Sat.Jun 01, 2019 - Fri.Jun 07, 2019

article thumbnail

The Importance of Protecting Cybersecurity Whistleblowers

Schneier on Security

Interesting essay arguing that we need better legislation to protect cybersecurity whistleblowers. Congress should act to protect cybersecurity whistleblowers because information security has never been so important, or so challenging. In the wake of a barrage of shocking revelations about data breaches and companies mishandling of customer data, a bipartisan consensus has emerged in support of legislation to give consumers more control over their personal information, require companies to discl

article thumbnail

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Insurance 268
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 142

Troy Hunt

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved ????

article thumbnail

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

iOS Shortcut for Recording the Police

Schneier on Security

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb" mode. It also sends a quick text to a predetermined contact to tell them you've been pulled over, and it starts recording using the iPhone's front-facing camera.

268
268
article thumbnail

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “ Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “ Eternal Blue ,” a hacking tool developed by the U.S.

LifeWorks

More Trending

article thumbnail

When security goes off the rails

Adam Shostack

New at Dark Reading, my When Security Goes Off the Rails , Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis. (As I watch the competing stories, “ Baltimore City leaders blame NSA for ransomware attack. ,” and “ N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says ,” I’d like to see an investigations capability that can give us facts.).

article thumbnail

Chinese Military Wants to Develop Custom OS

Schneier on Security

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system : Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac.

Hacking 251
article thumbnail

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

Security Affairs

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account. The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank.

article thumbnail

Photo Sharing System Leaks More than 11 Million Pics

Adam Levin

At least 11 million public and private photographs were found on an unsecured database connected to an online photo sharing service. Researchers from VPNMentor discovered an online database that they traced back to Theta360, a photo service specializing in panoramic photos taken with Ricoh-brand cameras. The unsecured data contained photographs, usernames, full names, and photo captions, including those marked by users as private.

IoT 127
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

6 Security Scams Set to Sweep This Summer

Dark Reading

Experts share the cybersecurity threats to watch for and advice to stay protected.

Scams 111
article thumbnail

The Cost of Cybercrime

Schneier on Security

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud.The use of social networks has become extremely widespread.

article thumbnail

Apple's 'Find My' Feature Uses Some Clever Cryptography

WIRED Threat Level

Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple.

111
111
article thumbnail

Quest Diagnostics Highlights Vendor Vulnerability

Adam Levin

Quest Diagnostics, a leading American clinical laboratory company, announced today that 11.9 million patients may have been compromised in a vendor-related incident. A statement released by Quest revealed that an “unauthorized user” had gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor subcontracted by a Quest contractor called Optum360.

Big data 125
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

A security expert has developed a Metasploit module to exploit the critical BlueKeep vulnerability and get remote code execution. The security researcher Z??osum0x0 has developed a module for the popular Metasploit penetration testing framework to exploit the critical BlueKeep flaw. The vulnerability , tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates.

article thumbnail

Security and Human Behavior (SHB) 2019

Schneier on Security

Today is the second day of the twelfth Workshop on Security and Human Behavior , which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philoso

224
224
article thumbnail

Election Security Is Still Hurting at Every Level

WIRED Threat Level

With the 2020 election fast approaching, too many problems from 2016 persist.

111
111
article thumbnail

What Game of Thrones Can Teach You About Data Breaches

Adam Levin

HBO’s hit series Game of Thrones is now history, but it will live on in the hearts, minds and social media interactions of its followers for some time to come. Before now the only thing GoT fans wanted besides a juicy spoiler was to know who would take the Iron Throne. How it all ended was something hackers spent significant time and effort trying to find out.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

ESET analyzes Turla APT’s usage of weaponized PowerShell

Security Affairs

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and private businesses.

Malware 111
article thumbnail

Lessons Learned Trying to Secure Congressional Campaigns

Schneier on Security

Really interesting first-hand experience from Maciej Ceg?owski.

Risk 222
article thumbnail

How a Google Cloud Catch-22 Broke the Internet

WIRED Threat Level

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it.

Internet 110
article thumbnail

Understanding the online safety and privacy challenges faced by South Asian women

Elie

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences.

107
107
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

ProtonMail denies that it spies on users for government agencies

Security Affairs

The popular privacy-focused email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement. The popular privacy-focused email service ProtonMail made the headlines because it has been accused of supporting real-time surveillance carried out by law enforcement. On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swi

article thumbnail

GDPR One Year Anniversary: What We’ve Learned So Far

Thales Cloud Protection & Licensing

On May 25, the European Union celebrated the first anniversary of the enforcement of the General Data Protection Regulation (GDPR) , the most important change in data privacy regulations in the last decade, designed to restructure the way in which personal data is handled across every sector (public or private) and every industry. Now that one year has passed since the GDPR came into effect, we’ve had a lot of questions arising such as how are companies managing the adoption of the new stricter

article thumbnail

Email Still a Major Attack Vector: Security Research

eSecurity Planet

Email users continue to be one of the easiest marks for cybercriminals, according to the latest cybersecurity research.

article thumbnail

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

WIRED Threat Level

A researcher found the 20-year-old flaw by drawing on tricks from a childhood spent tinkering with his parents’ Mac Performa.

Hacking 98
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that use of Shodan to find other vulnerable installs and compromise them.

Hacking 111
article thumbnail

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

Threatpost

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.

Hacking 98
article thumbnail

Game of Threats: What the Cybersecurity Industry Can Take Away from Game of Thrones

Thales Cloud Protection & Licensing

Warning: Spoilers Ahead. As Game of Thrones fans sift through emotional ashes left behind after the final fiery episode, conjecture and lamentation over what happened and why has dominated pop culture conversations. Debate among ardent fans will likely continue well into the future, but a couple of things are certain: even though the Iron Throne is now toast, there are many takeaways the cybersecurity industry can draw from based on this eight-year dynastic series.

article thumbnail

Adware Hidden in Android Apps Downloaded More Than 440 Million Times

Dark Reading

The heavily obfuscated adware was found in 238 different apps on Google Play.

Adware 97
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!