Sat.Mar 10, 2018 - Fri.Mar 16, 2018

article thumbnail

The 600+ Companies PayPal Shares Your Data With

Schneier on Security

One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average?

206
206
article thumbnail

Taking down Gooligan: part 1 — overview

Elie

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Malware 107
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hacker Adrian Lamo Has Died at 37

WIRED Threat Level

The Colombian-American hacker became famous in the early 2000s for breaking into the systems at organizations like *The New York Times*, and later for his role in Chelsea Manning's arrest.

105
105
article thumbnail

Is All Encryption Equal?

Thales Cloud Protection & Licensing

Data encryption has been around almost since the age of computers. In truth, anyone with minimal experience can write a simple script that uses default services built into virtually every OS to encrypt data. In Linux, for instance, it takes four openSSL commands to generate an encryption key and encrypt data. However, simply encrypting data is not a sufficient control when storing data in the cloud.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Artificial Intelligence and the Attack/Defense Balance

Schneier on Security

Artificial intelligence technologies have the potential to upend the longstanding advantage that attack has over defense on the Internet. This has to do with the relative strengths and weaknesses of people and computers, how those all interplay in Internet security, and where AI technologies might change things. You can divide Internet security tasks into two sets: what humans do well and what computers do well.

article thumbnail

Taking down Gooligan: part 1 — overview

Elie

This series of posts recounts how, in November 2016, we hunted for and took down Gooligan, the infamous Android OAuth stealing botnet. What makes Gooligan special is its weaponization of OAuth tokens, something that was never observed in mainstream crimeware before. At its peak, Gooligan had hijacked over 1M OAuth tokens in an attempt to perform fraudulent Play store installs and reviews.

Malware 91

More Trending

article thumbnail

Email Security for Your Business

eSecurity Planet

Every business uses email, yet many are unaware of email security threats. Here's a look at the threats - and how to secure your business email.

76
article thumbnail

E-Mailing Private HTTPS Keys

Schneier on Security

I don't know what to make of this story : The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec. It was sent to Jeremy Rowley, an executive vice president at DigiCert, a certificate authority that acquired Symantec's certificate issuance business after Symantec was caught flouting binding industry rules , prompting Google to distrust Symantec certificates in its Chro

article thumbnail

Cybercriminals Launder Up to $200B in Profit Per Year

Dark Reading

Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.

article thumbnail

A Florida Bill Would Make Criminal Justice Data More Transparent Than Ever

WIRED Threat Level

A newly passed bill in the Florida Legislature would bring unprecedented levels of transparency to the criminal justice system.

97
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

How to Secure ‘Permissioned’ Blockchains

Thales Cloud Protection & Licensing

Permissioned blockchains are growing in popularity as businesses attempt to cash in on the blockchain trend while keeping a firm hand on the tiller. Contrary to their non-permissioned cousins (such as bitcoin or Ethereum), permissioned blockchains are controlled by an authority that grants permission to every node that participates. In this blog ( originally published on Dark Reading), Duncan Jones, Head of Skunkworks at Thales eSecurity, Duncan discusses the characteristics of a perimissioned b

60
article thumbnail

Interesting Article on Marcus Hutchins

Schneier on Security

This is a good article on the complicated story of hacker Marcus Hutchins.

article thumbnail

A Secure Enterprise Starts with a Cyber-Aware Staff

Dark Reading

An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.

article thumbnail

Youtube, Facebook, and Google Can't Expect Wikipedia to Cure the Internet

WIRED Threat Level

YouTube and other tech giants have repeatedly turned to Wikipedia to help solve some of their biggest problems—often without giving back.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

How to Protect Your Google Workspace Account

Spinone

Google provides a feature for Google Workspace (former G Suite) users called ‘Two-Step Verification,’ which is designed to improve the security of not only your Google Workspace account, but your entire online presence. If your Google account is ever hacked, a domino effect may ensue. You are particularly vulnerable if you reuse the same password […] The post How to Protect Your Google Workspace Account first appeared on SpinOne.

article thumbnail

Greyshift Sells Phone Unlocking Services

Schneier on Security

Here's another company that claims to unlock phones for a price.

article thumbnail

77% of Businesses Lack Proper Incident Response Plans

Dark Reading

New research shows security leaders have false confidence in their ability to respond to security incidents.

77
article thumbnail

How Creative DDOS Attacks Still Slip Past Defenses

WIRED Threat Level

While some major distributed-denial-of-service attacks have been thwarted this month, the threat remains as critical as ever.

DDOS 90
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

Threatpost

A Walmart jewelry partners' misconfigured AWS S3 bucket left personal details and contact information of 1.3 million customers in plain sight.

64
article thumbnail

Taking down Gooligan: part 1 — overview

Elie

In-depth research publications, industry talks and blog posts about Google security, research at Google and cybersecurity in general in open-access.

article thumbnail

Who Does What in Cybersecurity at the C-Level

Dark Reading

As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.

article thumbnail

Voice Chat App Zello Turned a Blind Eye to Jihadis for Years

WIRED Threat Level

Despite warnings and flagged accounts, Zello left accounts with ISIS flag avatars and jihadist descriptions live on its service.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

New POS Malware PinkKite Takes Flight

Threatpost

Researchers shed light on a newly discovered family of point of sale malware that is extremely small in size and adept at siphoning credit card numbers from POS endpoints.

Malware 55
article thumbnail

Measure Security Performance, Not Policy Compliance

The Falcon's View

I started my security (post-sysadmin) career heavily focused on security policy frameworks. It took me down many roads, but everything always came back to a few simple notions, such as that policies were a means of articulating security direction, that you had to prescriptively articulate desired behaviors, and that the more detail you could put into the guidance (such as in standards, baselines, and guidelines), the better off the organization would be.

article thumbnail

The Containerization of Artificial Intelligence

Dark Reading

AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.

article thumbnail

New Sanctions Against Russia Finally Take the Country's Online Chaos Seriously

WIRED Threat Level

From election meddling to NotPetya to grid hacking, Russia's digital provocations are no longer being ignored.

Hacking 81
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

GandCrab Ransomware Crooks Take Agile Development Approach

Threatpost

Despite setbacks hackers behind GandCrab malware are pushing ahead with lucrative new ransomware strain thanks to quick-and-dirty agile development approach.

article thumbnail

Google Phishing Attack: Security Experts’ Predictions

Spinone

The Internet blew up with the latest news about Gmail phishing attack. You have probably read tons of material about this issue and how sophisticatedly it was organized. However, all of this news has likely left you frustrated and without a satisfactory answer to these three questions: What was the goal? What can we expect? What should we do next? Our security experts give the answers.

article thumbnail

What CISOs Should Know About Quantum Computing

Dark Reading

As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.

CISO 72
article thumbnail

Researchers Point to an AMD Backdoor—And Face Their Own Backlash

WIRED Threat Level

As an Israeli security firm outlines real flaws in AMD's chips, the security community questions its motivations.

71
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.