Krebs on Security
SEPTEMBER 4, 2018
mSpy , the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.
The Last Watchdog
SEPTEMBER 6, 2018
All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 5, 2018
It's amazing that this is even possible: " SonarSnoop: Active Acoustic Side-Channel Attacks ": Abstract: We report the first active acoustic side-channel attack. Speakers are used to emit human inaudible acoustic signals and the echo is recorded via microphones, turning the acoustic system of a smart phone into a sonar system. The echo signal can be used to profile user interaction with the device.
Troy Hunt
SEPTEMBER 7, 2018
It's been a week of travel for me with API Days in Melbourne on Tuesday, Fortinet Fast & Secure in Sydney on Wednesday then the Varonis webinar yesterday (recorded, I'll share once it's online). Be that as it may, I did manage to pump out a long-awaited blog post on the total cost of running Pwned Passwords in HIBP and its. 2.6c per day ??. This week there's also a few random things ranging from online authenticity (the human kind), changes in Chrome 69 (there's some major visual security in
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
SEPTEMBER 6, 2018
A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.
The Last Watchdog
SEPTEMBER 2, 2018
Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors. In today’s world, quick innovations are a necessity, and software developers would rather not lose valuable time reinventing the wheel.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
SEPTEMBER 7, 2018
On the heels of last weeks news that Air Canada suffered a breach affecting thousands of customers, British Airways announced a major breach affecting 380,000 customers who used the company’s website and app over a two-week period. From August 21 to September 5, hackers stole British Airways customer user names, addresses, email addresses and credit card information (including expiration dates and security codes).
Krebs on Security
SEPTEMBER 5, 2018
Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or
The Last Watchdog
SEPTEMBER 5, 2018
There is a concept in computing, called runtime, that is so essential and occurs so ubiquitously that it has long been taken for granted. Now cyber criminals have begun to leverage this heretofore innocuous component of computing to insinuate themselves deep inside of company networks. Related: The coming wave of ‘microcode’ attacks. They’ve figured out how to manipulate applications while in runtime and execute powerful and stealthy attacks that bypass conventional security tools.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
SEPTEMBER 4, 2018
"Whatever we propose is going to be controversial. But it’s important we do something, because everyone is unsatisfied by URLs. They kind of suck.".
Thales Cloud Protection & Licensing
SEPTEMBER 4, 2018
It’s hard to believe we are nine weeks away from the midterm elections here in the United States. Regardless of the winners and losers, all eyes will focus on election security. And there are so many factors to consider. Just last month at Def Con and Black Hat, we found out just how easy it is to break into election machines. White Hat (ethical) hackers worked in under 15 minutes to disrupt the entire voting process from the moment someone attempted to register to vote to the point at which res
The Last Watchdog
SEPTEMBER 7, 2018
Over the past couple of decades, some amazing advances in locking down software code have quietly unfolded in, of all places, Hollywood. Related: HBO hack spurs cyber insurance market. Makes sense, though. Digital media and entertainment giants like Netflix, Amazon, Hulu, HBO, ESPN, Sony, and Disney are obsessive about protecting their turf. These Tinsel Town powerhouses retain armies of investigators and lawyers engaged in a never-ending war to keep piracy and subscription fraud in check.
Dark Reading
SEPTEMBER 7, 2018
These methods may not yet be on your security team's radar, but given their impact, they should be.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
SEPTEMBER 7, 2018
Adware Doctor has long been one of the top-selling apps in the Mac App Store. But researchers say it harvested browsing data, and sent it to China.
Thales Cloud Protection & Licensing
SEPTEMBER 6, 2018
In my recent blog on the evolving PCI SSC initiatives in 2018, “ Minor on PCI DSS, major on almost everything else ,” I outlined how the organisation is covering new areas to reflect the migration from physical card payments to online digital payments. Much of the latest innovation involves the use of mobile devices (for both initiation and acceptance ) to provide greater flexibility in how payments can be made and offer additional methods to authenticate transactions.
The Last Watchdog
SEPTEMBER 4, 2018
Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there’s a downside to “defense in depth.”. Related: Obsolecense creeps into legacy systems. There’s no doubt that monitoring and continually updating all parts of a multi-tiered security system is a must-do best practice.
Dark Reading
SEPTEMBER 5, 2018
Blockchain is being used as a security tool. If you haven't thought about adopting it, you might want to reconsider your take.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
SEPTEMBER 6, 2018
After years of abuse and spreading conspiracy theories, Alex Jones finally went too far for Twitter with a relatively tame rant.
Security Affairs
SEPTEMBER 5, 2018
Security expert discovered that S kype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call. . Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS). Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb) Steps to reproduce this issue: 1.
Threatpost
SEPTEMBER 7, 2018
A macOS App called Adware Doctor blocks ads, but share’s user browser history with a China-based domain.
Dark Reading
SEPTEMBER 6, 2018
Today's security operations center is all about reducing the number of alerts with emerging technologies - and enhancing old-school human collaboration. Here's how some real-world SOCs are evolving.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Kali Linux
SEPTEMBER 4, 2018
We love it when community members come up with new ideas or interesting builds, and this one caught our attention. Jacek Kowalczyk hit us up on twitter with a really interesting story. His approach to tweaking Kali to be specific to his needs is exactly why this feature is so important to us and we wanted to share his story more widely. Jacek’s live-build recipe was for a lightweight version of Kali using his favourite desktop environments, including some nice desktop configurations.
Security Affairs
SEPTEMBER 2, 2018
The Wireshark team has addressed three serious vulnerabilities that could be exploited by a remote unauthenticated attacker to crash the analyzer. The Wireshark development team has fixed three serious flaws that could be exploited by a remote unauthenticated attacker to trigger a DoS condition in the world’s most popular network protocol analyzer. The three vulnerabilities tracked as CVE-2018-16056 , CVE-2018-16057 and CVE-2018-16058 affect respectively the Bluetooth Attribute Protocol (ATT
eSecurity Planet
SEPTEMBER 5, 2018
Enterprises are turning to SOAR solutions to streamline response to cybersecurity incidents.
Dark Reading
SEPTEMBER 5, 2018
Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
SEPTEMBER 4, 2018
The governor of Arizona announced Tuesday that Jon Kyl will replace the Senate seat vacated by the late John McCain. He may now further push to regulate tech giants like Facebook.
Security Affairs
SEPTEMBER 4, 2018
Security researchers at the SANS Internet Storm Center discovered that thousands of 3D printers are exposed online without proper defense. The news is worrisome, thousands of 3D printers are exposed online to remote cyber attacks. According to the experts at SANS Internet Storm Center that scanned the internet for vulnerable 3D printers, a Shodan query has found more than 3,700 instances of OctoPrint interfaces exposed online, most in the United States (1,600).
eSecurity Planet
SEPTEMBER 6, 2018
Some accounts are more valuable than others. Privileged access management (PAM) can help.
Dark Reading
SEPTEMBER 7, 2018
The fact that the app likely has been exfiltrating data for years is "rather f#@&'d" up, says the security researcher who reported the issue to Apple one month ago.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
175 
Let's personalize your content