Schneier on Security

MAY 3, 2019

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Cybersecurity 232

Cybersecurity Technology Government Internet 232

Krebs on Security

MAY 3, 2019

A Pennsylvania credit union is suing financial industry technology giant Fiserv , alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The credit union said the investigation that fueled the lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites.

Banking 176

Banking Accountability Passwords Technology 176

The Last Watchdog

APRIL 29, 2019

In today’s complex IT environments, a million things can go wrong, though only a few systems touch everything. Related: Why Active Directory is so heavily targeted For companies running Microsoft Windows, one such touch-all systems is Active Directory, or AD, the software that organizes and provides access to information across the breadth of Windows systems.

Backups 155

Backups Ransomware Accountability Malware 155

Troy Hunt

MAY 2, 2019

It's the last one from home for a few weeks, both for Scott and myself. Whilst I head off to the US for a couple of weeks, he's back home to the UK before other Europe travel then we'll both end up back on the Gold Coast in a few weeks time before the AusCERT conference. This week, we're talking about how kids are so good at circumventing things like parental controls and how maybe - just maybe - talking to your goods and using some social techniques is a better (or at least complimentary) appro

Marketing 148

Marketing 148

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MAY 2, 2019

Politico has a long article making the case that the lead GDPR regulator, Ireland, has too cozy a relationship with Silicon Valley tech companies to effectively regulate their privacy practices. Despite its vows to beef up its threadbare regulatory apparatus, Ireland has a long history of catering to the very companies it is supposed to oversee, having wooed top Silicon Valley firms to the Emerald Isle with promises of low taxes, open access to top officials, and help securing funds to build gli

Data privacy 230

Data privacy Software Cybersecurity 230

Krebs on Security

MAY 3, 2019

Federal investigators in the United States, Germany and the Netherlands announced today the arrest and charging of three German nationals and a Brazilian man as the alleged masterminds behind the Wall Street Market (WSM), one of the world’s largest dark web bazaars that allowed vendors to sell illegal drugs, counterfeit goods and malware. Now, at least one former WSM administrator is reportedly trying to extort money from WSM vendors and buyers (supposedly including Yours Truly) — i

Marketing 162

Marketing Scams Accountability Engineering 162

Adam Levin

MAY 2, 2019

Adam Levin was featured on a short video on TicToc by Bloomberg, where he discussed the trade-offs between security and convenience for mobile banking and payment apps. “As business tries in its technological innovation to make things more convenient, you end up with the conundrum between convenience and security.” Levin said. See the video below, or on Bloomberg.com : ?.

Mobile 100

Mobile Banking Technology 100

Schneier on Security

MAY 1, 2019

Mark Risher of Google extols the virtues of security keys: I'll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of the user as much as we can. Furthermore, this "proof" from the site to the key is only permitted over close physical proximity (like USB, NFC, or Bluetooth).

Social Engineering 218

Social Engineering Backups Authentication Passwords 218

WIRED Threat Level

APRIL 30, 2019

Mueller is done and Rosenstein is on his way out the door, but federal and state authorities around the country are still investigating the president and those in his orbit.

111

111

The Last Watchdog

MAY 2, 2019

Small and midsize businesses — so-called SMBs — face an acute risk of sustaining a crippling cyberattack. This appears to be even more true today than it was when I began writing about business cyber risks at USA TODAY more than a decade ago. Related: ‘Malvertising’ threat explained However, one small positive step is that company decision makers today, at least, don’t have their heads in the sand.

Risk 131

Risk Cyber Risk Cyber threats Banking 131

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

MAY 1, 2019

Over the last two election cycles, we’ve seen an increased focus on election security, hacking and fraud. While many state and government officials are under no illusion that they are safe from a digital attack, concern should run deeper than election integrity. Most federal security issues are a result of well-known long-standing vulnerabilities that agencies have not addressed.

Digital transformation 105

Digital transformation Cybersecurity Data breaches Encryption 105

Schneier on Security

APRIL 29, 2019

Someone is stealing millions of dollars worth of Ethereum by guessing users' private keys. Normally this should be impossible, but lots of keys seem to be very weak. Researchers are unsure how those weak keys are being generated and used. Their paper is here.

Encryption 216

Encryption Cryptocurrency Hacking 216

Adam Shostack

APRIL 30, 2019

Heriot-Watt University in Scotland is hosting a “ Workshop on Serious Games for Cyber Security ,” May 21-22.

100

100

The Last Watchdog

MAY 2, 2019

While the internet and social media have been very positive for businesses, there remains an inherent risk when it comes to how brands manage their Facebook, Twitter, and Instagram accounts. Related: Defusing weaponized documents While social media on every platform has benefits, there remains risks that must be addressed so as to keep your companies’ image and data safe.

Media 115

Media Marketing Risk Passwords 115

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

APRIL 29, 2019

A cyber survey conducted by the United Kingdom’s National Cyber Security Centre (NCSC) revealed that ‘123456’ is still the most hacked password. Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP). Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.

Passwords 100

Passwords Accountability Data breaches Advertising 100

Dark Reading

MAY 1, 2019

Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.

Hacking 97

Hacking 97

WIRED Threat Level

MAY 3, 2019

A group of likely Chinese hackers has poisoned the software of seven companies in just the last three years.

Software 107

Software Hacking 107

Threatpost

APRIL 29, 2019

Millions of security cameras, baby monitors and "smart" doorbells are open to hijack - and no solution is currently available.

IoT 94

IoT 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

APRIL 27, 2019

Experts at Cisco Talos group disclosed a dozen vulnerabilities uncovered in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Some of the flaws could be exploited to execute arbitrary code, modify passwords, and change system settings, Sierra Wireless AirLink gateways and routers are widely used in enterprise envi

Wireless 93

Wireless Passwords IoT Retail 93

Dark Reading

MAY 2, 2019

Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.

87

87

WIRED Threat Level

APRIL 29, 2019

If you're going up against an army of the undead, maybe plan a little better.

112

112

Threatpost

MAY 1, 2019

Ricardo Milos joined Ben 10, Adventure Time and We Bare Bear videos on its websites over the weekend.

Hacking 100

Hacking 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

MAY 2, 2019

The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The news was first reported by E&E News, a “cyber event” interrupted grid operations in parts of the western United States in March, according to a report posted by the Department of Energy.

Energy and Utilities 92

Energy and Utilities Cyber Attacks Hacking Media 92

Dark Reading

APRIL 29, 2019

Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.

Accountability 82

Accountability Passwords 82

WIRED Threat Level

APRIL 27, 2019

Mueller report fallout, a biometrics database, and more of the week's top security news.

87

87

Threatpost

MAY 2, 2019

Researchers warn customers to reconsider the use of the camera’s remote access feature if the device is monitoring highly sensitive areas of their household or company.

IoT 70

IoT Hacking 70

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

MAY 2, 2019

A flaw in Dell SupportAssist, a pre-installed tool on most Dell computers, could be exploited by hackers to compromise them remotely. The security researcher Bill Demirkapi (17) has discovered a critical remote code execution vulnerability in the Dell SupportAssist utility that is pre-installed on most Dell computers. The vulnerability could be exploited by hackers to compromise systems remotely.

Hacking 87

Hacking Software DNS 87

Dark Reading

APRIL 29, 2019

A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.

IoT 83

IoT Software 83

eSecurity Planet

APRIL 30, 2019

Organizations remain under attack both from within and without. We highlight current and emerging risks and the protections organizations need.

Risk 63

Risk 63

Threatpost

APRIL 29, 2019

Hardware that supports pirated video streaming content comes packed with malware.

Malware 98

Malware Marketing Hacking 98

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk