Krebs on Security

SEPTEMBER 11, 2019

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Banking 279

Banking Financial Services Accountability Insurance 279

Schneier on Security

SEPTEMBER 12, 2019

This seems to be an identity theft first : Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 ($243,000) in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking. Another news article.

Artificial Intelligence 208

Artificial Intelligence Identity Theft Cybercrime Software 208

Troy Hunt

SEPTEMBER 13, 2019

Turns out it's actually a sunny day in Oslo today, although it's the last one I'll see here for quite some time before heading off to Denmark then other European things for the remainder of this trip. I'm talking a little about those events ( all listed on my events page ), this week's changes to EV, more data breaches and a somewhat semantic argument about the definition of "theft".

Data breaches 147

Data breaches Accountability Hacking 147

The Last Watchdog

SEPTEMBER 10, 2019

Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Related: How 5G will escalate DDoS attacks Caught in the pull of digital transformation , companies are routing ever more core operations and services through the Internet, or, more precisely, through IP addresses, of one kind or anothe

DDOS 123

DDOS Internet Internet Digital transformation 123

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

SEPTEMBER 9, 2019

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

Cybercrime 232

Cybercrime Government Data collection Internet 232

Schneier on Security

SEPTEMBER 10, 2019

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. Insurers writing cyber insurance focus more on organisational procedures than technical controls, rarely include basic security procedures in contracts,

Insurance 204

Insurance Cyber Insurance Cybersecurity Risk 204

The Last Watchdog

SEPTEMBER 11, 2019

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds the potential to slow – and, ultimately, to help reverse – the acute and worsening cybersecurity skills shortage.

Big data 119

Big data Firewall Digital transformation Software 119

Krebs on Security

SEPTEMBER 10, 2019

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Software 139

Software Backups Malware Hacking 139

Schneier on Security

SEPTEMBER 13, 2019

The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from smart watches.

177

177

Adam Shostack

SEPTEMBER 10, 2019

I’m excited to announce that I’m hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering. I’m finding it fascinating to dive deep into the threats, organize my knowledge, and in doing so, hopefully help us chunk and remember what we’re learning.

Engineering 113

Engineering Software 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Daniel Miessler

SEPTEMBER 9, 2019

After too many decades on this planet, I now understand the benefit of studio headphones, and what makes them different than normal (consumer) options. My old set of Denons just died, so I decided to go with a pair of Audio-Technica ATH-M70’s. An early TL;DR! Just to save you some time, the answer is threefold, in order of importance: Accurate representation of the source audio Extremely wide frequency range Higher quality construction Here’s a bit more on each of these.

Internet 100

Internet Internet Information Security 100

Thales Cloud Protection & Licensing

SEPTEMBER 12, 2019

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Sports fans aren’t the only ones who are looking forward to this event. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament. It’s not like bad actors haven’t taken an interest in major sporting events before.

IoT 105

IoT Internet Internet VPN 105

Schneier on Security

SEPTEMBER 9, 2019

Wired has a long article on NotPetya.

Malware 172

Malware Cybersecurity 172

Security Affairs

SEPTEMBER 12, 2019

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Hacking 105

Hacking Mobile Spyware Manufacturing 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Daniel Miessler

SEPTEMBER 8, 2019

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

Information Security 100

Information Security 100

eSecurity Planet

SEPTEMBER 12, 2019

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

Cybersecurity 103

Cybersecurity Marketing 103

WIRED Threat Level

SEPTEMBER 12, 2019

A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage.

Hacking 109

Hacking 109

Security Affairs

SEPTEMBER 9, 2019

Security expert discovered that busing a well-known feature of deleting messages it is possible to threate the users’ privacy. This is not a security vulnerability its a privacy issue. As I understand Telegram a messaging app focuses on privacy which has over 10,00,00,000+ downloads in Playstore. In this case, we are abusing a well-known feature of deleting messages, which allows users to delete messages sent by mistake or genuinely to any recipient.

Advertising 93

Advertising Media Risk Mobile 93

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

SEPTEMBER 13, 2019

With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.

91

91

Threatpost

SEPTEMBER 12, 2019

The organization accidentally sent the names, email addresses, gender and professional information of users of its portal Agora in an email sent in August.

81

81

WIRED Threat Level

SEPTEMBER 7, 2019

Exposed Facebook phone numbers, an XKCD breach, and more of the week's top security news.

111

111

Security Affairs

SEPTEMBER 8, 2019

Security experts at Google have removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” Google has removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” The spyware is able to steal SMS messages, contact lists and device information along with to sign victims up for premium service subscriptions. “Over the past couple of weeks, we have been observing a new Trojan on Googl

Spyware 92

Spyware Advertising Malware Cryptocurrency 92

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

SEPTEMBER 9, 2019

Research highlights how most criminals exploit human curiosity and trust to click, download, install, open, and send money or information.

98

98

Threatpost

SEPTEMBER 9, 2019

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

IoT 89

IoT Malware Passwords 89

WIRED Threat Level

SEPTEMBER 7, 2019

Whether you're new to Windows 10 or have been using it for years, take a minute to lock down your privacy.

98

98

Security Affairs

SEPTEMBER 12, 2019

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity. The Polish Defence Ministry Mariusz Blaszczak has approved the creation of a cyberspace defence force by 2024, it will be composed of around 2,000 soldiers with deep expertise in cybersecurity. The news was reported by AFP, Blaszczak announced that the cyber command unit would start its operations in 2022. “We’re well aware that in today’s

Advertising 90

Advertising Media Government Hacking 90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

SEPTEMBER 10, 2019

Artificial intelligence is no substitute for common sense, and it works best in combination with conventional cybersecurity technology. Here are the basic requirements and best practices you need to know.

Artificial Intelligence 84

Artificial Intelligence Technology Cybersecurity 84

Threatpost

SEPTEMBER 11, 2019

Proofpoint's senior director of the threat research team discusses the strange levels that attackers are going to in order to persuade victims to click on phishing messages.

Phishing 68

Phishing Scams 68

WIRED Threat Level

SEPTEMBER 9, 2019

Security researchers say iOS's security woes stem in part from Apple putting too much trust in its own software's code.

Software 81

Software 81

Security Affairs

SEPTEMBER 11, 2019

Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network. Researchers from VUSec group at Vrije Universiteit Amsterdam have discovered a new vulnerability that can be exploited by a remote attacker to sniff sensitive details by mounting a side-channel attack over the network.

Advertising 88

Advertising Encryption Hacking Information Security 88

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk