Krebs on Security

JULY 30, 2020

Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

Banking 357

Banking Malware Encryption Accountability 357

The Last Watchdog

JULY 27, 2020

It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate. Related: Will ‘blockchain’ lead to more equitable wealth distribution? We may or may not be on the cusp of a redressing social injustice by reordering our legacy political and economic systems.

Surveillance 261

Surveillance Government Accountability Artificial Intelligence 261

Schneier on Security

JULY 28, 2020

The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary : Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and Iran as well as India, Egypt, the United States, and Vietnam.States have targeted software supply chains with great effect as the majority of cases surveyed here did, or could have, resulted in remote cod

Software 291

Software Mobile Internet Internet 291

Tech Republic Security

JULY 28, 2020

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

Data privacy 218

Data privacy 218

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JULY 27, 2020

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that’s spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

Identity Theft 351

Identity Theft Small Business Energy and Utilities Computers and Electronics 351

Adam Levin

JULY 28, 2020

If you find your personal email account bombarded with unwanted marketing emails, there’s a good chance your account was compromised in a breach. That said, email these days is a minefield we all need to learn how to traverse safely. . Your email address could present the greatest liability when it comes to cybersecurity and privacy. A recent report found that email was the delivery method for 94% of malware attacks in 2019; a more recent study in 2020 indicated that email-based phishing may be

Accountability 188

Accountability Scams Marketing Phishing 188

Tech Republic Security

JULY 29, 2020

While 56% of Americans want more control over personal data, more than 40% said they reuse passwords, use public Wi-Fi, or save a credit card to an online store, KPMG found.

Data privacy 217

Data privacy Passwords 217

Krebs on Security

JULY 29, 2020

Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here’s a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground’s biggest stolen card shops that was hacked last year.

Accountability 324

Accountability Retail Banking Hacking 324

Troy Hunt

JULY 31, 2020

Unfortunately, our run of good luck here down in Aus has taken a bit of a turn COVID wise. Not so much in my home state, but the southern states have been copping it so this week, I pulled the pin on snowboarding. For folks overseas, that might sound like it would have been a risky proposition anyway, but only two and a half weeks ago the entire state of New South Wales had 5 active cases out of 8.1M people.

162

162

Schneier on Security

JULY 27, 2020

In Japan, a cyberstalker located his victim by enhancing the reflections in her eye , and using that information to establish a location. Reminds me of the image enhancement scene in Blade Runner. That was science fiction, but now image resolution is so good that we have to worry about it.

260

260

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 29, 2020

A recent investigation by NordPass and a white hat hacker discovered more than 9,000 unsecured databases online with more than 10 billion individual entries.

205

205

Adam Levin

JULY 29, 2020

A collection of source code from companies including General Electric, Disney, Microsoft, Motorola, Qualcomm, Adobe, Nintendo and Microsoft has been aggregated and posted online. . The repository was released onto Gitlab by software developer and IT consultant Tillie Kottmann and was collected from publicly available leaked data that had been stored on misconfigured online servers.

Banking 136

Banking Passwords Accountability Technology 136

Security Affairs

JULY 29, 2020

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers. Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware , dubbed Doki , that exploits undocumented evasion techniques while targeting publicly accessible Docker servers.

Cryptocurrency 133

Cryptocurrency Malware Advertising VPN 133

Schneier on Security

JULY 30, 2020

Fireeye is reporting that a hacking group called Ghostwriter broke into the content management systems of Eastern European news sites to plant fake stories. From a Wired story : The propagandists have created and disseminated disinformation since at least March 2017, with a focus on undermining NATO and the US troops in Poland and the Baltics; they've posted fake content on everything from social media to pro-Russian news websites.

Media 252

Media Hacking Cybersecurity 252

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JULY 31, 2020

New survey finds that cybersecurity professionals want more training to keep up with the threat landscape and learn new software platforms.

Software 218

Software Cybersecurity 218

WIRED Threat Level

JULY 29, 2020

A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

Media 145

Media Hacking 145

Adam Shostack

JULY 31, 2020

Nathan Hamiel has a really good post on Maximizing The Value of Virtual Security Conferences. To his key point of ‘know what you want to get out of it’ and ‘know what it would take to make it happen,’ I want to add two ideas: First, take notes with a pen and paper. This is a key lesson for me as I deliver training through computers.

InfoSec 100

InfoSec Cybersecurity 100

Schneier on Security

JULY 31, 2020

A 17-year-old Florida boy was arrested and charged with last week's Twitter hack. News articles. Boing Boing post. Florida state attorney press release. This is a developing story. Post any additional news in the comments.

Hacking 168

Hacking Scams Cybersecurity 168

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JULY 29, 2020

PQShield, a spin-out from the UK's Oxford University, is developing advanced cryptographic solutions for hardware, software and communications to protect businesses' data from the quantum threat.

Encryption 191

Encryption Software 191

Security Affairs

JULY 28, 2020

ShinyHunters, a trusted threat actor, is offering on a hacker forum the databases stolen from eighteen companies, over 386 million user records available online. The known threat actor ShinyHunters has begun leaking for free the databases of multiple companies on a hacker forum. A couple of days ago, the popular digital banking app Dave.com disclosed a security breach after ShinyHunters leaked 7,516,625 user records on a crime forum.

Passwords 123

Passwords Advertising Education Banking 123

Threatpost

JULY 29, 2020

The "BootHole" bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks.

IoT 133

IoT Malware 133

WIRED Threat Level

JULY 31, 2020

Bitcoin payments and IP addresses led investigators to two of the alleged perpetrators in just over two weeks.

Hacking 135

Hacking 135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JULY 29, 2020

Dr. David Brumley, a professor at Carnegie Mellon University and CEO of ForAllSecure, explains what DevSecOps is and how companies can use it to improve security.

194

194

Security Affairs

JULY 28, 2020

Yet another Multipurpose Breakout Board to hack hardware in a clean and easy way! How to hack IoT & RF Devices with BürtleinaBoard. Disclaimer : due to a complaint from the citizens of my native city in Italy… I had to rename #PiadinaBoard into #BurtleinaBoard. Few months ago I have presented #FocacciaBoard : a similar multipurpose breakout board that uses the famous FT232H to handle multiple protocols commonly found in (I)IoT devices (i.e.

IoT 122

IoT Hacking Firmware Advertising 122

Threatpost

JULY 27, 2020

Attackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.

Network Security 121

Network Security Software 121

WIRED Threat Level

JULY 30, 2020

A WIRED investigation found dozens of channels belong to children apparently under 13, and anonymous chat participants sending inappropriate messages their way.

109

109

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JULY 31, 2020

Professionals in the aerospace and defense industries should watch out; a wave of fake job offers containing malicious documents have been spotted in the wild by McAfee researchers.

183

183

Security Affairs

JULY 29, 2020

U.S. cybersecurity firm revealed that China-linked hackers have infiltrated Vatican computer networks ahead of talks. China-linked hackers have infiltrated the Vatican computer networks, reads a report published by the U.S. cybersecurity firm Recorded Future that focuses on the analysis of nation-state actors. According to the experts, the cyber espionage campaign began in May ahead the talk between the Vatican and the Chinese government.

Advertising 118

Advertising Government Hacking Cybersecurity 118

Threatpost

JULY 31, 2020

Three have been charged in alleged connection with the recent high-profile Twitter hack - including a 17-year-old teen from Florida who is the reported "mastermind" behind the attack.

Hacking 104

Hacking Mobile Government Cybersecurity 104

WIRED Threat Level

JULY 25, 2020

A combination of technologies helped scientists discover a potentially illegal fishing operation involving more than 900 vessels.

Technology 118

Technology 118

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk