The Last Watchdog

AUGUST 27, 2018

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.

DDOS 255

DDOS IoT Digital transformation Internet 255

Schneier on Security

AUGUST 31, 2018

On Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit " Ask Me Anything " in association with the Ford Foundation. It's about my new book , but -- of course -- you can ask me anything. No promises that I will answer everything.

224

224

Troy Hunt

AUGUST 28, 2018

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows. Since that time, another big name has come on board too : I love that a service I use every day has taken something I've built and is doing awesome things with it!

Passwords 221

Passwords 221

Krebs on Security

AUGUST 28, 2018

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based Fiserv [ NASDAQ:FISV ] is a Fortune 500 company with 24,000 employees and $5.7 billion in earnings last year.

Banking 192

Banking Accountability Retail Marketing 192

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

AUGUST 28, 2018

If there is a data breach or some other cybersecurity incident, a phishing attack was probably involved. Over 90 percent of incidents begin with a phishing email. One of the more infamous hacks in recent years, the DNC data breach , was the result of a phishing attack. Related: Carpet bombing of phishing emails endures. Phishing is the number one way organizations are breached, Aaron Higbee, CTO and co-founder of Cofense, told me at Black Hat USA 2018 in Las Vegas.

Phishing 194

Phishing Data breaches Scams Hacking 194

Schneier on Security

AUGUST 31, 2018

Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen.

Surveillance 169

Surveillance 169

Krebs on Security

AUGUST 29, 2018

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number — an increasingly common crime.

Authentication 180

Authentication Mobile Passwords Accountability 180

The Last Watchdog

AUGUST 30, 2018

As the Industrial Internet of Things continues to transform the global industrial manufacturing and critical infrastructure industries, the threat of aggressive, innovative and dangerous cyber-attacks has become increasingly concerning. Related: The top 7 most worrisome cyber warfare attacks. Adopting modern technology has revealed a downside: its interconnectedness.

Manufacturing 154

Manufacturing Cyber Risk Risk Cyber Attacks 154

Schneier on Security

AUGUST 30, 2018

I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had two homes. The birds had been secretly raised not just in Shanghai but also in Shangqiu.

166

166

Troy Hunt

AUGUST 31, 2018

A few little bits and pieces this week ranging from a new web cam (primarily to do Windows Hello auth), teaching my 8-year-old son HTML, progress with Firefox and HIBP, some really ridiculous comments from Namecheap re SSL (or TLS or HTTPS) and a full set of Pwned Passwords as NTLM hashes. I didn't mention it when I recorded, but there's already a bunch of sample code on how to dump your AD hashes and compare them to the Pwned Passwords list in the comments on that blog post.

Passwords 123

Passwords Encryption 123

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Krebs on Security

AUGUST 25, 2018

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up.

Scams 167

Scams Internet Internet Passwords 167

The Last Watchdog

AUGUST 29, 2018

If digital transformation, or DX , is to reach its full potential, there must be a security breakthrough that goes beyond legacy defenses to address the myriad new ways threat actors can insinuate themselves into complex digital systems. Network traffic analytics, or NTA , just may be that pivotal step forward. NTA refers to using advanced data mining and security analytics techniques to detect and investigate malicious activity in traffic moving between each device and on every critical system

Digital transformation 140

Digital transformation Accountability Retail Hacking 140

Schneier on Security

AUGUST 28, 2018

Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post.

Accountability 151

Accountability Malware 151

Security Affairs

AUGUST 29, 2018

Cyberstalking is one of the most overlooked crimes. This is exactly why it is among the fastest growing crimes in the world. Learn all there is about cyberstalking here. The internet has been a blessing since its inception. The very concept of globalization has come into existence just because of the internet. The world that was previously unconnected soon became a global village with different cultures and traditions linking together via the information highway.

Identity Theft 110

Identity Theft Internet Internet Surveillance 110

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Adam Levin

AUGUST 31, 2018

Air Canada is advising customers to reset their passwords on their mobile application after detecting a potential data breach of customer records. In a notice, Air Canada says that a data breach it discovered last week impacted 20,000 profiles. However, the airline operator is urging all 1.7 million users to reset their passwords. “We detected unusual login behavior with Air Canada’s mobile App between Aug. 22-24, 2018.

Data breaches 106

Data breaches Passwords Mobile Encryption 106

Dark Reading

AUGUST 29, 2018

The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

Engineering 104

Engineering Internet Internet 104

Schneier on Security

AUGUST 31, 2018

This is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a book launch for Click Here to Kill Everybody on September 10, 2018 in Washington, DC. I'm speaking about my book Click Here to Kill Everybody: Security and Survival in a Hyper-connected World at the Harvard Book Store in Cambridge, Massachuse

Technology 151

Technology Risk Cybersecurity 151

Security Affairs

AUGUST 27, 2018

A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk. A group of researchers from the University of Florida, Stony Brook University, and Samsung Research America, has conducted an interesting research on the set of AT commands that are currently supported on modern Android devices.

Mobile 108

Mobile Firmware Telecommunications Advertising 108

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

AUGUST 25, 2018

Your phone number was never meant to be your identity. Now that it effectively is, we're all at risk.

Risk 89

Risk 89

Threatpost

AUGUST 31, 2018

The Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date.

Malware 81

Malware 81

Dark Reading

AUGUST 27, 2018

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.

Technology 65

Technology 65

Security Affairs

AUGUST 28, 2018

Experts from SecureWorks discovered a large phishing campaign targeting universities carried out by an Iran-linked threat actor COBALT DICKENS. Security firm SecureWorks has uncovered a new phishing campaign carried out by COBALT DICKENS APT targeting universities worldwide, it involved sixteen domains hosting more than 300 spoofed websites for 76 universities in 14 countries, including Australia, Canada, China, Israel, Japan, Switzerland, Turkey, the United Kingdom, and the United States. ̶

Phishing 106

Phishing Advertising Hacking DNS 106

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

AUGUST 29, 2018

So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.

Hacking 77

Hacking 77

Threatpost

AUGUST 27, 2018

Botnets fused with artificial intelligence are decentralized and self-organized systems, capable of working together toward a common goal – attacking networks.

Artificial Intelligence 78

Artificial Intelligence DDOS Cyber threats IoT 78

Dark Reading

AUGUST 29, 2018

Mobile app hit in cyberattack that compromised 20K user accounts.

Data breaches 55

Data breaches Mobile Accountability 55

Security Affairs

AUGUST 25, 2018

Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks. Huawei Australia defined the decision disappointing. We have been informed by the Govt that Huawei & ZTE have been banned from providing 5G technology to Australia.

Telecommunications 92

Telecommunications Manufacturing Government Advertising 92

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

AUGUST 29, 2018

Despite an injunction against sharing the plans online, Cody Wilson is now selling the blueprints directly.

66

66

Threatpost

AUGUST 31, 2018

Unlike its browser competitors, Firefox will soon start blocking tracking cookies by default in the name of consumer privacy.

57

57

Dark Reading

AUGUST 28, 2018

In 2018, mobile communication platforms such as WhatsApp, Skype and SMS have far less protection against app-based phishing than email.

Mobile 54

Mobile Phishing 54

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. A few days ago the security expert Darek Tytko from securitum.pl has reported a similar username enumeration vulnerability in the OpenSSH client.

Authentication 88

Authentication Advertising Passwords Software 88

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!