Schneier on Security
OCTOBER 24, 2018
This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol (BGP): " China's Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking.". BGP hacking is how large intelligence agencies manipulate Internet routing to make certain traffic easier to intercept.
Krebs on Security
OCTOBER 25, 2018
The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. Combating such a multifarious menace can seem daunting, and it calls for concerted efforts to tackle the problem from many different angles.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
OCTOBER 22, 2018
The personal information of roughly 75,000 people was leaked in a data breach of the Healthcare.gov system October 13. The centers for Medicare and Medicaid Services announced the breach October 19, after detecting “anomalous activity in the Federally Facilitated Exchanges,” but offered assurances that Healthcare.gov is still active and operational.
The Last Watchdog
OCTOBER 22, 2018
Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary. One recent validation comes from two long established, and much larger cybersecurity vendors – Checkpoint and Palo Alto Networks – that have recently begun integrating Silverfort’s innovative MFA solution into their respective malware detection and
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
OCTOBER 22, 2018
IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third-party the manufacturer sells the data to. Of course, this data can be used by the police as well; the purpose depends on the country.
Krebs on Security
OCTOBER 22, 2018
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
OCTOBER 26, 2018
Security experts Antonio Pirozzi and Pierluigi Paganini presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol. Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs ), about how crooks could abuse blockchain for malicious purposes.
Schneier on Security
OCTOBER 23, 2018
The former CIA Chief of Disguise has a fascinating video about her work.
Krebs on Security
OCTOBER 26, 2018
The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University , his former alma mater. Paras Jha, in an undated photo from his former LinkedIn profile.
Adam Levin
OCTOBER 24, 2018
When investing, it’s always a good idea to spread the wealth. Whether you invest only as much as can be insured, or you use different financial managers with unique areas of expertise, your goal is to maximize your capital. Everyone gets a piece of the pie, and within portfolios there’s still more diversification. When it comes to digital marketing, advertisers are wise to spread their budgets around, but the places to spend in an effective way have dwindled.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
OCTOBER 26, 2018
Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. The Indian security researcher Narendra Shinde has discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions, including OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora.
Schneier on Security
OCTOBER 25, 2018
BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme. After being provided with a list of the apps and websites connected to the scheme, Google investigated and found that dozens of the apps used its mobile advertising network.
WIRED Threat Level
OCTOBER 25, 2018
Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.
Dark Reading
OCTOBER 26, 2018
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
OCTOBER 25, 2018
Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom. Bitdefender security firm along with Europol, the FBI, Romanian Police, and other law enforcement agencies has developed a free ransomware decryption tool. “The good news is that now you can have your data back without paying a cent to the cyber-criminals, as Bitdefender has released a free utility that automates the da
Schneier on Security
OCTOBER 26, 2018
This story nicely illustrates the arms race between technologies to create fake videos and technologies to detect fake videos: These fakes, while convincing if you watch a few seconds on a phone screen, aren't perfect (yet). They contain tells, like creepily ever-open eyes, from flaws in their creation process. In looking into DeepFake's guts, Lyu realized that the images that the program learned from didn't include many with closed eyes (after all, you wouldn't keep a selfie where you were blin
WIRED Threat Level
OCTOBER 23, 2018
When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source.
Dark Reading
OCTOBER 24, 2018
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
OCTOBER 24, 2018
The security researcher SandboxEscaper has released the proof-of-concept exploit code for a new Windows zero-day, Windows users are now exposed to attacks. The security researcher using the Twitter handle @SandboxEscaper is back and has released the proof-of-concept exploit code for a new Windows zero-day vulnerability. At the end of August, the same researcher disclosed the details of zero-day privilege escalation vulnerability affecting the Microsoft’s Windows Windows Task Scheduler that coul
PerezBox Security
OCTOBER 20, 2018
On September 28th, 2018, Facebook announced it’s biggest data breach to date. They estimated 50 million accounts were affected at the time of the disclosure. Subsequent to the disclosure, security. Read More. The post The 2018 Facebook Data Breach appeared first on PerezBox.
WIRED Threat Level
OCTOBER 26, 2018
At a press conference Friday, officials detailed how they identified and found Cesar Sayoc, who has been arrested in connection with a series of mail bombs targeting prominent liberals and CNN.
Dark Reading
OCTOBER 26, 2018
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
OCTOBER 21, 2018
Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries. According to experts from Kaspersky Lab, threat actors leverage NSA tools DarkPulsar, DanderSpritz and Fuzzbunch to infect Windows Server 2003 and 2008 systems in 50 organizations in Russia, Iran, and
Threatpost
OCTOBER 23, 2018
Finance-sector employees fared the worst in an awareness survey, with 85 percent showing some lack of cybersecurity and data privacy knowledge.
WIRED Threat Level
OCTOBER 21, 2018
Google's latest flagship smartphone includes the Titan M, a security-focused chip that keeps users safe against sophisticated attacks.
Dark Reading
OCTOBER 26, 2018
The carrier discovered another breach while investigating its largest-ever data breach, disclosed in September.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
OCTOBER 23, 2018
The reverse engineer researcher Nathaniel Suchy discovered that Signal Desktop application leaves message decryption key in plain text exposing them to an attacker. Signal Desktop application leaves message decryption key in plain text potentially exposing them to an attacker. The issue was discovered by the reverse engineer researcher Nathaniel Suchy.
Threatpost
OCTOBER 26, 2018
The attack executes with no warning to the user.
WIRED Threat Level
OCTOBER 23, 2018
A migrant caravan traveling through Mexico is the latest news event to be weaponized online.
Dark Reading
OCTOBER 25, 2018
It's not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
273 
Let's personalize your content