Schneier on Security

MARCH 27, 2019

A university study confirmed the obvious: if you pay a random bunch of freelance programmers a small amount of money to write security software, they're not going to do a very good job at it. In an experiment that involved 43 programmers hired via the Freelancer.com platform, University of Bonn academics have discovered that developers tend to take the easy way out and write code that stores user passwords in an unsafe manner.

Passwords 273

Passwords Technology Software 273

Adam Levin

MARCH 29, 2019

The email addresses and personal information of 982 million people were compromised in a leak from an unsecured database. The database belonged to Verifications.io, an “email validation service” that aggregates and sells information about the validity and associated personal data associated with email lists. Security researcher Bob Diachenko found the information in an unsecured 150GB-sized MongoDB database.

Data breaches 242

Data breaches Media Internet Internet 242

Krebs on Security

MARCH 29, 2019

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.

Data breaches 239

Data breaches Banking Retail Accountability 239

The Last Watchdog

MARCH 28, 2019

A couple of high-profile distributed denial-of-service (DDoS) attacks will surely go down in history as watershed events – each for different reasons. Related: IoT botnets now available for economical DDoS blasts. In March 2013, several impossibly massive waves of nuisance requests – peaking as high as 300 gigabytes per second— swamped Spamhaus , knocking the anti-spam organization off line for extended periods.

DDOS 217

DDOS IoT DNS Internet 217

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 29, 2019

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that technique. What is less clear is whether the vulnerability -- which has been fixed -- was put into the Huwei driver accidentally or on purpose.

Government 263

Government Malware 263

Adam Levin

MARCH 27, 2019

The Federal Emergency Management Agency failed to properly protect the personal information of 2.3 million survivors of natural disasters. A partially redacted memo issued by the Office of the Inspector General of the Department of Homeland Security stated that FEMA released the personally identifiable information of 2.3 million survivors of hurricanes Harvey, Irma and Maria as well as the 2017 California wildfires to an unspecified contractor.

Identity Theft 184

Identity Theft Accountability Risk Government 184

Troy Hunt

MARCH 23, 2019

So firstly, sorry for the audio quality. I'm pretty damn frustrated with those Instamics right now between the flakey firmware upgrade process and the unexpected loss of recording today. I'll make sure I get on top of it for next time. I'm sitting at the gate in Seattle right now about to board so I'm going to cut this intro short and jump straight into the vid.

Data breaches 133

Data breaches Spyware Firmware Passwords 133

Schneier on Security

MARCH 28, 2019

Kaspersky Labs is reporting on a new supply chain attack they call "Shadowhammer.". In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility. The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users. [.]. The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters' MAC addresses.

Hacking 242

Hacking Malware 242

Adam Levin

MARCH 28, 2019

Florida police officer Leonel Marines resigned after a police investigation revealed the 12-year veteran of the Bradenton Police Department had been using police databases like a dating app to locate potential women for fun and maybe more. He’d been doing it for years. While it’s surprising this 5-0 Romeo actually got some dates playing fast and loose with his access to driver’s license and vehicle registration databases, the more shocking thing about this story is that it co

Cybersecurity 182

Cybersecurity Media Accountability 182

The Last Watchdog

MARCH 25, 2019

Remember when software used to come on CDs packaged in shrinked-wrapped boxes, or even before that, on floppy disks? Related: Memory-based attacks on the rise. If you bought a new printer and wanted it to work on your desktop PC, you’d have to install a software driver, stored on a floppy disk or CD, to make that digital handshake for you. Today software is developed and deployed in the cloud, on the fly.

Digital transformation 108

Digital transformation Software Data breaches Authentication 108

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MARCH 26, 2019

Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.

109

109

Schneier on Security

MARCH 26, 2019

A recent experiment found all sorts of personal data left on used laptops and smartphones. This should come as no surprise. Simson Garfinkel performed the same experiment in 2003, with similar results.

231

231

Security Affairs

MARCH 23, 2019

Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal. The security experts Amat Cama and Richard Zhu of team Fluoroacetate, earned $35,000 for their exploit, along with the Tesla they hacked.

Hacking 106

Hacking Advertising Internet Internet 106

The Last Watchdog

MARCH 26, 2019

One way to grasp how digital transformation directly impacts the daily operations of any organization – right at this moment — is to examine the company’s application environment. Related: How new exposures being created by API sprawl. Pick any company in any vertical – financial services, government, defense, manufacturing, insurance, healthcare, retailing, travel and hospitality – and you’ll find employees, partners, third-party suppliers and customers all demanding remote access to an

Digital transformation 105

Digital transformation Internet Internet Accountability 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

MARCH 26, 2019

The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.

