Schneier on Security

NOVEMBER 21, 2018

Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States.

Government 272

Government Internet Internet Information Security 272

Krebs on Security

NOVEMBER 23, 2018

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online. Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple r

Scams 269

Scams Wireless Phishing Banking 269

Adam Levin

NOVEMBER 23, 2018

Krebs on Security reported a security weakness that affected millions of USPS customers. The vulnerability in question allowed anyone with an account on USPS.com to view granular information about the site’s more than 60 million users. In what has become an all too familiar scenario, Krebs on Security was contacted by a researcher who discovered the problem a year earlier.

Accountability 199

Accountability Advertising Phishing Hacking 199

Troy Hunt

NOVEMBER 22, 2018

It's a no-blog week, but that doesn't mean any less is happening! This week, I've finally wrapped up the Lego Bugatti, got myself into the new iPad, connected my washing machine (I know, I know, I didn't plan it this way!) and then isolated it on a separate IoT network. What a time we live in. Oh - and speaking of times we live in, our data is getting thrown around the place like never before thanks to data aggregators and their constant breaches and frankly, I'm a bit fed up with it.

IoT 169

IoT 169

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

NOVEMBER 23, 2018

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctive as complete prints, the chances of one partial print getting matched with another is high.

Authentication 230

Authentication 230

Krebs on Security

NOVEMBER 21, 2018

U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous.

Accountability 258

Accountability Authentication Identity Theft Advertising 258

Adam Levin

NOVEMBER 21, 2018

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. This move will have one effect: expanding attackable surface and creating a new vector for fraudsters to attack. That should be enough to give pause, but there is more.

Data breaches 100

Data breaches Software Cybersecurity Technology 100

Schneier on Security

NOVEMBER 19, 2018

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then.) The author's answer: Three main barriers are likely preventing this.

Risk 202

Risk Hacking 202

Security Affairs

NOVEMBER 18, 2018

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch. According to a company spokesperson, the bug was “discovered internally and affected a very small number of people.”.

Passwords 107

Passwords Advertising Accountability Media 107

The Last Watchdog

NOVEMBER 21, 2018

Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike. News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large. Related: Europe’s GDPR ushers in new privacy era. Legislation has recently been proposed for individual states, addressing data privacy regulations head-on.

Data privacy 103

Data privacy Data collection Big data Government 103

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

NOVEMBER 19, 2018

The age of Big Data is upon us. And, as more data is available for analytical purposes, more sensitive and private information is at risk. As The 2018 Thales Global Data Threat Report notes, “The top Big Data security issue is that sensitive data can be anywhere – and therefore everywhere – a concern expressed by 34% of global and U.S. respondents.”.

Big data 86

Big data Encryption Security Intelligence Data breaches 86

Schneier on Security

NOVEMBER 20, 2018

The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA anti-terrorism surveillance, and FBI counterterrorism activities.

Surveillance 153

Surveillance 153

Security Affairs

NOVEMBER 18, 2018

On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites. On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider. The news was confirmed by Daniel Winzen, the software developer behind the hosting service. Daniel’s Hosting became the largest Dark Web hosting provider earlier 2017 when Anonymous members breached and took down Freedom Hosting II.

Hacking 104

Hacking Advertising Cybercrime Accountability 104

WIRED Threat Level

NOVEMBER 17, 2018

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.

109

109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

PerezBox Security

NOVEMBER 20, 2018

A few months back I was working with a customer that was having the worst day of their lives. Attackers had taken full control of their most critical digital asset. Read More. The post Tips to Protect Your Domain[s] Investments appeared first on PerezBox.

Technology 80

Technology Information Security 80

Threatpost

NOVEMBER 22, 2018

Zero trust refers to the notion of evaluating the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials.

Digital transformation 79

Digital transformation Risk Authentication Passwords 79

Security Affairs

NOVEMBER 17, 2018

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company. The ransom demand ( archive.is link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to America

Scams 103

Scams Hacking Data collection Advertising 103

WIRED Threat Level

NOVEMBER 21, 2018

Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.

Hacking 99

Hacking 99

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

NOVEMBER 21, 2018

As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.

Government 83

Government 83

Spinone

NOVEMBER 22, 2018

Cyber crimes may target absolutely any person or organization that uses Internet. The only perfect solution to avoid an attack by a cyber criminal is to simply switch off your computer. However, both progressive business environments and modern lifestyles require a permanent presence on the web from organizations and individuals, and users have to increase their cyber security awareness, and this is where the Cybersecurity Landscape data will be helpful.

Cybersecurity 73

Cybersecurity Cyber Risk Marketing Risk 73

Security Affairs

NOVEMBER 17, 2018

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach. Group-IB experts discovered another large set of compromised payment cards details that was put on sale on Joker’s Stash, one of the most popular underground hubs of stolen card data, on Nov. 13. The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card, came with the payment details of 177,

Banking 96

Banking Cybercrime Advertising Data collection 96

WIRED Threat Level

NOVEMBER 17, 2018

Safer browsing, more bitcoin scams, and the rest of the week's top security news.

Scams 110

Scams Cybersecurity 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

NOVEMBER 19, 2018

A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.

Marketing 76

Marketing Risk Banking 76

Threatpost

NOVEMBER 23, 2018

New research on an old problem reveals despite efforts, the InfoSec professionals still have a way to go when it comes to securing printers.

InfoSec 75

InfoSec Malware Hacking 75

Security Affairs

NOVEMBER 22, 2018

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. The situation is very serious, the new cards are accepted as an ID document in most countries in Europe and allow the German citizens to access online government services (i.e. tax s

Authentication 95

Authentication Advertising Accountability Hacking 95

WIRED Threat Level

NOVEMBER 18, 2018

You were right not to trust hotel and airport Wi-Fi a few years ago. But these days, it's (probably) fine.

90

90

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

NOVEMBER 21, 2018

Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.

IoT 84

IoT 84

Threatpost

NOVEMBER 20, 2018

Adobe issues patch for a Flash Player vulnerability that could lead to an arbitrary code execution on targeted systems.

Mobile 75

Mobile Hacking 75

Security Affairs

NOVEMBER 22, 2018

Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer. Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer.

Hacking 94

Hacking Penetration Testing Advertising Software 94

WIRED Threat Level

NOVEMBER 20, 2018

Cybercriminals are always looking to steal your credit card or even your identity. But it pays to be on extra high alert come Black Friday.

Scams 76

Scams 76

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk