Sat.Oct 19, 2019 - Fri.Oct 25, 2019

article thumbnail

Cachet Financial Reeling from MyPayrollHR Fraud

Krebs on Security

When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits , its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.

Banking 158
article thumbnail

NordVPN Breached

Schneier on Security

There was a successful attack against NordVPN: Based on the command log, another of the leaked secret keys appeared to secure a private certificate authority that NordVPN used to issue digital certificates. Those certificates might be issued for other servers in NordVPN's network or for a variety of other sensitive purposes. The name of the third certificate suggested it could also have been used for many different sensitive purposes, including securing the server that was compromised in the bre

VPN 130
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

In the Workplace, Safety Is Sexy. And It All Starts With Your HR Department

Adam Levin

Maintaining workplace safety can seem like a rare form of torture–videos and quizzes and talks and such. For most of us, it’s a necessary chore. But despite the looks among employees with each new H.R. training session, the work that happens in those conference rooms at least in theory translates to profits. The inoculation process of onboarding a new hire is profoundly important to the proper functioning of any organization.

article thumbnail

Weekly Update 162

Troy Hunt

Ah, impending summer on the Gold Coast! It's that time of year when you can just start to sense those warm beach days and it's absolutely my favourite time of year here. Which means. it's time to head off to other events again. Fortunately it's all domestic this time as I head south to Sydney and Melbourne and maintaining my "no fly unless I absolutely have to" stance, it's long, open road drives, copious podcasts and lots of thinking time.

InfoSec 106
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ransomware Hits B2B Payments Firm Billtrust

Krebs on Security

Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week. The company said it is in the final stages of bringing all of its systems back online from backups. With more than 550 employees, Lawrence Township, N.J.-based Billtrust is a cloud-based service that lets customers view invoices, pay, or request bills via email or fax.

B2B 114
article thumbnail

Public Voice Launches Petition for an International Moratorium on Using Facial Recognition for Mass Surveillance

Schneier on Security

Coming out of the Privacy Commissioners' Conference in Albania , Public Voice is launching a petition for an international moratorium on using facial recognition software for mass surveillance. You can sign on as an individual or an organization. I did. You should as well. No, I don't think that countries will magically adopt this moratorium. But it's important for us all to register our dissent.

More Trending

article thumbnail

Who Are We Kidding with Attacker-Centered Threat Modeling?

Adam Shostack

I’ve spoken for over a decade against “think like an attacker” and the trap of starting to threat model with a list of attackers. And for my threat modeling book, I cataloged every serious grouping of attackers that I was able to find. And as I was reading “ 12 Ingenious iOS Screen Time Hacks ,” I realized what they’re all missing: kids.

Hacking 100
article thumbnail

Top 5 ways organizations can secure their IoT devices

Tech Republic Security

Connected devices are increasingly being targeted by hackers and cybercriminals. Deloitte shares five tips on how companies can better protect their IoT devices.

IoT 97
article thumbnail

Calculating the Benefits of the Advanced Encryption Standard

Schneier on Security

NIST has completed a study -- it was published last year, but I just saw it recently -- calculating the costs and benefits of the Advanced Encryption Standard. From the conclusion: The result of performing that operation on the series of cumulated benefits extrapolated for the 169 survey respondents finds that present value of benefits from today's perspective is approximately $8.9 billion.

article thumbnail

The DoorDash Data Breach – Third Certainty #7

Adam Levin

In the seventh episode of Third Certainty, Adam Levin explains the dangers of exposed personally identifiable information and shares some tips about how consumers can protect themselves. The post The DoorDash Data Breach – Third Certainty #7 appeared first on Adam Levin.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Protect IT—A Combination of Security Culture and Cyber Hygiene Good Practices

Thales Cloud Protection & Licensing

In the spirit of National Cyber Security Awareness Month (NCSAM), my colleague Ashvin Kamaraju wrote about how organizations can use fundamental controls to secure their information technology. Effective digital security doesn’t end at “Secure IT,” however. It’s equally important that organizations protect their IT assets against things like software vulnerabilities, unsecured Wi-Fi connections and unauthorized data exfiltration.

article thumbnail

Mobile malware increasingly being used for espionage by state-sponsored groups

Tech Republic Security

State-sponsored groups take advantage of the lack of effective mobile malware solutions to target mobile users, according to a new report from BlackBerry.

Mobile 99
article thumbnail

Mapping Security and Privacy Research across the Decades

Schneier on Security

This is really interesting : "A Data-Driven Reflection on 36 Years of Security and Privacy Research," by Aniqua Baset and Tamara Denning: Abstract : Meta-research research about research allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. Additionally, overviews of past research are particularly useful for researchers or conferences new to the field.

113
113
article thumbnail

A Brief History of Russian Hackers' Evolving False Flags

WIRED Threat Level

Most hackers know how to cover their tracks. But Russia’s elite groups are working at a whole other level.

Hacking 99
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

UK/US investigation revealed that Russian Turla APT masqueraded as Iranian hackers

Security Affairs

A joint UK and US investigation has revealed that the Russian cyber espionage group Turla carried out cyber attacks masqueraded as Iranian hackers. According to the Financial Times, a joint UK and US investigation revealed that Russia-linked cyberespionage group Turla conducted several cyber attacks in more than 35 countries masqueraded as Iranian hackers.

article thumbnail

The real truth about deepfakes and how to stop them

Tech Republic Security

Avivah Litan, vice president and distinguished analyst for Gartner, explains how deepfake videos can be used to distort reality and how people can fight it through AI models and blockchain.

89
article thumbnail

Details of the Olympic Destroyer APT

Schneier on Security

Interesting details on Olympic Destroyer, the nation-state cyberattack against the 2018 Winter Olympic Games in South Korea. Wired's Andy Greenberg presents evidence that the perpetrator was Russia, and not North Korea or China.

113
113
article thumbnail

Retail has a multi-cloud problem…with sensitive data

Thales Cloud Protection & Licensing

Digital transformation (DX) is fundamentally impacting all aspects of the economy across every industry, and nowhere is this truer than in retail. DX technologies such as cloud, mobile payments, IoT, Big Data and others have fundamentally changed retailers’ business models, not only by opening new channels to reach customers, but also in how they communicate with, serve, and support them.

Retail 54
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

A critical Linux Wi-Fi bug could be exploited to fully compromise systems

Security Affairs

A researcher discovered a critical Linux vulnerability, tracked as CVE-2019-17666 , that could be exploited to fully compromise vulnerable machines. Nico Waisman, principal security engineer at Github, discovered a critical Linux flaw, tracked as CVE-2019-17666 , that could be exploited by attackers to fully compromise vulnerable machines. Found this bug on Monday.

article thumbnail

Digital transformation: Why companies need a sense of urgency

Tech Republic Security

TechRepublic's Karen Roby talks with futurist Brian Solis about the trends shaping digital transformation.

article thumbnail

Software is Infrastructure

ForAllSecure

The realization that software is becoming an essential component of our everyday lives was reflected yet again in this year’s Black Hat. Even more solutions are being touted to deal with the ever-growing exposure of software to malicious threats. Unfortunately, a lot of the solutions focus on dealing with the symptoms of our current predicament without addressing the fundamental truth - software is built insecurely despite our best efforts.

article thumbnail

Building a Cybersecurity Culture: What's Love Got to Do With It?

Dark Reading

Turns out, a lot. Get people to fall in love with the security team, and you'll get them to care about security, CISOs say in part 2 of a two-part series about building security culture.

CISO 57
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

US Army stopped using floppy disks as storage for SACCS system that manages nuclear weapons arsenal

Security Affairs

The news is quite curious, the US military will no longer use 8-inch floppy disks in an antiquated computer (SACCS) to manage nuclear weapons arsenal. It’s official, the US strategic command has announced that it has replaced the 8-inch floppy disks in an ancient computer to receive nuclear launch orders from the President with a “highly-secure solid state digital storage solution.” The use of the 8-inch floppy disks was revealed back in 2014 by the CBS “60 Minutes” TV show. &#

article thumbnail

Smart contracts and blockchain will provide needed trust, says Princeton professor

Tech Republic Security

Princeton computer science professor Ed Felten says blockchain will enable smart contracts that provide trust to company systems in the future, but there are some myths and misconceptions.

84
article thumbnail

It's Time to Get a Password Manager: Bitwarden, 1Password, Dashlane, LastPass

WIRED Threat Level

Your brain has better things to do than store secure passwords. Get a dedicated password manager to keep your login data synced and secure across all devices.

article thumbnail

What Has Cybersecurity Pros So Stressed -- And Why It's Everyone's Problem

Dark Reading

As cyberattacks intensify and the skills gap broadens, it's hard not to wonder how much more those in the industry can take before throwing in the towel.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Exploring the CPDoS attack on CDNs: Cache Poisoned Denial of Service

Security Affairs

Boffins disclosed a web attack technique (CPDoS attack) that can poison content delivery networks (CDNs) into caching and then serving error pages. Two researchers from the Technical University of Cologne (TH Koln) have devised a new web attack that can be used by threat actors to poison content delivery networks (CDNs) into caching and then serving error pages instead of the legitimate content.

article thumbnail

Cybersecurity Awareness Month: How individuals and businesses can stay vigilant

Tech Republic Security

October is Cybersecurity Awareness Month, and the Identity Theft Resource Center is providing tips to keep consumers and companies safe.

article thumbnail

How to Control the Privacy of Your Facebook, Instagram, Twitter, and Snapchat Posts

WIRED Threat Level

Whether it's Facebook, Instagram, Twitter, or Snapchat, lock down who can see what you're up to.

73
article thumbnail

Ransomware, Mobile Malware Attacks to Surge in 2020

Threatpost

Targeted ransomware, mobile malware and other attacks will surge, while companies will adopt AI, better cloud security and cyber insurance to help defend and protect against them.

Mobile 48
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.