Krebs on Security

MARCH 8, 2019

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal , it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Accountability 278

Accountability Identity Theft Passwords Authentication 278

Schneier on Security

MARCH 5, 2019

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Cybersecurity 261

Cybersecurity Technology Government Internet 261

Troy Hunt

MARCH 2, 2019

I'm not intentionally pushing these out later than usual, but events have just been such over the last few weeks that it's worked out that way. This one really is a short one though as there hasn't been a lot of newsworthy stuff going on this week, other than the new Instamics I picked up which are rather cool. The audio recording did work well (I mentioned in the video I wasn't sure if it was functioning correctly), and it's pretty damn good quality for what it is.

Firmware 226

Firmware Data breaches 226

The Last Watchdog

MARCH 4, 2019

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT s

Hacking 212

Hacking Energy and Utilities System Administration Accountability 212

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

MARCH 8, 2019

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network. The American multinational software company Citrix is the last victim of a security breach, according to the company an international cyber criminal gang gained access to its internal network, Hackers were able to steal business documents, but its products or services were impacted by the attack.

Software 111

Software Passwords Advertising Data breaches 111

Schneier on Security

MARCH 4, 2019

The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret : On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The on-device microphone was never intended to be a secret and should have been listed in the tech specs," the spokesperson said. "That was an error on our part.".

Spyware 228

Spyware Consumer Protection Manufacturing Internet 228

Lenny Zeltser

MARCH 2, 2019

If you’d like to start experimenting with malware analysis in your own lab, here’s how to download and set up a free Windows virtual machine: Step 1: Install Virtualization Software Step 2: Get a Windows Virtual Machine Step 3: Update the VM and Install Malware Analysis Tools Step 4: Isolate the Analysis VM and Disable Windows Defender AV Step 5: Analyze Some Malware.

Malware 112

Malware Software Engineering Internet 112

Security Affairs

MARCH 8, 2019

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io. A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing: emailrecords = 798,171,891 records emailWithPhone = 4,150,600 records businessLeads = 6,217,358 records.

Advertising 111

Advertising Scams Marketing Phishing 111

Schneier on Security

MARCH 6, 2019

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article.

Software 215

Software 215

eSecurity Planet

MARCH 4, 2019

Here are our picks for the top RSA conference sessions that could help you improve cybersecurity within your own organization.

Cybersecurity 105

Cybersecurity 105

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

WIRED Threat Level

MARCH 7, 2019

A exposed database belonging to Verifications.io contained both personal and business information, including 763 million unique email addresses.

Marketing 102

Marketing 102

Security Affairs

MARCH 8, 2019

A few days ago, Cybaze-Yoroi ZLAB researchers spotted a suspicious JavaScript file that implemented several techniques to evade detection of all AV solutions. Introduction. A few days ago, Cybaze -Yoroi ZLAB researchers spotted a suspicious JavaScript file needing further attention: it leveraged several techniques in order to evade all AV detection and no one of the fifty-eight antivirus solution hosted on the notorious VirusTotal platform detected it.

Malware 111

Malware Advertising Antivirus Hacking 111

Schneier on Security

MARCH 8, 2019

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption.

Insurance 212

Insurance Cyber Insurance Cybersecurity Government 212

PerezBox Security

MARCH 2, 2019

I was recently at an event listening to representatives of ICANN and CloudFlare speak on security with DNS and it occurred to me that very few of us really understand. Read More. The post The Evolving World of DNS Security appeared first on PerezBox.

DNS 101

DNS Architecture Technology Information Security 101

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Threatpost

MARCH 7, 2019

In a proof-of-concept hack, researchers penetrated an ultrasound and were able to download and manipulate patient files, then execute ransomware.

Hacking 98

Hacking Ransomware Healthcare Data breaches 98

Security Affairs

MARCH 6, 2019

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

Advertising 112

Advertising Software Hacking 112

Schneier on Security

MARCH 8, 2019

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. (Video here ). I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologists are Changing the World : Matt Mitchell, Tactical Tech; Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School; and J.

Technology 202

Technology Internet Internet Engineering 202

Dark Reading

MARCH 6, 2019

To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.

97

97

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

MARCH 7, 2019

Researchers built an AI engine that uses tweets to predict the severity of software vulnerabilities with 86 percent accuracy.

Engineering 94

Engineering Software 94

Security Affairs

MARCH 6, 2019

The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

Engineering 111

Engineering Advertising Hacking Software 111

Schneier on Security

MARCH 7, 2019

Really good article on the now-lost art of letterlocking.

198

198

Dark Reading

MARCH 5, 2019

Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.

95

95

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

MARCH 4, 2019

Google's Project Zero researchers find a potentially powerful privilege escalation trick in how Macs manage memory.

88

88

Security Affairs

MARCH 8, 2019

Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw ( CVE-2019-5786). The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver and it can be exploited for security sandbox escape. “It is a local p

Advertising 111

Advertising Hacking 111

Schneier on Security

MARCH 7, 2019

This system claims to detect suspicious behavior that indicates shoplifting: Vaak , a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language. The article has no detail or analysis, so we don't know how well it works.

Artificial Intelligence 196

Artificial Intelligence Surveillance Software 196

eSecurity Planet

MARCH 6, 2019

Product announcements at the 2019 RSA Conference spanned email security, container security, threat detection, SIEM, EDR and cloud security.

Threat Detection 86

Threat Detection 86

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

MARCH 3, 2019

Will Roper, acquisition executive for the US Air Force, talks to WIRED's editor-in-chief about making the military more adaptive, the role of AI, and what he worries about every day.

87

87

Security Affairs

MARCH 3, 2019

The Wireshark Foundation released Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The Wireshark Foundation announced the release of Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The new version addresses several bugs and introduces tens of new features, it also improved existing features.

Advertising 111

Advertising Hacking Penetration Testing 111

Threatpost

MARCH 8, 2019

As smart devices permeate our lives, Google sends up a red flag and shows how the underlying systems can be attacked.

Hacking 85

Hacking 85

Dark Reading

MARCH 7, 2019

Researchers break down the differences in how China and Russia use social media to manipulate American audiences.

Media 84

Media 84

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!