Schneier on Security

JULY 13, 2018

This is weird : Police in Detroit are looking for two suspects who allegedly managed to hack a gas pump and steal over 600 gallons of gasoline, valued at about $1,800. The theft took place in the middle of the day and went on for about 90 minutes, with the gas station attendant unable to thwart the hackers. The theft, reported by Fox 2 Detroit , took place at around 1pm local time on June 23 at a Marathon gas station located about 15 minutes from downtown Detroit.

Hacking 233

Hacking Cybercrime 233

Troy Hunt

JULY 9, 2018

One of the most alarming trends I've seen in the world of data breaches since starting Have I Been Pwned (HIBP) back in 2013 is the rapid rise of credential stuffing attacks. Per the definition in that link, it simply means this: Credential stuffing is the automated injection of breached username/password pairs in order to fraudulently gain access to user accounts.

Passwords 219

Passwords Password Management Data breaches Accountability 219

Krebs on Security

JULY 11, 2018

Score one for the good guys: Bitcanal , a Portuguese Web hosting firm long accused of helping spammers hijack large swaths of dormant Internet address space over the years, was summarily kicked off the Internet this week after a half-dozen of the company’s bandwidth providers chose to sever ties with the company. Spammers and Internet service providers (ISPs) that facilitate such activity often hijack Internet address ranges that have gone unused for periods of time.

Internet 187

Internet Internet Advertising 187

The Last Watchdog

JULY 13, 2018

There’s a new breed of identity thief at work plundering consumers and companies. However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans. Related article: 7 hacks signaling a coming global cyber war.

Digital transformation 181

Digital transformation Media Hacking Internet 181

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

JULY 11, 2018

Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic. The Departments determined that the opportunities and challenges in working toward dramatically reducing threats from automated, distributed attacks can be summarized in six principal themes.

Marketing 221

Marketing Manufacturing Education Internet 221

Troy Hunt

JULY 12, 2018

Over recent weeks, I've begun planning the release of the 3rd version of Pwned Passwords. If you cast your mind back, version 1 came along in August last year and contained 320M passwords. I made all the data downloadable as SHA-1 hashes (for reasons explained in that post) and stood up a basic API to enable anyone to query it by plain text password or hash.

Passwords 162

Passwords Password Management Data breaches Internet 162

The Last Watchdog

JULY 12, 2018

The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable. However, details of the underlying hack , ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help frame wider questions, and pave the way for improved best practices.

Internet 145

Internet Internet Government Technology 145

Schneier on Security

JULY 12, 2018

Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other: The first big new feature in WPA3 is protection against offline, password-guessing attacks. This is where an attacker captures data from your Wi-Fi stream, brings it back to a private computer, and guesses passwords over and over again until they find a match.

Passwords 183

Passwords Encryption 183

WIRED Threat Level

JULY 10, 2018

Cody Wilson makes digital files that let anyone 3-D print untraceable guns. The government tried to stop him. He sued—and won.

Government 112

Government 112

Adam Levin

JULY 9, 2018

Timehop, an app for archiving social media activities, was breached on July 4. The breach compromised data for 21 million users from the company’s cloud environment including names, email addresses, and the phone numbers for roughly a quarter of them. In an email to their users, Timehop stated: “The damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service.

Data breaches 100

Data breaches Media Cyber Attacks 100

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Last Watchdog

JULY 11, 2018

We’re undergoing digital transformation , ladies and gentlemen. And we’re in a nascent phase where clever advances are blossoming even as unprecedented data breaches arise in parallel. The latest example of this dichotomy comes from Timehop, a service that enables social media users to plug into their past. On Sunday, Timehop shared details about how a hacker got into their network, conducted several reconnaissance forays, and then moved swiftly on July 4th to pilfer personal information for 21

Digital transformation 133

Digital transformation Firewall Mobile Media 133

Schneier on Security

JULY 10, 2018

Researchers at the University of California, Irvine, are able to recover user passwords by way of thermal imaging. The tech is pretty straightforward, but it's interesting to think about the types of scenarios in which it might be pulled off. Abstract: As a warm-blooded mammalian species, we humans routinely leave thermal residues on various objects with which we come in contact.

Passwords 182

Passwords 182

WIRED Threat Level

JULY 10, 2018

Mail.ru also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data.

Internet 111

Internet Internet 111

Adam Shostack

JULY 13, 2018

Oddly, I am unable to find this on Etsy. Perhaps the Disney Corporation, new owners of Star Wars, doesn’t like mousetraps?

100

100

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Thales Cloud Protection & Licensing

JULY 9, 2018

The digital transformation has changed how the world does business. It has created whole new enterprises and industries, but it has also left many organizations vulnerable to new and destructive threats. Digital transformation can and does deliver increased efficiencies, improved decision-making, lower costs, improved reach, and higher profits. But it also frequently relies on increasing amounts of personal and other sensitive data.

Digital transformation 75

Digital transformation Financial Services Healthcare Encryption 75

Schneier on Security

JULY 9, 2018

Last year, researchers wrote about a new Windows code injection technique called PROPagate. Last week, it was first seen in malware: This technique abuses the SetWindowsSubclass function -- a process used to install or update subclass windows running on the system -- and can be used to modify the properties of windows running in the same session. This can be used to inject code and drop files while also hiding the fact it has happened, making it a useful, stealthy attack.

Malware 158

Malware Passwords 158

WIRED Threat Level

JULY 9, 2018

There haven't been as many hacks and attacks compared to this time last year, but that's where the good news ends.

Cybersecurity 111

Cybersecurity Hacking 111

Adam Shostack

JULY 12, 2018

So this week’s threat model Thursday is simply two requests: What would you like to see in the series? What would you like me to cover in my Blackhat talk, “ Threat Modeling in 2018 ?” “Attacks always get better, and that means your threat modeling needs to evolve. This talk looks at what’s new and important in threat modeling, organizes it into a simple conceptual framework, and makes it actionable.

Media 100

Media Engineering 100

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

JULY 11, 2018

Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.

74

74

eSecurity Planet

JULY 10, 2018

VIDEO: Dirk Hohndel, VP and Chief Open-Source Officer at VMware, talks about how dev security should be done, whether the code is open source or proprietary.

73

73

WIRED Threat Level

JULY 10, 2018

The bug serves as a reminder of China-friendly censorship code hidden in all iOS devices.

110

110

Adam Shostack

JULY 9, 2018

[Update: clarified a sentence about whose privacy is touched, and where.]. I had missed the story “ Big Brother on wheels: Why your car company may know more about you than your spouse. ” There are surprising details, including that you might be able to shut it off, and the phrase “If a customer declines, we do not collect any data from the vehicle.

Technology 100

Technology Personal Security Surveillance 100

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

JULY 11, 2018

The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.

Data breaches 72

Data breaches 72

Thales Cloud Protection & Licensing

JULY 12, 2018

The Internet of Things (IoT) is very crowded. Connected devices outnumber people. The United Nations estimates the current world population at 7.6 billion 1 , and Gartner projects over 20.8 billion devices will be connected to the Internet by 2020 2. Connected things are what make the IoT – sensors, cameras, wearable electronics, medical devices, automatic controls.

IoT 72

IoT Data collection Encryption eCommerce 72

WIRED Threat Level

JULY 8, 2018

From hacking protections to smarter two-factor authentication, Apple's iOS 12 will lock down your iPhone better than ever.

Authentication 109

Authentication Hacking 109

eSecurity Planet

JULY 12, 2018

A unified threat management appliance can make security much easier and cheaper for SMBs. Here's how to pick the right UTM solution.

58

58

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

JULY 10, 2018

Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.

Hacking 62

Hacking Software 62

Thales Cloud Protection & Licensing

JULY 11, 2018

Whether offering instant access to patient records, allowing remote diagnosis of treatment, or giving access to lifestyle management and monitoring apps, it’s undeniable that the Internet of Things (IoT) and connected services are revolutionising the healthcare industry. Working to improve operational efficiencies and deliver a greater level of care, the now-dubbed ‘Connected Health’ market has grown to such an extent recently that it is expected to be worth more than £450 billion by 2024.

Technology 72

Technology Healthcare IoT Encryption 72

WIRED Threat Level

JULY 13, 2018

The special counsel has unleashed an international, geopolitical bombshell.

99

99

Kali Linux

JULY 9, 2018

We have covered how to create secure “throw-away hack boxes” using the Raspberry Pi before , but we thought it was time to go back and take a look at the process again. With all the new Raspberry Pi models and Kali changes from when we last covered this, we found the old process was in need of some updating. As a review, what we are trying to accomplish is to create a standalone “leave behind” device that, when discovered, does not make it easy to figure out what you were

Backups 52

Backups Encryption Wireless Passwords 52

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!