Krebs on Security
FEBRUARY 19, 2020
Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.
Schneier on Security
FEBRUARY 21, 2020
For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
FEBRUARY 21, 2020
The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year. The data includes full names, home addresses, phone numbers, email addresses, birthdates, and, in some cases, passport numbers of 10,683,188 hotel guests, including celebrities and prominent public figures such as Justin Bieber and Twitter CEO Jack Dorsey.
Troy Hunt
FEBRUARY 21, 2020
On reflection, I feel this week's update was dominated by having a laugh at an IoT candle ?? And that's fair, too, even though I then went and bought one because hey, this is gonna be great conference talk material! Delivery is going to be much later this year so don't hold your breath, but it could be really, uh, "interesting" once it lands. Stay tuned for that one but until then, here's this week's update: References If you're not pwned, you may be an anomaly (I'd actually like to write this u
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
FEBRUARY 17, 2020
A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.
Schneier on Security
FEBRUARY 17, 2020
This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.". Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
FEBRUARY 17, 2020
The California Consumer Privacy Act ( CCPA ) became law on January 1, 2020, and as was the case on the effective date of the General Data Protection Regulation (GDPR), the European Union’s similarly sweeping privacy legislation, it is being met with a general panic. How dare that deadline actually pass without our data practices magically being up to snuff?
Krebs on Security
FEBRUARY 18, 2020
Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.
Schneier on Security
FEBRUARY 18, 2020
This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, David happened to be checking out how the website's coding was structured when he noticed that the information triggering the server to issue a new voucher was always the same.
Tech Republic Security
FEBRUARY 20, 2020
A DivvyCloud report finds 196 data breaches exposed more than 33 billion records due to environments without appropriate security.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Daniel Miessler
FEBRUARY 15, 2020
—. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.
The Last Watchdog
FEBRUARY 18, 2020
It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.
Schneier on Security
FEBRUARY 20, 2020
There's a Kickstarter for an actual candle , with real fire, that you can control over the Internet. What could possibly go wrong?
Tech Republic Security
FEBRUARY 20, 2020
Learn how to prevent Linux users from executing certain commands and confining them to their home directory by employing rbash.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
FEBRUARY 19, 2020
A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to WordFence, the ThemeREX Addons zero-day is currently installed on at least 44,000 websites.
The Last Watchdog
FEBRUARY 21, 2020
Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.
Threatpost
FEBRUARY 18, 2020
A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
Tech Republic Security
FEBRUARY 18, 2020
Consumers and employees are finally becoming more sensitive to the privacy of their data. As technology leaders it's worth getting ahead of this trend.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
FEBRUARY 18, 2020
A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package. Summary: A few days ago I saw a post from Alienvault which says attackers are still exploiting SharePoint vulnerability to attack Middle East government organization. Having said that I found Income Tax Department India and MIT Sloan was also vulnerable to CVE-2019-0604 a remote code execution vulnerability which exists in Micros
WIRED Threat Level
FEBRUARY 21, 2020
The point of Kremlin interference has always been to find democracy’s loose seams, and pull.
Threatpost
FEBRUARY 21, 2020
Eight apps - mostly camera utilities and children's games - were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.
Tech Republic Security
FEBRUARY 21, 2020
Verizon is the latest to withdraw from the RSA conference in San Francisco as tech trade shows around the globe are impacted by the Novel Coronavirus (COVID-19). Here's what you need to know.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
FEBRUARY 21, 2020
The Defense Information Systems Agency (DISA) US agency in charge of secure IT and communication for the White House has disclosed a data breach. The Defense Information Systems Agency (DISA), the DoD agency that is in charge of the security of IT and telecommunications for the White House and military troops has suffered a cyber attack. The agency sent a data breach notification to its employees last week informing them of a security breach that took place last year between May and July.
Dark Reading
FEBRUARY 20, 2020
CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.
Threatpost
FEBRUARY 19, 2020
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
Tech Republic Security
FEBRUARY 18, 2020
Interest in Kubernetes is increasing, and DevOps is losing steam, based on O'Reilly survey findings.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
FEBRUARY 20, 2020
S ome operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain were disrupted by a cyber attack. A ransomware attack has disrupted operations at INA Group, Croatia’s biggest oil company, and its largest petrol station chain. INA , d.d. is a stock company with the Hungarian MOL Group and the Croatian Government as its biggest shareholders, while a minority of shares is owned by private and institutional investors.
Dark Reading
FEBRUARY 18, 2020
When a user interacts with an enterprise system the result can be productivity or disaster. Here are 8 opportunities for the disaster side to win out over the productive.
Threatpost
FEBRUARY 20, 2020
This week a hacking forum posted data from the breach—which included personal and contact details for celebrities, tech CEOs, government officials and employees at large tech companies.
Tech Republic Security
FEBRUARY 19, 2020
There's a new version of Microsoft Edge in town based on Chromium. Here's how to manage the browser's security and privacy settings.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
353 
Let's personalize your content