Sat.Aug 18, 2018 - Fri.Aug 24, 2018

article thumbnail

Trend Micro takes multi-pronged approach to narrowing the gaping cybersecurity skills gap

The Last Watchdog

Remember the old adage, you can never be too thin or too rich? The software development world has its own take on that dictum—you can never be too fast. Related: Gamification training targets iGens. Business demand dictates a frenetic pace for delivering new and better technology. To perfect the process, more organizations are taking a DevOps approach—melding software development and software operations simultaneously.

article thumbnail

Experts Urge Rapid Patching of ‘Struts’ Bug

Krebs on Security

In September 2017, Equifax disclosed that a failure to patch one of its Internet servers against a pervasive software flaw — in a Web component known as Apache Struts — led to a breach that exposed personal data on 147 million Americans. Now security experts are warning that blueprints showing malicious hackers how to exploit a newly-discovered Apache Struts bug are available online, leaving countless organizations in a rush to apply new updates and plug the security hole before att

Software 154
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

John Mueller and Mark Stewart on the Risks of Terrorism

Schneier on Security

Another excellent paper by the Mueller/Stewart team: " Terrorism and Bathtubs: Comparing and Assessing the Risks ": Abstract : The likelihood that anyone outside a war zone will be killed by an Islamist extremist terrorist is extremely small. In the United States, for example, some six people have perished each year since 9/11 at the hands of such terrorists -- vastly smaller than the number of people who die in bathtub drownings.

Risk 141
article thumbnail

Weekly Update 101

Troy Hunt

Home! I got up early today to a balmy 16-degree winter's day as we approach the last week before spring and felt genuinely thankful to be in this location. I've gotta stay home more. This week, there's no new blog posts due to travel commitments so it's a bit shorter, but there's still the usual array of goings on. I update how the Mozilla testing with HIBP is going, I'm going to update my Ubiquiti network at home and I get a bit cranky about people installing spyware on other people's phones.

Spyware 106
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

GUEST ESSAY: 6 best practices that will help protect you company’s digital assets in the cloud

The Last Watchdog

More businesses than ever before are choosing to move their IT infrastructure and systems to cloud solutions such as Amazon Web Services and Microsoft Azure. There are many reasons to choose a cloud solution including increased flexibility and scalability, as well as reduced cost. In fact, a recent study of nearly 200 businesses and entrepreneurs found that 76% are looking to cloud solutions in order to increase the efficiency of their business.

article thumbnail

Alleged SIM Swapper Arrested in California

Krebs on Security

Authorities in Santa Clara, Calif. have arrested and charged a 19-year-old area man on suspicion hijacking mobile phone numbers as part of a scheme to steal large sums of bitcoin and other cryptocurrencies. The arrest is the third known law enforcement action this month targeting “SIM swappers,” individuals who specialize in stealing wireless phone numbers and hijacking online financial and social media accounts tied to those numbers.

Mobile 126

More Trending

article thumbnail

Threat Model Thursday: Legible Architecture

Adam Shostack

The image above is the frequency with which streets travel a certain orientation, and it’s a nifty data visualization by Geoff Boeing. What caught my attention was not just the streets of Boston and Charlotte, but the lack of variability shown for Seattle, which is a city with two grids. But then there was this really interesting tidbit, which relates to threat modeling: Kevin Lynch defined “legible” cities as those whose patterns lend themselves to coherent, organized, recognizable, and c

article thumbnail

What companies need to know about ‘SecOps’ — the path to making ‘digital transformation’ secure

The Last Watchdog

DevOps has been around for a while now, accelerating the creation of leading edge business applications by blending the development side with the operations side. It should come as no surprise that security is being formally added to DevOps, resulting in an emphasis on a process being referred to as SecOps or DevSecOps. Related: How DevOps played into the Uber hack.

article thumbnail

Seven Data Security Challenges You Must Meet to Comply with GDPR

Thales Cloud Protection & Licensing

The enactment of the European Union’s General Data Protection Regulation (GDPR) is a significant milestone for virtually every international business. Under the standard, organizations need to comply withan extensive set of requirements—or potentially face significant fines for failing to do so. Thales eSecurity and DataStax have come together to draft “Aligning GDPR Requirements with Today’s Hybrid-Cloud Realities,” which outlines a number of the issues organizations need to address to be GDPR

article thumbnail

"Two Stage" BMW Theft Attempt

Schneier on Security

Modern cars have alarm systems that automatically connect to a remote call center. This makes cars harder to steal, since tripping the alarm causes a quick response. This article describes a theft attempt that tried to neutralize that security system. In the first attack, the thieves just disabled the alarm system and then left. If the owner had not immediately repaired the car, the thieves would have returned the next night and -- no longer working under time pressure -- stolen the car.

122
122
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Toolbox: After a Conference

Adam Shostack

Wow. Blackhat, Defcon, I didn’t even make the other conferences going on in Vegas. And coming back it seems like there’s a sea of things to follow up on. I think a little bit of organization is helping me manage better this year, and so I thought I’d share what’s in my post-conference toolbox. I’m also sharing because I don’t think my workflow is optimal, and would love to learn from how others are working through this in 2018 with its profusion of ways to sta

100
100
article thumbnail

Top Cybersecurity Companies of 2018

eSecurity Planet

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

article thumbnail

7 Serious IoT Vulnerabilities

Dark Reading

A growing number of employees have various IoT devices in their homes - where they're also connecting to an enterprise network to do their work. And that means significant threats loom.

IoT 87
article thumbnail

James Mickens on the Current State of Computer Security

Schneier on Security

James Mickens gave an excellent keynote at the USENIX Security Conference last week, talking about the social aspects of security -- racism, sexism, etc. -- and the problems with machine learning and the Internet. Worth watching.

Internet 112
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Physical Security Product Review – Portable Door Locks (PDLs) – Rishon Addalock VS. MasterBolt Travel Door Lock Security, Compared

Architect Security

Introduction I travel a lot, sometimes alone. I have left hotels almost immediately after checking in because I felt unsafe with the accommodations. Sometimes a hotel will assign a room to two people by mistake, and one person walks in on the other using a valid key (I’ve seen this happen). RFID “hotel master keys” exist. […].

article thumbnail

A worrying trend: Attacks on Asian healthcare organizations

Thales Cloud Protection & Licensing

While it’s no surprise to anybody reading this that data breaches are on the rise, the attacks facing healthcare organizations, most recently in Asia, are particularly worrisome. One need not look very far to find examples of the threats facing these entities: In Singapore, 1.5 million SingHealth patient records – including those of Prime Minister Lee Hsien Loong, were compromised in what is being called the Republic’s worst cyber attack.

article thumbnail

How to Protect Your Phone Against a SIM Swap Attack

WIRED Threat Level

Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.

96
article thumbnail

It Takes an Average 38 Days to Patch a Vulnerability

Dark Reading

Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.

72
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)

Security Affairs

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts versions from 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and possibly unsupported versions of the framework.

article thumbnail

Kali Linux 2018.3 Release

Kali Linux

Another edition of Hacker Summer Camp has come and gone. We had a great time meeting our users, new and old, particularly at our Black Hat and DEF CON Dojos, which were led by our great friend @ihackstuff and the rest of the OffSec crew. Now that everyone is back home, it’s time for our third Kali release of 2018, which is available for immediate download.

article thumbnail

Tech Giants Are Becoming Defenders of Democracy. Now What?

WIRED Threat Level

Microsoft, Facebook, and others are ramping up efforts to thwart attacks on elections—making the US government look woefully underprepared in the process.

article thumbnail

Wickr Adds New Censorship Circumvention Feature to its Encrypted App

Dark Reading

Open Secure Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Malware researcher reverse engineered a threat that went undetected for at least 2 years

Security Affairs

The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many obfuscation steps and implementation languages.

article thumbnail

Security and Artificial Intelligence: Hype vs. Reality

Threatpost

Bridging the divide between hype and reality when it comes to what artificial intelligence and machine learning can do to help protect a business.

article thumbnail

A Monitor’s Ultrasonic Sounds Can Reveal What’s on the Screen

WIRED Threat Level

Researchers have demonstrated that they can discern individual letters on a display based only on the ultrasonic whine it emits.

67
article thumbnail

Proving ROI: How a Security Road Map Can Sway the C-Suite

Dark Reading

When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.

CISO 50
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

North Korea-linked Dark Hotel APT leverages CVE-2018-8373 exploit

Security Affairs

The North Korea-linked Dark Hotel APT group is leveraging the recently patched CVE-2018-8373 vulnerability in the VBScript engine in attacks in the wild. The vulnerability affects Internet Explorer 9, 10 and 11, it was first disclosed last month by Trend Micro and affected all supported versions of Windows. The flaw could be exploited by remote attackers to take control of the vulnerable systems by tricking victims into viewing a specially crafted website through Internet Explorer.

article thumbnail

T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API

Threatpost

T-Mobile alerts millions of its customers to a breach of its website that resulted in subscriber names, zip codes, phone numbers, email addresses and account numbers being stolen.

Mobile 46
article thumbnail

Six Big Questions After the Cohen and Manafort Bombshells

WIRED Threat Level

Two close advisers to the president are now convicted felons. Here are six big questions about where this all goes next.

65
article thumbnail

How to Gauge the Effectiveness of Security Awareness Programs

Dark Reading

If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.