Krebs on Security

MARCH 8, 2019

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal , it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Accountability 260

Accountability Identity Theft Authentication Passwords 260

Schneier on Security

MARCH 5, 2019

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Cybersecurity 221

Cybersecurity Technology Government Internet 221

Troy Hunt

MARCH 2, 2019

I'm not intentionally pushing these out later than usual, but events have just been such over the last few weeks that it's worked out that way. This one really is a short one though as there hasn't been a lot of newsworthy stuff going on this week, other than the new Instamics I picked up which are rather cool. The audio recording did work well (I mentioned in the video I wasn't sure if it was functioning correctly), and it's pretty damn good quality for what it is.

Firmware 185

Firmware Data breaches 185

The Last Watchdog

MARCH 4, 2019

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT s

Hacking 176

Hacking Energy and Utilities System Administration Accountability 176

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

MARCH 4, 2019

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S. consumers, including DMV and arrest records, genealogy reports, phone number lookups and people searches. In an ironic twist, the marketing empire that owns the hacked online properties appears to be run by a Canadian man who’s been sued for fraud by the U.S.

Marketing 182

Marketing Passwords Hacking Advertising 182

Schneier on Security

MARCH 4, 2019

The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret : On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The on-device microphone was never intended to be a secret and should have been listed in the tech specs," the spokesperson said. "That was an error on our part.".

Spyware 202

Spyware Consumer Protection Manufacturing Internet 202

Adam Levin

MARCH 8, 2019

The sitcom “Happy Days” was pretty much doomed when the Fonz, wearing swim trunks and a leather jacket, stepped into that waterski and jumped a shark. That episode now epitomizes the over-reach that sends television shows on a downhill trajectory. The Internet of Things ( IoT ) found a still better foothold in consumer households with Amazon’s recent acquisition of eero, a wifi mesh router company.

Surveillance 107

Surveillance IoT Manufacturing Internet 107

Lenny Zeltser

MARCH 2, 2019

If you’d like to start experimenting with malware analysis in your own lab, here’s how to download and set up a free Windows virtual machine: Step 1: Install Virtualization Software Step 2: Get a Windows Virtual Machine Step 3: Update the VM and Install Malware Analysis Tools Step 4: Isolate the Analysis VM and Disable Windows Defender AV Step 5: Analyze Some Malware.

Malware 112

Malware Software Engineering Antivirus 112

Schneier on Security

MARCH 6, 2019

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article.

Software 197

Software 197

Security Affairs

MARCH 6, 2019

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

Advertising 110

Advertising Software Hacking 110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

PerezBox Security

MARCH 2, 2019

I was recently at an event listening to representatives of ICANN and CloudFlare speak on security with DNS and it occurred to me that very few of us really understand. Read More. The post The Evolving World of DNS Security appeared first on PerezBox.

DNS 101

DNS Architecture Technology Information Security 101

WIRED Threat Level

MARCH 7, 2019

A exposed database belonging to Verifications.io contained both personal and business information, including 763 million unique email addresses.

Marketing 98

Marketing 98

Schneier on Security

MARCH 8, 2019

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption.

Insurance 197

Insurance Cyber Insurance Cybersecurity Government 197

Security Affairs

MARCH 8, 2019

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network. The American multinational software company Citrix is the last victim of a security breach, according to the company an international cyber criminal gang gained access to its internal network, Hackers were able to steal business documents, but its products or services were impacted by the attack.

Software 102

Software Passwords Data breaches Advertising 102

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Threatpost

MARCH 7, 2019

In a proof-of-concept hack, researchers penetrated an ultrasound and were able to download and manipulate patient files, then execute ransomware.

Hacking 98

Hacking Ransomware Healthcare Data breaches 98

WIRED Threat Level

MARCH 5, 2019

No one's better at hacking than the NSA. And now one if its powerful tools is available to everyone for free.

Cybersecurity 111

Cybersecurity Hacking 111

Schneier on Security

MARCH 8, 2019

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. (Video here ). I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologists are Changing the World : Matt Mitchell, Tactical Tech; Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School; and J.

Technology 174

Technology Internet Internet Engineering 174

Security Affairs

MARCH 8, 2019

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io. A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing: emailrecords = 798,171,891 records emailWithPhone = 4,150,600 records businessLeads = 6,217,358 records.

Advertising 101

Advertising Scams Marketing Phishing 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Thales Cloud Protection & Licensing

MARCH 7, 2019

Last year was the first time companies in Great Britain had to disclose their gender pay gap figures. Whilst efforts have been made to reduce this gap and make a positive step forward in gender equality, four in ten private companies are reporting a wider gender pay gap in 2019 than they did last year. The cybersecurity industry in particular – which is already tackling a major skills deficit – is one of the industries hardest hit by a lack of diversity.

Cybersecurity 81

Cybersecurity Government Information Security 81

Dark Reading

MARCH 5, 2019

Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.

95

95

Schneier on Security

MARCH 7, 2019

This system claims to detect suspicious behavior that indicates shoplifting: Vaak , a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language. The article has no detail or analysis, so we don't know how well it works.

Artificial Intelligence 170

Artificial Intelligence Surveillance Software 170

Security Affairs

MARCH 6, 2019

The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

Engineering 97

Engineering Advertising Hacking Software 97

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

MARCH 3, 2019

Will Roper, acquisition executive for the US Air Force, talks to WIRED's editor-in-chief about making the military more adaptive, the role of AI, and what he worries about every day.

78

78

Dark Reading

MARCH 6, 2019

To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.

97

97

Schneier on Security

MARCH 7, 2019

Really good article on the now-lost art of letterlocking.

186

186

Security Affairs

MARCH 8, 2019

Google this week revealed a Windows zero-day that is being actively exploited in targeted attacks alongside a recently fixed Chrome flaw. Google this week disclosed a Windows zero-day vulnerability that is being actively exploited in targeted attacks alongside a recently addressed flaw in Chrome flaw ( CVE-2019-5786). The Windows zero-day vulnerability is a local privilege escalation issue in the win32k.sys kernel driver and it can be exploited for security sandbox escape. “It is a local p

Advertising 86

Advertising Hacking 86

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Architect Security

MARCH 6, 2019

What can I say? Sometimes I come up with ridiculous things: "Auditor Man" NOTE: Sung to the tune of “Particle Man” Original song by They Might Be Giants Lyrics adapted by @aprilwright Auditor man, Auditor man Scope of the entire universe man He finds something, might be false Auditor man What will he […].

InfoSec 75

InfoSec 75

Dark Reading

MARCH 8, 2019

FBI informed Citrix this week of a data breach that appears to have begun with a 'password spraying' attack to steal weak credentials to access the company's network.

Hacking 82

Hacking Data breaches Passwords 82

WIRED Threat Level

MARCH 5, 2019

“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers.

78

78

Security Affairs

MARCH 7, 2019

Security experts at FortiGuard uncovered a new malware campaign aimed at delivering the StealthWorker brute-force malware. The malicious code targets both Windows and Linux systems, compromised systems are used to carry out brute force attacks along with other infected systems. The malicious code was first discovered by Malwarebytes at the end of February and tracked by malware researchers at Cybaze -Yoroi ZLab as GoBrut.

Malware 85

Malware Hacking Advertising Data breaches 85

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk