Schneier on Security

SEPTEMBER 24, 2019

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet.

Hacking 216

Hacking Surveillance Encryption Internet 216

Adam Levin

SEPTEMBER 23, 2019

A federal appellate court ruled that mining and aggregating user data publicly posted to social media sites is allowable by law. In an opinion released earlier this month, the 9th Circuit U.S.Court of Appeals upheld an injunction against employment-centric social network LinkedIn from blocking access to hiQ, a data mining company that sells aggregated user information. .

Passwords 158

Passwords Media Cybersecurity 158

The Last Watchdog

SEPTEMBER 24, 2019

Keeping track of badness on the Internet has become a thriving cottage industry unto itself. Related: ‘Cyber Pearl Harbor’ is upon us There are dozens technology giants, cybersecurity vendors, government agencies and industry consortiums that identify and blacklist IP addresses and web page URLs that are obviously being used maliciously; and hundreds more independent white hat hackers are doing much the same.

Firewall 144

Firewall Cybersecurity Internet Internet 144

Tech Republic Security

SEPTEMBER 24, 2019

Vulnerabilities originally discovered by US government security services have been used by cybercriminals against municipalities, costing taxpayers an estimated $11.5 billion in 2019.

Government 156

Government Ransomware 156

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

SEPTEMBER 26, 2019

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries.

Surveillance 212

Surveillance Wireless Government Internet 212

Troy Hunt

SEPTEMBER 23, 2019

Hungary! And that's about as much intro as I'm going to do on that because this is going out super later and I'm writing this at the end of a very long day. Only other thing I'll mention is the audio - the Instamic failed to record again so it's now going firmly into the e-waste bin. Anyway, on a more positive note, enjoy the beautiful sights of the Hungarian parliament before you jump into this week's update: Budapest!

Banking 134

Banking Passwords Accountability 134

Tech Republic Security

SEPTEMBER 25, 2019

With the newest Android version, Google has tried to improve and simplify the process of managing your privacy. Learn how to use the privacy controls and options in Android 10.

149

149

Schneier on Security

SEPTEMBER 23, 2019

In a document published earlier this month (in French), France described the legal framework in which it will conduct cyberwar operations. Lukasz Olejnik explains what it means , and it's worth reading.

Cybersecurity 200

Cybersecurity 200

Adam Levin

SEPTEMBER 27, 2019

Fifty attorneys general announced earlier this month that Google is the target of an antitrust probe. Any business owner who has happened to find themselves stuck in the company’s orbit–that would be any company with a digital presence–won’t hesitate to tell you such a move is long overdue. Case in point: I just did a Google search for Basecamp, an online project management tool.

Advertising 115

Advertising Marketing Data collection Accountability 115

The Last Watchdog

SEPTEMBER 26, 2019

Is mobile technology on a course to become more secure than traditional computing? Seven or eight years ago, that was a far-fetched notion. Today, the answer to that question is, “Yes, it must, and soon.” Related: Securing the Internet of Things I’ve been writing about organizations struggling to solve the productivity vs. security dilemma that’s part and parcel of the BYOD craze for some time now.

Mobile 117

Mobile Encryption Internet Internet 117

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

SEPTEMBER 25, 2019

Magecart 5 is targeting Layer 7 routers used in airports, casinos, hotels, and resorts, and others, to steal credit card data on popular US and Chinese shopping sites.

145

145

Schneier on Security

SEPTEMBER 25, 2019

This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode -- and not to the address - it's possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable.

189

189

Daniel Miessler

SEPTEMBER 23, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

Dark Reading

SEPTEMBER 21, 2019

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.

VPN 93

VPN 93

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

SEPTEMBER 26, 2019

Network attacks more than doubled this past quarter versus the prior quarter, according to a new report from security provider WatchGuard.

Malware 148

Malware Ransomware 148

Schneier on Security

SEPTEMBER 27, 2019

A paper I co-wrote was just published in Security Journal : " Superheroes on screen: real life lessons for security debates ": Abstract: Superhero films and episodic shows have existed since the early days of those media, but since 9/11, they have become one of the most popular and most lucrative forms of popular culture. These fantastic tales are not simple amusements but nuanced explorations of fundamental security questions.

Media 167

Media 167

Thales Cloud Protection & Licensing

SEPTEMBER 24, 2019

Business is booming and data is flowing. Retailers and shoppers are leveraging and enjoying many benefits data sharing brings: loyalty programs, personalized experiences, easier product location and ordering, online shopping, mobile access and the list goes on. With a few clicks, even hard-to-find products make their way to a customer’s doorstep within hours.

Retail 89

Retail Digital transformation Data breaches Encryption 89

Lenny Zeltser

SEPTEMBER 26, 2019

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute: Jim Clausing : Security Architect at AT&T and Internet Storm Center Handler (Panelist) Evan Dygert : Senior Security Engineer for Blue Cross Blue Shield Assoc

Malware 91

Malware InfoSec Engineering Software 91

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

SEPTEMBER 24, 2019

Nearly half of office workers said they had their data compromised. Here's why they keep falling for phishing scams.

Phishing 159

Phishing Scams 159

Security Affairs

SEPTEMBER 21, 2019

In the last hours, some western media reported destructive cyber attacks against infrastructures in the Iranian oil sector, but Iran denied it. Last week drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Western Governments and Saudi Arabia blamed Iran for the attacks.

Cyber Attacks 88

Cyber Attacks Media Telecommunications Government 88

Dark Reading

SEPTEMBER 24, 2019

'Tortoiseshell' discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors.

Government 110

Government 110

WIRED Threat Level

SEPTEMBER 27, 2019

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Hacking 100

Hacking 100

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

SEPTEMBER 23, 2019

Don't let your Android's MAC address give away your location--use a Randomized MAC address instead.

165

165

Security Affairs

SEPTEMBER 27, 2019

A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets , it works on iPhone models from 4S to 8 and X. The security expert Axi0mX has released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

Advertising 85

Advertising Hacking Software Engineering 85

Dark Reading

SEPTEMBER 25, 2019

The Cybersecurity and Infrastructure Security Agency's latest version of the National Emergency Communications Plan comes after a two-year process to improve the cybersecurity and flexibility of the nation's emergency communications.

Cybersecurity 82

Cybersecurity 82

WIRED Threat Level

SEPTEMBER 22, 2019

Book excerpt: As a systems administrator, the young man who would expose vast, secret US surveillance saw freedom being encroached and decided he had to act.

System Administration 87

System Administration Surveillance 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

SEPTEMBER 26, 2019

Manually addressing breaches that result from email-based attacks is a time sink for IT professionals, according to a Barracuda report.

138

138

Security Affairs

SEPTEMBER 23, 2019

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. Threat actors deployed the malware on ATM systems to steal payment card details of the back customers.

Malware 83

Malware Banking Advertising Encryption 83

Dark Reading

SEPTEMBER 23, 2019

Andrei Tyurin, a Russian national, pleaded guilty to hacking charges related to a massive cyberattack campaign targeting US financial institutions and other companies.

Hacking 84

Hacking 84

Threatpost

SEPTEMBER 25, 2019

Magecart Group 5 has been spotted testing and preparing code to be injected onto commercial routers - potentially opening up guests connecting to Wi-Fi networks to payment data theft.

Malware 77

Malware Hacking 77

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk