become extremely widespread.

Cybercrime 240

Cybercrime Scams Cryptocurrency Antivirus 240

Security Affairs

JUNE 5, 2019

A security expert has developed a Metasploit module to exploit the critical BlueKeep vulnerability and get remote code execution. The security researcher Z??osum0x0 has developed a module for the popular Metasploit penetration testing framework to exploit the critical BlueKeep flaw. The vulnerability , tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates.

Penetration Testing 111

Penetration Testing Advertising Malware Authentication 111

Adam Levin

JUNE 3, 2019

Quest Diagnostics, a leading American clinical laboratory company, announced today that 11.9 million patients may have been compromised in a vendor-related incident. A statement released by Quest revealed that an “unauthorized user” had gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor subcontracted by a Quest contractor called Optum360.

Big data 125

Big data Data breaches 125

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

JUNE 5, 2019

Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple.

111

111

Schneier on Security

JUNE 6, 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior , which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philoso

226

226

Security Affairs

JUNE 2, 2019

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and private businesses.

Malware 111

Malware Advertising Software Hacking 111

Adam Levin

JUNE 3, 2019

HBO’s hit series Game of Thrones is now history, but it will live on in the hearts, minds and social media interactions of its followers for some time to come. Before now the only thing GoT fans wanted besides a juicy spoiler was to know who would take the Iron Throne. How it all ended was something hackers spent significant time and effort trying to find out.

Data breaches 119

Data breaches Marketing Firewall Hacking 119

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

JUNE 5, 2019

With the 2020 election fast approaching, too many problems from 2016 persist.

107

107

Schneier on Security

JUNE 5, 2019

Really interesting first-hand experience from Maciej Ceg?owski.

Risk 224

Risk 224

Security Affairs

JUNE 2, 2019

The popular privacy-focused email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement. The popular privacy-focused email service ProtonMail made the headlines because it has been accused of supporting real-time surveillance carried out by law enforcement. On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swi

Government 111

Government Surveillance Telecommunications Advertising 111

Elie

JUNE 7, 2019

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences.

107

107

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

JUNE 7, 2019

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it.

Internet 106

Internet Internet 106

Thales Cloud Protection & Licensing

JUNE 4, 2019

On May 25, the European Union celebrated the first anniversary of the enforcement of the General Data Protection Regulation (GDPR) , the most important change in data privacy regulations in the last decade, designed to restructure the way in which personal data is handled across every sector (public or private) and every industry. Now that one year has passed since the GDPR came into effect, we’ve had a lot of questions arising such as how are companies managing the adoption of the new stricter

Data privacy 102

Data privacy Artificial Intelligence Data breaches Technology 102

Security Affairs

JUNE 1, 2019

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that use of Shodan to find other vulnerable installs and compromise them.

Hacking 111

Hacking Cryptocurrency Advertising Accountability 111

eSecurity Planet

JUNE 3, 2019

Email users continue to be one of the easiest marks for cybercriminals, according to the latest cybersecurity research.

Cybersecurity 101

Cybersecurity 101

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Threatpost

JUNE 3, 2019

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.

Hacking 98

Hacking 98

Thales Cloud Protection & Licensing

JUNE 6, 2019

Warning: Spoilers Ahead. As Game of Thrones fans sift through emotional ashes left behind after the final fiery episode, conjecture and lamentation over what happened and why has dominated pop culture conversations. Debate among ardent fans will likely continue well into the future, but a couple of things are certain: even though the Iron Throne is now toast, there are many takeaways the cybersecurity industry can draw from based on this eight-year dynastic series.

Cybersecurity 97

Cybersecurity Digital transformation Threat Reports Data breaches 97

Security Affairs

JUNE 4, 2019

A security expert disclosed technical details of a new unpatched vulnerability (CVE-2019-9510) that affects Microsoft Windows Remote Desktop Protocol (RDP). Security expert Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), discovered a new unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP). The flaw, tracked as CVE-2019-9510, could be exploited by client-side attackers to bypass the lock screen on remote desktop (RD) sessions.

Authentication 111

Authentication Advertising Engineering Software 111

Dark Reading

JUNE 4, 2019

The heavily obfuscated adware was found in 238 different apps on Google Play.

Adware 97

Adware 97

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!