Krebs on Security

JANUARY 3, 2019

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legi

Scams 278

Scams Phishing Cyber Risk Engineering 278

Schneier on Security

DECEMBER 31, 2018

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's " I Hunt Sysadmins " presentation, published by the Intercept.

Hacking 198

Hacking 198

Adam Levin

JANUARY 3, 2019

A cyberattack disrupted several major newspapers printed by Tribune Publishing shortly before New Year’s Day. Print versions of the Chicago Tribute, Los Angeles Times, San Diego Union Tribune, West Coast editions of the New York Times and Wall Street Journal and others were the suspected targets of Ryuk, a ransomware program that propagates through computer networks in order to take them offline.

Hacking 191

Hacking Ransomware Malware Technology 191

Troy Hunt

JANUARY 4, 2019

And then it was 2019. Funny how quickly it gets away from you, someone just posted on my 2018 retrospective blog post this week and asked why I didn't include my congressional testimony and if I'm honest, it took me a bit to think about why as well (it was in 2017). But we're here now so it's back to business as usual blog wise. This week is dominated by the personal finance lessons blog post.

InfoSec 146

InfoSec 146

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

DECEMBER 29, 2018

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts , but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 comments.

Mobile 223

Mobile Scams Phishing Data breaches 223

Adam Shostack

JANUARY 2, 2019

For the last few years, I’ve been delivering in-person threat modeling training. I’ve trained groups ranging from 2 to 100 people at a time, and I’ve done classes as short as a few hours and as long as a week. That training is hands on and intense, and I’m very proud that my NPS customer satisfaction ratings tend to come in around 60-70, up there with Apple and Nordstroms.

133

133

Adam Levin

DECEMBER 31, 2018

Unless you live in a boot at the bottom of Loon Lake, you know that everything you do online is tracked. When you load a web page, an array of scripts, cookies, and code starts chugging away behind the scenes gleaning information about who you are, where you are, how you got to the site, what you’re clicking on, and where you go next. At least now most websites disclose what they’re up to and ask for your consent – compliments of the new EU General Data Privacy Regulation.

Advertising 114

Advertising Marketing Data privacy Technology 114

Krebs on Security

JANUARY 2, 2019

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

Ransomware 207

Ransomware Malware Backups Accountability 207

Security Affairs

JANUARY 2, 2019

Developers that include the GNU’s wget utility in their applications have to use the new version that was released on Boxing Day. GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.

Passwords 98

Passwords Advertising Internet Internet 98

Schneier on Security

JANUARY 3, 2019

Nice interview with the EFF's director of cybersecurity, Eva Gaperon.

Cybersecurity 149

Cybersecurity 149

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

PerezBox Security

JANUARY 3, 2019

The last few posts have been about deploying and configuring OSSEC as an important tool in your security suite. In this article I will provide you a script I wrote. Read More. The post Installing OSSEC on Linux Distributions appeared first on PerezBox.

Technology 91

Technology Information Security 91

WIRED Threat Level

JANUARY 1, 2019

Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever.

109

109

Security Affairs

DECEMBER 31, 2018

‘Roma225’ campaign -The Cybaze-Yoroi ZLab researchers investigated a recent espionage malware implant weaponized to target companies in the Italian automotive sector. The malware was spread through well-written phishing email trying to impersonate a senior partner of one of the major Brazilian business law firms: “ Veirano Advogados ”. The malicious email intercepted during the CSDC operations contains a PowerPoint add-in document (“.ppa ” extension), armed with auto-open VBA macro c

Malware 96

Malware Advertising Phishing Hacking 96

Dark Reading

JANUARY 3, 2019

In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.

82

82

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

JANUARY 3, 2019

Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.

Password Management 94

Password Management Data breaches Passwords 94

Thales Cloud Protection & Licensing

JANUARY 3, 2019

It’s 2019 and data is everywhere – and what you can do with what is at your fingertips is truly transformative. It changes the way you look at your business, improves your productivity and simplifies your life whether by helping you get home at night, buying groceries or deciding what to watch on any number of devices. Personally, and for business, the possibilities are endless and increasing by the minute.

CISO 72

CISO Big data Digital transformation Encryption 72

Security Affairs

DECEMBER 30, 2018

New thunderclouds on Facebook, the social network giant is accused of tracking non-users via Android apps. According to a report presented by Privacy International yesterday at 35C3 hacking conference held in Germany, the list of Android apps that send tracking and personal information back to Facebook includes dozens of apps including Kayak , Yelp, and Shazam , “Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools.

Advertising 96

Advertising Software Hacking Accountability 96

Dark Reading

JANUARY 4, 2019

Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.

Cybersecurity 80

Cybersecurity 80

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

eSecurity Planet

JANUARY 3, 2019

With a need for 3 million IT security pros, cybersecurity remains a hot market. Here are the skills most in demand and the best places to find a job.

Marketing 82

Marketing Cybersecurity 82

WIRED Threat Level

JANUARY 3, 2019

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.

90

90

Security Affairs

DECEMBER 31, 2018

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project. Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers. The European Commission recognized the importance of bug bounty programs and decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Software 94

Software Advertising Media 94

Dark Reading

JANUARY 4, 2019

New information on the Starwood breach shows that the overall breach was somewhat smaller than originally announced, but the news for passport holders is worse.

83

83

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Threatpost

JANUARY 2, 2019

As the bug bounty programs begin to roll out in January, security experts worry that the programs miss the mark on truly securing open source projects.

Software 73

Software Government 73

Spinone

DECEMBER 30, 2018

If your Google account has been inactive for more than 30 days then Google may have deleted it from the server. This means that the account is likely irretrievable and you should read this article. Now, in a perfect world, you will have set up your Google account with an attached mobile phone number or an alternative email address. This Google account recovery phone number or Google recovery email will really help matters since, in this perfect world, where hindsight is not needed, you will then

Accountability 66

Accountability Passwords Backups Mobile 66

Security Affairs

JANUARY 4, 2019

German politicians were impacted by a massive data leak that exposed their personal data online, German Chancellor Angela Merkel was affected too. Data belonging to hundreds of German politicians, including Chancellor Angela Merkel, were exposed online due to a massive leak that is the biggest data dump of its kind in the country. According to Bloomberg News, the exposed data includes email addresses, mobile phone numbers, invoices, copies of identity documents and personal chat transcripts.

Social Engineering 94

Social Engineering Advertising Government Accountability 94

Dark Reading

JANUARY 2, 2019

New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.

Hacking 87

Hacking 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Threatpost

JANUARY 3, 2019

The same hacking duo behind the recent "PewDiePie" printer hacks are back - this time with publicly exposed Chromecast, Google Home and smart TV systems as their targets.

Hacking 68

Hacking IoT 68

WIRED Threat Level

JANUARY 4, 2019

Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives.

Hacking 70

Hacking 70

Security Affairs

JANUARY 2, 2019

The latest attack of 2018 against cryptocurrency wallets and organizations in the cryptocurrency industry hit the popular Electrum wallets. Hackers hit Electrum Bitcoin wallet and stole over 200 bitcoin, more than $750,000. The attack started on December 21th , 2018, and hackers leveraged a critical vulnerability that was addressed in early 2018. The vulnerability could be exploited by attackers to use rogue Electrum servers to generate and display popups to the unaware users.

Cryptocurrency 93

Cryptocurrency Advertising Hacking Authentication 93

Dark Reading

JANUARY 2, 2019

The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?

Banking 85

Banking Cybercrime Hacking 85

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk