Schneier on Security
OCTOBER 24, 2018
This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol (BGP): " China's Maxim Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking.". BGP hacking is how large intelligence agencies manipulate Internet routing to make certain traffic easier to intercept.
Krebs on Security
OCTOBER 22, 2018
A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
OCTOBER 22, 2018
The personal information of roughly 75,000 people was leaked in a data breach of the Healthcare.gov system October 13. The centers for Medicare and Medicaid Services announced the breach October 19, after detecting “anomalous activity in the Federally Facilitated Exchanges,” but offered assurances that Healthcare.gov is still active and operational.
Security Affairs
OCTOBER 26, 2018
Security researcher discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions. The Indian security researcher Narendra Shinde has discovered a highly critical vulnerability (CVE-2018-14665) in X.Org Server package that affects major Linux distributions, including OpenBSD, Debian, Ubuntu, CentOS, Red Hat, and Fedora.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Schneier on Security
OCTOBER 22, 2018
IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third-party the manufacturer sells the data to. Of course, this data can be used by the police as well; the purpose depends on the country.
Krebs on Security
OCTOBER 26, 2018
The convicted co-author of the highly disruptive Mirai botnet malware strain has been sentenced to 2,500 hours of community service, six months home confinement, and ordered to pay $8.6 million in restitution for repeatedly using Mirai to take down Internet services at Rutgers University , his former alma mater. Paras Jha, in an undated photo from his former LinkedIn profile.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
WIRED Threat Level
OCTOBER 25, 2018
Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.
Schneier on Security
OCTOBER 25, 2018
BuzzFeed is reporting on a scheme where fraudsters buy legitimate Android apps, track users' behavior in order to mimic it in a way that evades bot detectors, and then uses bots to perpetuate an ad-fraud scheme. After being provided with a list of the apps and websites connected to the scheme, Google investigated and found that dozens of the apps used its mobile advertising network.
Security Affairs
OCTOBER 21, 2018
Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries. According to experts from Kaspersky Lab, threat actors leverage NSA tools DarkPulsar, DanderSpritz and Fuzzbunch to infect Windows Server 2003 and 2008 systems in 50 organizations in Russia, Iran, and
Dark Reading
OCTOBER 24, 2018
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
WIRED Threat Level
OCTOBER 23, 2018
A $1.50 wager on a "Call of Duty" match led to a fake 911 call reporting a violent hostage situation in Wichita. Here’s how it all went horribly awry.
Schneier on Security
OCTOBER 26, 2018
This story nicely illustrates the arms race between technologies to create fake videos and technologies to detect fake videos: These fakes, while convincing if you watch a few seconds on a phone screen, aren't perfect (yet). They contain tells, like creepily ever-open eyes, from flaws in their creation process. In looking into DeepFake's guts, Lyu realized that the images that the program learned from didn't include many with closed eyes (after all, you wouldn't keep a selfie where you were blin
Security Affairs
OCTOBER 24, 2018
The security researcher SandboxEscaper has released the proof-of-concept exploit code for a new Windows zero-day, Windows users are now exposed to attacks. The security researcher using the Twitter handle @SandboxEscaper is back and has released the proof-of-concept exploit code for a new Windows zero-day vulnerability. At the end of August, the same researcher disclosed the details of zero-day privilege escalation vulnerability affecting the Microsoft’s Windows Windows Task Scheduler that coul
Dark Reading
OCTOBER 26, 2018
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
OCTOBER 23, 2018
When considered as a form of tech, paper has a killer feature set: It’s intuitive, it doesn’t crash, and it doesn’t need a power source.
Schneier on Security
OCTOBER 23, 2018
The former CIA Chief of Disguise has a fascinating video about her work.
Security Affairs
OCTOBER 25, 2018
Good news for the victims of the infamous GandCrab ransomware, security experts have created a decryption tool that allows them to decrypts files without paying the ransom. Bitdefender security firm along with Europol, the FBI, Romanian Police, and other law enforcement agencies has developed a free ransomware decryption tool. “The good news is that now you can have your data back without paying a cent to the cyber-criminals, as Bitdefender has released a free utility that automates the da
Dark Reading
OCTOBER 23, 2018
Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
PerezBox Security
OCTOBER 20, 2018
On September 28th, 2018, Facebook announced it’s biggest data breach to date. They estimated 50 million accounts were affected at the time of the disclosure. Subsequent to the disclosure, security. Read More. The post The 2018 Facebook Data Breach appeared first on PerezBox.
WIRED Threat Level
OCTOBER 25, 2018
Prosecutors in California have filed 46 new counts against Tyler Barriss for bomb threats, fraud, and swatting incidents nationwide. He’s angling to get the case transferred to Kansas and intends to plead guilty.
Security Affairs
OCTOBER 20, 2018
The developers of the GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. The authors of the infamous GandCrab ransomware have released the decryption keys for all Syrian victims in an underground cybercrime forum. Gandcrab developers’ post – Source Bleeping Computer. The crooks decided to release the decryption keys after a Syrian Twitter user published a harrowing message asking for help after photos of his deceased chil
Dark Reading
OCTOBER 25, 2018
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Thales Cloud Protection & Licensing
OCTOBER 23, 2018
It’s hard to believe we are just a month away from the “unofficial” kick off of the holiday shopping season—Black Friday. So before the shopping frenzy begins, we thought this would be an opportune time to outline some best practices that both retailers and consumers should follow in order to protect consumer data. Customers are expecting more and more when it comes to their shopping experience, and this holiday season will push the envelope as retailers are making brick-and-mortar stores more d
WIRED Threat Level
OCTOBER 26, 2018
At a press conference Friday, officials detailed how they identified and found Cesar Sayoc, who has been arrested in connection with a series of mail bombs targeting prominent liberals and CNN.
Security Affairs
OCTOBER 22, 2018
Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities. Researchers at Zimperium’s zLabs team have found that one of the most popular Internet of Things real-time operating system, FreeRTOS , is affected by serious vulnerabilities. The researcher Ori Karliner and his team analyzed some of the most popular operating systems in the IoT market, including the FreeRTOS.
Dark Reading
OCTOBER 26, 2018
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Threatpost
OCTOBER 23, 2018
Finance-sector employees fared the worst in an awareness survey, with 85 percent showing some lack of cybersecurity and data privacy knowledge.
Thales Cloud Protection & Licensing
OCTOBER 25, 2018
Critical infrastructure is so basic to how we live our daily lives that we don’t even think about it. Yet safeguarding it is essential to our national well-being. Critical infrastructure, as defined by Department of Homeland Security : describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.
Security Affairs
OCTOBER 20, 2018
A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. Attackers can exploit the vulnerability to carry out several malicious activities, including defacement, exfiltration, and malware infection. The flaw was reported by the Akamai researcher Larry Cashdollar, he explained that many other packages that include the vulnerable code may be affected.
Dark Reading
OCTOBER 25, 2018
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
238 
Let's personalize your content