90

90

Schneier on Security

MARCH 25, 2019

Not email, paper mail : Thieves, often at night, use string to lower glue-covered rodent traps or bottles coated with an adhesive down the chute of a sidewalk mailbox. This bait attaches to the envelopes inside, and the fish in this case -- mail containing gift cards, money orders or checks, which can be altered with chemicals and cashed -- are reeled out slowly.

201

201

Security Affairs

MARCH 25, 2019

It is a battle with no holds barred between T-Series and PewDiePie, their fans are spreading the PewDiePie ransomware to force users to subscribe to PewDiePie Youtube channel. The story I’m going to tell you is another chapter of the battle between the most followed Youtuber T-Series and PewDiePie. T-Series is an Indian music company, while PewDiePie a Youtuber whom fans are accused to use any means to increase the number of subscribers to its channel.

Ransomware 105

Ransomware Advertising Encryption Malware 105

The Last Watchdog

MARCH 29, 2019

A discussion of how – and why – adversaries are using artificial intelligence to juice up malicious activities. When antivirus (AV) software first arrived in the late 1980s, the science of combating computer viruses was very straightforward. AV kept close track of known malicious files, and then quarantined or deleted any known malware that had managed to embed itself on the protected computing device.

Artificial Intelligence 101

Artificial Intelligence Cybersecurity Malware Antivirus 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

MARCH 26, 2019

Ret. Admiral Michael Rogers - who served as head of the NSA and the US Cyber Command from 2014 to 2018 - on how to handle the risk of insiders exposing an organization's sensitive data.

Risk 90

Risk 90

WIRED Threat Level

MARCH 25, 2019

Hackers compromised Asus’s Live Update tool to distribute malware to almost a million people. Here’s how to find out if your computer has it.

Software 94

Software Hacking Malware 94

Security Affairs

MARCH 29, 2019

Commando VM — Turn Your Windows Computer Into A Hacking Machine. FireEye released Commando VM , a Windows-based security distribution designed for penetration testers that intend to use the Microsoft OS. FireEye released Commando VM , the Windows-based security distribution designed for penetration testing and red teaming. FireEye today released an automated installer called Commando VM (Complete Mandiant Offensive VM) , it is an automated installation script that turns a Windows operating sy

Penetration Testing 96

Penetration Testing Hacking Passwords Advertising 96

Threatpost

MARCH 25, 2019

Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look.

Malware 85

Malware Cybersecurity Encryption InfoSec 85

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

MARCH 28, 2019

In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.

90

90

WIRED Threat Level

MARCH 28, 2019

A surprising number of high-traffic sites have TLS vulnerabilities that are subtle enough for the green padlock to still appear.

96

96

Security Affairs

MARCH 27, 2019

Operation SaboTor – A coordinated operation conducted by law enforcement agencies from Europe, Canada, and the United States targeted vendors and buyers of illegal goods on dark web marketplaces. The international operations, dubbed operation SaboTor, involved 17 countries, notably Germany, the Netherlands, Austria, and Portugal. “During the course of this operation, international law enforcement agencies made 61 arrests and shut down 50 dark web accounts used for illegal activity.&#

Cryptocurrency 91

Cryptocurrency Advertising Accountability Marketing 91

eSecurity Planet

MARCH 28, 2019

Serverless is a new computing paradigm that also introduces new security risks. Learn what serverless is and security steps organizations need to take.

Risk 78

Risk 78

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

MARCH 27, 2019

In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.

Ransomware 92

Ransomware 92

WIRED Threat Level

MARCH 28, 2019

A British report finds that Huawei equipment, suspected of including backdoors for China's government, suffers from a lack of "basic engineering competence.".

Engineering 82

Engineering Government 82

Security Affairs

MARCH 26, 2019

Good news for the victims of the Hacked Ransomware, the security firm Emsisoft has released a free decryptor to decrypt the data of infected computers. Security experts at Emsisoft released a free decryptor for the Hacked Ransomware. The Hacked Ransomware was first spotted in 2017, it appends.hacked extension to the encrypted files and includes ransom notes in Italian, English, Spanish, and Turkish.

Encryption 90

Encryption Hacking Ransomware Advertising 90

Spinone

MARCH 29, 2019

Google Drive Storage is arguably one of, if not the most popular cloud storage service platforms. It contains a wealth of features and functionality that allows it to be used as more than simply storage, but a tool to enhance productivity. Using Google Drive tools effectively and efficiently allows getting the most out of this very popular platform for storage, editing, and collaboration.

Hacking 71

Hacking Backups Passwords Accountability 71

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk