Krebs on Security
NOVEMBER 26, 2018
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].
Schneier on Security
NOVEMBER 29, 2018
The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
NOVEMBER 30, 2018
Marriot announced an enormous breach of the company’s reservations database that may have potentially exposed the personally identifiable information of more than 500 million guests. If you’ve made reservations at the St. Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected
The Last Watchdog
NOVEMBER 26, 2018
Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
NOVEMBER 26, 2018
Nonfiction. The Brothers: John Foster Dulles, Allen Dulles, and Their Secret World War is a fascinating biography of the Dulles brothers, and how the world changed through their lives and actions. One ran the State department, the other the CIA. Weapons of Math Destruction by Cathy O’Neil is an interesting overview of problems with machine learning and the ways in which it is often mis-applied.
Schneier on Security
NOVEMBER 30, 2018
Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
NOVEMBER 30, 2018
Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap. Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years.
Security Affairs
NOVEMBER 27, 2018
Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0.
Schneier on Security
NOVEMBER 30, 2018
Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC ). Bloomberg has stood by its story -- and is still standing by it. I don't think it's real. Yes, it's plausible.
Adam Shostack
NOVEMBER 29, 2018
The 2018 Gavle Goat is up and tweeting at @gavelebocken. Previously.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Last Watchdog
NOVEMBER 27, 2018
The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services. PhishMe. This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics.
Security Affairs
NOVEMBER 29, 2018
Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface. IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies. Back in 2000, every aspiring student wanted to become computer /IT engineer, thanks to “.com” boom that was storming the IT industry back in those days.
Schneier on Security
NOVEMBER 30, 2018
My latest book is doing well. And I've been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer.) My book talk at Google is also available. The Audible version was delayed for reasons that were never adequately explained to me, but it's finally out.
Dark Reading
NOVEMBER 30, 2018
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Thales Cloud Protection & Licensing
NOVEMBER 26, 2018
Six months on from the legal implementation of the General Data Protection Regulation (GDPR), a third of consumers have admitted they still aren’t confident that the companies they interact with comply with the regulation. Furthermore, 16% of organisations across the UK and Germany confessed to not having been ready in time for the legislation, according to our research into consumer and business perceptions of the GDPR, six months after its roll-out.
Security Affairs
NOVEMBER 24, 2018
According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.
WIRED Threat Level
NOVEMBER 27, 2018
Recent developments in the special counsel investigation show indicate that things are about to heat up.
Dark Reading
NOVEMBER 29, 2018
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
PerezBox Security
NOVEMBER 29, 2018
It’s been a long time since I have had to enable 2FA on Twitter and found the process completely infuriating. Twitter’s 2FA configuration uses SMS as the default option, this. Read More. The post How to enable 2FA on Twitter with Authy, Google Authenticator or another Mobile Application appeared first on PerezBox.
Security Affairs
NOVEMBER 30, 2018
Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information. Marriott International is the last victim of a long string of data breaches, the company announced that hackers compromised guest reservation database at its subsidiary Starwood hotels and stolen personal details of about 500 million guests. “The company has not finished identifying duplicate information in the database, but believes
WIRED Threat Level
NOVEMBER 28, 2018
Researchers warn that utilities hackers don't need to cause blackouts to do damage.
Dark Reading
NOVEMBER 26, 2018
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
PerezBox Security
NOVEMBER 30, 2018
This article assumes you already have OSSEC deployed. If you need a refresher, refer to the Part I of OSSEC for website security, written March 2013. OSSEC is popular open-source. Read More. The post OSSEC For Website Security: PART II – Distributed Architectures Using Agents and Managers appeared first on PerezBox.
Security Affairs
NOVEMBER 26, 2018
Ransomware attacks continue to threaten the healthcare industry, the last incident in order of time impacted the Ohio Hospital System. The ransomware attack infected computer systems at the East Ohio Regional Hospital and Ohio Valley Medical Center reportedly caused the disruption of the hospitals’ emergency rooms. The malware hit the Ohio Hospital System on Friday, Nov. 23, evening, according to The Times Ledger newspaper, the hospitals were not able to accept ER patients via emergency re
Thales Cloud Protection & Licensing
NOVEMBER 27, 2018
The cybersecurity regulation ( 23 NYCRR 500 ) adopted by the New York State Department of Financial Services (NYDFS) is nearly two years old. The 2017 bill, the first of its kind, will be fully implemented as of March 1st, 2019. Leading up to that date, companies have had to meet several milestones including hiring a CISO, encrypting all its non-public consumer data and enabling multi-factor authentication.
Dark Reading
NOVEMBER 28, 2018
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
WIRED Threat Level
NOVEMBER 30, 2018
Up to 500 people's personal information has been stolen in a Marriott hack that lasted four years, one of the biggest breaches yet.
Security Affairs
NOVEMBER 24, 2018
US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal. The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures. The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.
Thales Cloud Protection & Licensing
NOVEMBER 29, 2018
“We the People of the United States, in Order to form a more perfect Union”. “Four score and seven years ago”. “I have a dream”. These are very well known quotes to every American. These quotes where opening salvos by great leaders who knew we had to come together for change and for good. Although the quotes I know off the top of my head are provincial, I also know that when there is a time that requires change, a time people must come together, for good, we should be listening to great leaders
Dark Reading
NOVEMBER 29, 2018
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
274 
Let's personalize your content