Troy Hunt
SEPTEMBER 26, 2018
I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog.
Krebs on Security
SEPTEMBER 27, 2018
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 27, 2018
Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver.
The Last Watchdog
SEPTEMBER 24, 2018
The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Troy Hunt
SEPTEMBER 27, 2018
Home again! Another NDC is down and I talk a little about how the talks were rated and about PubConf (make sure you get to one of these one day!) I've got another couple of weeks at home before any more travel and I'll talk more about the next things as they draw closer. This week, I'm on my new iPhone (which is very similar to my old iPhone), I'm talking about Uber getting fined, Cloudflare introducing some very cool new things, Firefox Monitor launching on top of the HIBP APIs and my newfound
Krebs on Security
SEPTEMBER 28, 2018
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed t
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
SEPTEMBER 25, 2018
So cool! STARS-Me (or Space Tethered Autonomous Robotic Satellite – Mini elevator), built by engineers at Shizuoka University in Japan, is comprised of two 10-centimeter cubic satellites connected by a 10-meter-long tether. A small robot representing an elevator car, about 3 centimeters across and 6 centimeters tall, will move up and down the cable using a motor as the experiment floats in space.
Adam Levin
SEPTEMBER 28, 2018
Facebook has had a hard year, and it just got worse. The company announced that it was compromised, and 50 million users were affected. The company discovered the breach on Tuesday, and reported it three days later. While 50 million users may seem like relatively minor news given the total number of Facebook users out there, it’s roughly the equivalent of the entire population of the west coast of the United States. .
Krebs on Security
SEPTEMBER 24, 2018
If you’re thinking of donating money to help victims of Hurricane Florence , please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “flor
Schneier on Security
SEPTEMBER 25, 2018
This is interesting research: " On the Security of the PKCS#1 v1.5 Signature Scheme ": Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice. Its two main strengths are its extreme simplicity, which makes it very easy to implement, and that verification of signatures is significantly faster than for DSA or ECDSA.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 28, 2018
Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.
WIRED Threat Level
SEPTEMBER 28, 2018
The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.
Dark Reading
SEPTEMBER 28, 2018
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
Schneier on Security
SEPTEMBER 28, 2018
The major tech companies, scared that states like California might impose actual privacy regulations , have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I'm sure they'll still do all they can to weaken the California law, but they know they'll do better at the national level.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
SEPTEMBER 26, 2018
The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and appeared again a few weeks later infecting in a few
WIRED Threat Level
SEPTEMBER 28, 2018
Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.
Dark Reading
SEPTEMBER 28, 2018
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Schneier on Security
SEPTEMBER 27, 2018
This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
SEPTEMBER 28, 2018
Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited by an attacker trigger a DoS condition or to execute arbitrary code with root privileges on the vulnerable system.
Thales Cloud Protection & Licensing
SEPTEMBER 27, 2018
Companies in every sector have embraced digital transformation, backed by IoT initiatives, as the silver bullet to gain a competitive edge. IoT projects have the potential to streamline operations, create new revenue streams, and improve customer service through collection and analysis of data from a variety of IoT devices. But if organizations aren’t able to trust their devices or the data they produce, is there really a point to collecting this data in the first place?
Dark Reading
SEPTEMBER 26, 2018
Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching.
WIRED Threat Level
SEPTEMBER 26, 2018
Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
SEPTEMBER 27, 2018
Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.
Elie
SEPTEMBER 23, 2018
Data exposed by breaches persist as a security and privacy threat for Internet users. Despite this, best practices for how companies should respond to breaches, or how to responsibly handle data after it is leaked, have yet to be identified. We bring users into this discussion through two surveys. In the first, we examine the comprehension of 551 participants on the risks of data breaches and their sentiment towards potential remediation steps.
Dark Reading
SEPTEMBER 28, 2018
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
Threatpost
SEPTEMBER 27, 2018
More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
SEPTEMBER 23, 2018
The Port of Barcelona was hit by a cyber attack, fortunately, maritime operations had not affected. On September 20, 2018 morning, the Port of Barcelona was hit by a cyber attack that forced the operators of the infrastructure to launch the procedure to respond to the emergency. At the time of writing, there are no technical details about the cyber attack, the attackers hit several servers at the infrastructure, but maritime operations had not affected.
Elie
SEPTEMBER 23, 2018
Data exposed by breaches persist as a security and privacy threat for Internet users. Despite this, best practices for how companies should respond to breaches, or how to responsi- bly handle data after it is leaked, have yet to be identified. We bring users into this discussion through two surveys. In the first, we examine the comprehension of 551 participants on the risks of data breaches and their sentiment towards potential remediation steps.
Dark Reading
SEPTEMBER 24, 2018
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Threatpost
SEPTEMBER 26, 2018
The tech giant promised that it will be more transparent about users' data in Chrome 70 after coming under fire for its privacy policies earlier this week.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
274 
Let's personalize your content