Troy Hunt

NOVEMBER 22, 2019

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself. I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo dat

Data breaches 361

Data breaches Technology Software Accountability 361

Schneier on Security

NOVEMBER 20, 2019

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns.

Internet 236

Internet Internet 236

Krebs on Security

NOVEMBER 19, 2019

National Veterinary Associates (NVA), a California company that owns more than 700 animal care facilities around the globe, is still working to recover from a ransomware attack late last month that affected more than half of those properties, separating many veterinary practices from their patient records, payment systems and practice management software.

Ransomware 215

Ransomware Technology Malware Software 215

Adam Levin

NOVEMBER 20, 2019

Macy’s has informed customers of an e-skimming data breach following the discovery of Magecart malware on its website. In a letter to affected customers, the retailer said that it had detected malware on its e-commerce website on October 15 and that it had been active for a little over a week. . “The unauthorized code was highly specific and only allowed the third party party to capture information submitted by customers,” stated the letter, explaining that user-submitted data on the site’s chec

Data breaches 176

Data breaches Retail Malware Cybersecurity 176

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

NOVEMBER 18, 2019

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers

Banking 238

Banking Phishing Scams Accountability 238

Schneier on Security

NOVEMBER 18, 2019

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not exploitable -- making them bugs but not security concerns.

Firmware 214

Firmware 214

Tech Republic Security

NOVEMBER 21, 2019

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

184

184

Troy Hunt

NOVEMBER 17, 2019

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the role HIBP can play in helping them tackle those challenges.

Government 238

Government InfoSec 238

Schneier on Security

NOVEMBER 21, 2019

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai "crop circles," which somehow spoof each vessel to a different false location, are something new. "I'm still puzzled by this," says Humphreys. "I can't get it to work out in the math. It's an interesting mystery.

206

206

Adam Levin

NOVEMBER 19, 2019

Data belonging to more than 450,000 players of popular online games were exposed on an unprotected database accessible online. Wizards of the Coast, the company behind games such as Magic: The Gathering , MTG Arena , and Magic Online accidentally left a database unprotected on an online Amazon Web Services storage bucket. The first and last names, email addresses, and passwords of 452,634 players and 470 employees were exposed.

Data breaches 145

Data breaches Passwords Cybersecurity 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

NOVEMBER 22, 2019

Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites.

Retail 190

Retail 190

Troy Hunt

NOVEMBER 17, 2019

Yes, I'm in my car. I'm completely disorganised, rushing to the next event and really didn't plan this very well. But hey, what an awesome little soundproof booth it is! That said, I did keep this week deliberately concise. until I went to edit it and then Adobe Premiere (or the NVIDIA drivers on my laptop) decided to turn a 16 minute video clip into a multi-hour s**t-fight.

VPN 177

VPN Surveillance Passwords Banking 177

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows how to carry out a DLL injection hack — to cheat the game score.

Firmware 131

Firmware Hacking Software Surveillance 131

Dark Reading

NOVEMBER 21, 2019

The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.

132

132

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

NOVEMBER 21, 2019

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

147

147

Threatpost

NOVEMBER 22, 2019

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.

131

131

The Last Watchdog

NOVEMBER 18, 2019

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage. Related: Can Europe’s GDPR restore data privacy? And yet today there is a resurgence in demand for encrypted flash drives.

Backups 103

Backups Encryption Data privacy Digital transformation 103

Security Affairs

NOVEMBER 22, 2019

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Edenred is a French company specialized in prepaid corporate services.

Malware 103

Malware Mobile Advertising Government 103

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

NOVEMBER 21, 2019

The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.

134

134

Threatpost

NOVEMBER 19, 2019

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, […].

Ransomware 101

Ransomware Malware 101

Dark Reading

NOVEMBER 22, 2019

The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.

Data breaches 108

Data breaches Insurance 108

Security Affairs

NOVEMBER 21, 2019

ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9 th October 2019.

Architecture 102

Architecture Risk Telecommunications Advertising 102

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

NOVEMBER 19, 2019

Nearly half of executives surveyed don't believe their employees would be able to spot a bad actor posing as an online retailer, Zix-AppRiver found.

Retail 136

Retail Risk 136

Threatpost

NOVEMBER 22, 2019

The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security.

Mobile 118

Mobile Hacking 118

Dark Reading

NOVEMBER 22, 2019

An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.

Advertising 104

Advertising 104

Security Affairs

NOVEMBER 22, 2019

The Russian hacker who created and used Neverquest banking malware has finally been sentenced to 4 years in prison by a US District Court. Stanislav Vitaliyevich Lisov (34), the Russian hacker who created and used Neverquest banking malware has been sentenced to 4 years in prison by the United States District Court for the Southern District of New York.

Banking 102

Banking Malware Advertising Passwords 102

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

NOVEMBER 18, 2019

The conference, hosted by Columbia University, brought together CISOs, lawmakers, academics, and businesses to discuss GDPR, CCPA, and data privacy in all its forms.

Data privacy 126

Data privacy CISO 126

Threatpost

NOVEMBER 21, 2019

Successful exploitation allows attackers to steal potentially sensitive information, change appearance of the web page, and perform phishing, spoofing and drive-by-download attacks.

Phishing 90

Phishing Mobile 90

Dark Reading

NOVEMBER 21, 2019

Not all managed security service providers are created equal. These questions can reveal whether you are hiring the right people to help secure your business.

Marketing 93

Marketing 93

Security Affairs

NOVEMBER 21, 2019

Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip. At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The chip was designed to process sensitive data and processes, include Verified Boot, on-device disk encryption, and secure transactions.

Advertising 100

Advertising Encryption Hacking Mobile 100

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk