Krebs on Security

JUNE 4, 2019

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Insurance 242

Insurance Banking Accountability Data privacy 242

Schneier on Security

JUNE 7, 2019

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb" mode. It also sends a quick text to a predetermined contact to tell them you've been pulled over, and it starts recording using the iPhone's front-facing camera.

231

231

Troy Hunt

JUNE 7, 2019

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved ????

Data breaches 173

Data breaches 173

The Last Watchdog

JUNE 4, 2019

There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems

Cybersecurity 144

Cybersecurity Computers and Electronics Technology Marketing 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

JUNE 4, 2019

At least 11 million public and private photographs were found on an unsecured database connected to an online photo sharing service. Researchers from VPNMentor discovered an online database that they traced back to Theta360, a photo service specializing in panoramic photos taken with Ricoh-brand cameras. The unsecured data contained photographs, usernames, full names, and photo captions, including those marked by users as private.

IoT 127

IoT Engineering 127

Schneier on Security

JUNE 6, 2019

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system : Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac.

Hacking 215

Hacking Government 215

Elie

JUNE 7, 2019

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences.

107

107

Adam Levin

JUNE 3, 2019

Quest Diagnostics, a leading American clinical laboratory company, announced today that 11.9 million patients may have been compromised in a vendor-related incident. A statement released by Quest revealed that an “unauthorized user” had gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor subcontracted by a Quest contractor called Optum360.

Big data 125

Big data Data breaches 125

Schneier on Security

JUNE 4, 2019

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud.The use of social networks has become extremely widespread.

Cybercrime 209

Cybercrime Scams Cryptocurrency Antivirus 209

Security Affairs

JUNE 7, 2019

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account. The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank.

Cybersecurity 110

Cybersecurity Scams Banking Accountability 110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 5, 2019

Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple.

109

109

Dark Reading

JUNE 4, 2019

Employers can solve the skills gap by first recognizing that there isn't an archetypal "cybersecurity job" in the same way that there isn't an archetypal "automotive job." Here's how.

Cybersecurity 85

Cybersecurity 85

Schneier on Security

JUNE 6, 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior , which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philoso

200

200

Security Affairs

JUNE 2, 2019

The popular privacy-focused email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement. The popular privacy-focused email service ProtonMail made the headlines because it has been accused of supporting real-time surveillance carried out by law enforcement. On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swi

Government 108

Government Surveillance Telecommunications Advertising 108

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

JUNE 2, 2019

Today's cybersecurity superstars share a common thread—one that leads back to early hacking group Cult of the Dead Cow.

Hacking 108

Hacking Cybersecurity 108

Dark Reading

JUNE 5, 2019

LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.

Healthcare 83

Healthcare Accountability 83

Schneier on Security

JUNE 5, 2019

Really interesting first-hand experience from Maciej Ceg?owski.

Risk 201

Risk 201

Security Affairs

JUNE 2, 2019

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and private businesses.

Malware 107

Malware Advertising Software Hacking 107

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

JUNE 7, 2019

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it.

Internet 100

Internet Internet 100

Dark Reading

JUNE 3, 2019

Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.

Accountability 82

Accountability Ransomware 82

Threatpost

JUNE 3, 2019

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.

Hacking 98

Hacking 98

Security Affairs

JUNE 5, 2019

A security expert has developed a Metasploit module to exploit the critical BlueKeep vulnerability and get remote code execution. The security researcher Z??osum0x0 has developed a module for the popular Metasploit penetration testing framework to exploit the critical BlueKeep flaw. The vulnerability , tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates.

Penetration Testing 103

Penetration Testing Advertising Malware Authentication 103

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

JUNE 6, 2019

Opinion: Russia and Iran’s decisions to build isolated, domestic internets represent a new form of internet fragmentation—one that is far more physical than what we’ve seen before.

Internet 70

Internet Internet Hacking 70

Dark Reading

JUNE 7, 2019

Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.

CISO 93

CISO Phishing Malware 93

Threatpost

JUNE 5, 2019

A working exploit for the critical remote code-execution flaw shows how an unauthenticated attacker can achieve full run of a victim machine in about 22 seconds.

73

73

Security Affairs

JUNE 1, 2019

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that use of Shodan to find other vulnerable installs and compromise them.

Hacking 101

Hacking Cryptocurrency Advertising Accountability 101

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

JUNE 2, 2019

A researcher found the 20-year-old flaw by drawing on tricks from a childhood spent tinkering with his parents’ Mac Performa.

Hacking 85

Hacking 85

Dark Reading

JUNE 6, 2019

Experts share the cybersecurity threats to watch for and advice to stay protected.

Scams 111

Scams Cybersecurity 111

Threatpost

JUNE 3, 2019

How will 5G vendors deal with the issues of security? Nokia's head of end-to-end security solutions discusses during the GSMA Mobile 360 conference.

Mobile 75

Mobile IoT 75

Security Affairs

JUNE 4, 2019

A few hours ago, a new email hacking tool dubbed Jason and associated with the OilRig APT group was leaked through the same Telegram channel used to leak other tools. A new email hacking tool associated with the Iran-linked OilRig APT group was leaked through the same Telegram channel that in April leaked the source code of 6 tools used by the crew.

Hacking 95

Hacking Advertising Antivirus Passwords 95

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk