Krebs on Security

JANUARY 23, 2019

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.

Government 253

Government Media Internet Internet 253

Adam Levin

JANUARY 25, 2019

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes. One of the larger threats outlined in the report was the Emotet Trojan, a sophisticated malware program capable of data theft, network monitoring, and propagating itself onto other vulnerable systems, and the Trickbot Trojan that steals passwords and browser histories from infected machines.

Spyware 212

Spyware Ransomware Banking Malware 212

Schneier on Security

JANUARY 21, 2019

This is clever : Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them.

Malware 210

Malware Banking Marketing 210

Troy Hunt

JANUARY 25, 2019

So it's been a bit of a crazy week. I got onto the plane in Australia on Thursday evening just as Europe was waking up to the news of the 773M email address credential stuffing list I loaded into HIBP. And then the flood began; blog comments, emails, tweets - it was an absolute deluge. I spent the flight fielding the ones I could, landed in Oslo and dealt with more on the way up the mountain then frankly, got there and tuned out.

170

170

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JANUARY 22, 2019

Two of the most disruptive and widely-received spam email campaigns over the past few months — including an ongoing sextortion email scam and a bomb threat hoax that shut down dozens of schools, businesses and government buildings late last year — were made possible thanks to an authentication weakness at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned.

DNS 226

DNS Internet Internet Computers and Electronics 226

Adam Levin

JANUARY 23, 2019

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack that gained access to the email account of John Podesta, Hillary Clinton’s 2016 campaign manager.

Phishing 166

Phishing Authentication Accountability Passwords 166

Adam Shostack

JANUARY 23, 2019

Omer Levi Hevroni has a very interesting post exploring ways to represent threat models as code. The closer threat modeling practices are to engineering practices already in place, the more it will be impactful, and the more it will be a standard part of delivery. There’s interesting work in both transforming threat modeling thinking into code, and using code to reduce the amount of thinking required for a project.

Engineering 113

Engineering Software 113

Krebs on Security

JANUARY 25, 2019

The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss , a convicted serial swatter whose last stunt in late 2018 cost Kansas man his life.

Media 189

Media Accountability 189

Adam Levin

JANUARY 24, 2019

The personal data of 4 million applicants for internships at a non-profit organization was exposed in a breach. The data included the applicants’ names, email addresses, gender, and personal essays and was exposed via a misconfigured database called Elasticsearch on the website of AIESEC, a “youth-run” non-governmental organization with over 100,000- members worldwide.

Engineering 125

Engineering IoT Internet Internet 125

Schneier on Security

JANUARY 23, 2019

This is interesting : To prevent the problems of customer binding, and losing business when darknet markets go down, merchants have begun to leave the specialized and centralized platforms and instead ventured to use widely accessible technology to build their own communications and operational back-ends. Instead of using websites on the darknet, merchants are now operating invite-only channels on widely available mobile messaging systems like Telegram.

Cryptocurrency 207

Cryptocurrency Marketing Surveillance Risk 207

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JANUARY 25, 2019

The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. “In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin.” wrot

Authentication 112

Authentication Advertising Passwords Hacking 112

WIRED Threat Level

JANUARY 25, 2019

David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues.

107

107

Dark Reading

JANUARY 23, 2019

Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.

101

101

Schneier on Security

JANUARY 24, 2019

They have advantages : Pigeons are certainly no substitute for drones, but they provide a low-visibility option to relay information. Considering the storage capacity of microSD memory cards, a pigeon's organic characteristics provide front line forces a relatively clandestine mean to transport gigabytes of video, voice, or still imagery and documentation over considerable distance with zero electromagnetic emissions or obvious detectability to radar.

Technology 204

Technology 204

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

JANUARY 20, 2019

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch SOHO devices allow to manage small local area networks, they are widely adopted in cloud-based, managed and unmanaged “flavors.”.

Small Business 108

Small Business Hacking Accountability Software 108

Thales Cloud Protection & Licensing

JANUARY 22, 2019

IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months. But IDG also points out: Organizations are utilizing a mix of cloud delivery models. Currently the average environment is 53% non-cloud, 23% SaaS, 16% IaaS and 9% PaaS….

Encryption 82

Encryption Big data 82

Dark Reading

JANUARY 22, 2019

By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.

Cryptocurrency 90

Cryptocurrency 90

Schneier on Security

JANUARY 22, 2019

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories. In the different attack classes that we've outlined, we were able to perform the attacks quickly and even switch on the controlled machine despite an operator's having issued an emergency stop (e-stop).

Hacking 198

Hacking Wireless Internet Internet 198

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

JANUARY 21, 2019

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a rogue MySQL server to access any data that could be read by the client.

Passwords 107

Passwords Advertising Cryptocurrency Cybercrime 107

WIRED Threat Level

JANUARY 21, 2019

It takes a master demagogue to weaponize unstable individuals and aim them at political enemies.

111

111

Dark Reading

JANUARY 22, 2019

Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.

Internet 88

Internet Internet DDOS 88

Threatpost

JANUARY 23, 2019

An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks.

DNS 79

DNS Government Hacking 79

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

JANUARY 23, 2019

PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months. Bad news for users that have downloaded the PHP PEAR package manager from the official website in the past 6 months because hackers have replaced it with a tainted version. The PHP Extension and Application Repository (PEAR) is a framework and distribution system that allows anyone to search and download free packages written in PHP programming language.

Hacking 105

Hacking Advertising Data breaches 105

WIRED Threat Level

JANUARY 20, 2019

Sharing is caring. But it's worth checking if your streaming accounts have picked up any suspicious stragglers along the way.

Accountability 91

Accountability 91

Dark Reading

JANUARY 23, 2019

All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.

DNS 92

DNS Government Hacking 92

Threatpost

JANUARY 22, 2019

Researchers show how rogue web applications can be used to attack vulnerable browser extensions in a hack that gives adversaries access to private user data.

Hacking 80

Hacking 80

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

JANUARY 22, 2019

Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The independent security consultant Max Justicz has discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu. The flaw, tracked as CVE-2019-3462, affects package manager version 0.8.15 and later, it could be exploited by an attacker in a MiTM position to execute arbi

Hacking 101

Hacking Advertising 101

Thales Cloud Protection & Licensing

JANUARY 24, 2019

We have seen an explosion in certificate use in recent years. This is partly due to the trend towards miniaturization. The monolithic applications of old are now deployed as dozens of micro-services on platforms like Kubernetes. These applications scale up and down to meet demand, creating hundreds or thousands of instances at peak times. All these instances need to prove their identity to each other, as well as third parties.

Manufacturing 70

Manufacturing Authentication IoT 70

Dark Reading

JANUARY 24, 2019

The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.

Data breaches 99

Data breaches Cybersecurity 99

eSecurity Planet

JANUARY 25, 2019

We review nine of the top web application firewall (WAF) products to help you protect web-facing applications.

Firewall 95

Firewall 95

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk