Krebs on Security

JUNE 18, 2018

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Craig Young , a researcher with security firm Tripwire , said he discovered an authentication weakness that leaks incredibly accurate location information about users of both

IoT 180

IoT Internet Internet Wireless 180

Schneier on Security

JUNE 18, 2018

Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that : The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, the manufacturer has responded that ".the lock is invincible to the people who do not have a screwdriver.".

Manufacturing 161

Manufacturing Internet Internet Accountability 161

The Last Watchdog

JUNE 18, 2018

Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials.

Banking 137

Banking Mobile Social Engineering Authentication 137

Troy Hunt

JUNE 16, 2018

We're at NDC Oslo! We found a spot on the floor and recorded this a couple of hours before doing our final talk of the event. In this video, we discuss some of what we were planning to cover in that talk, namely HTTPS anti-vaxxers as Scott wrote about earlier in the week. And how did it go? Apparently, exceptionally well! Best talk of the conf! @troyhunt and @Scott_Helme on web security - dont get advise from a psychic ??

117

117

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JUNE 19, 2018

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties. At issue are companies known in the wireless industry as “location aggregators,” entities that manage requests for real-time customer location data for a variety of purposes, such as roadside assistance and emergenc

Mobile 160

Mobile Wireless Telecommunications Technology 160

Schneier on Security

JUNE 20, 2018

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points out an application where this could become a vulnerability: when authenticating transactions: Transaction authentication, as opposed to user authentication, is used to attest the

Authentication 134

Authentication Banking Social Engineering Mobile 134

Troy Hunt

JUNE 22, 2018

Last day away! As much as I enjoy travel, I love going home and I'm wrapping this post up whilst sitting at the airport in Oslo about to begin the epic journey that is travelling back to the other side of the world. It's been a great trip, but yeah, I like home ??. This week, I'm recapping on some workshops, talking about how data breaches circulate, sharing some pretty epic Report URI stats and also covering last week's blog post on the Estonian government providing data to HIBP.

Data breaches 113

Data breaches Government 113

Krebs on Security

JUNE 22, 2018

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies. Image: Wikipedia.

Mobile 123

Mobile Wireless Government Technology 123

Schneier on Security

JUNE 21, 2018

Algeria shut the Internet down nationwide to prevent high-school students from cheating on their exams. The solution in New South Wales, Australia was to ban smartphones.

Internet 127

Internet Internet 127

Adam Shostack

JUNE 21, 2018

For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. If you want to take this as an excuse to civilly discuss the political side of this, please feel free. Seattle has a housing and homelessness crisis. The cost of a house has risen nearly 25% above the 2007 market peak , and has roughly doubled in the 6 years since April 2012.

Architecture 100

Architecture Marketing Technology Software 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 22, 2018

Thanks to Carpenter v. United States, the government will now generally need a warrant to obtain your cell site location information.

Government 101

Government 101

Dark Reading

JUNE 22, 2018

Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.

Scams 92

Scams Ransomware 92

Schneier on Security

JUNE 22, 2018

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used extensively by activists, independent and citizen journalists, dissidents and international media.

Media 114

Media 114

Thales Cloud Protection & Licensing

JUNE 19, 2018

Every June, Gartner hosts a terrific security conference near Washington, D.C. called Gartner Security & Risk Management Summit. This event is focused on the needs of senior IT and security professionals, such as CISOs, chief risk officers, architects, IAM and network security leaders. This year, there were over 3,000 attendees, 120 analyst sessions to choose from, and 200 vendors that were on the show floor and delivering presentations.

Risk 59

Risk Digital transformation IoT Firewall 59

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

WIRED Threat Level

JUNE 22, 2018

A hacking truce between China and the US doesn't address government espionage operations, a workaround both countries exploit.

Hacking 99

Hacking Government 99

Dark Reading

JUNE 18, 2018

The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.

Phishing 82

Phishing 82

Schneier on Security

JUNE 22, 2018

I missed this story when it came around last year : someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail.

120

120

Thales Cloud Protection & Licensing

JUNE 21, 2018

For years now many organisations have approached data security with a sense of reluctance. Driven to adopt policies through a need to comply with complex regulations and a fear of picking up a fine through falling foul of the latest rules. Just look back at the amount of marketing we have seen around the launch of the GDPR this year, all of it relentlessly focused on the size of the financial penalties and, largely, adopting scare tactics designed to catch the eye and provoke pangs of guilt.

Retail 54

Retail Marketing Insurance Encryption 54

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

JUNE 19, 2018

Using a technique called DNS rebinding, one amateur hacker found vulnerabilities in devices from Google, Roku, Sonos, and more.

DNS 98

DNS 98

Dark Reading

JUNE 19, 2018

Michelle Dennedy sat down with Dark Reading at the recent Cisco Live to set the record straight about privacy, regulation, encryption, and more.

Encryption 76

Encryption 76

Threatpost

JUNE 20, 2018

Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates.

Scams 63

Scams Phishing Hacking 63

Thales Cloud Protection & Licensing

JUNE 20, 2018

Data-level security is not just another mandate. It’s a necessity. That was a recurring theme during a roundtable discussion held in advance of the Data Security Summit at Spire in Washington, D.C. The theme of the summit, sponsored by Thales eSecurity, was “IT Modernization: The New Cyber Agenda.”. The roundtable, including more than a dozen IT and cyber leaders from government and industry, explored the business drivers, challenges and evolving strategies around cybersecurity in government.

Government 54

Government Data breaches Big data Technology 54

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

WIRED Threat Level

JUNE 18, 2018

Forget memoji. Apple's push to transmit instant, accurate locations during emergency calls will have a profound effect for first responders.

87

87

Dark Reading

JUNE 20, 2018

As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.

72

72

Threatpost

JUNE 19, 2018

The threat actors appear to be in a reconnaissance phase, which could be a prelude to a larger cyber-sabotage attack meant to destroy and paralyze infrastructure.

Malware 45

Malware Hacking 45

eSecurity Planet

JUNE 18, 2018

A look at the strengths and weaknesses of Sophos XG and SonicWall NSA, two top next-generation firewalls.

Firewall 57

Firewall 57

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

WIRED Threat Level

JUNE 22, 2018

Lawmakers in California have introduced a sweeping privacy bill that could reign in the power of their Silicon Valley neighbors.

83

83

Dark Reading

JUNE 20, 2018

Hackers are using the infrastructure, meant to transmit data between applications, for command and control.

Financial Services 75

Financial Services 75

Threatpost

JUNE 22, 2018

The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.

DNS 44

DNS Accountability IoT Hacking 44

Spinone

JUNE 20, 2018

Now we observe how businesses and non-profits are moving all of their valuable data to the cloud. Backup has already become their culture and savvy ones introduce CASB systems to protect their data from the most popular and dangerous cyber security risks. But since nobody knows what kind of new threat can occur, the only response remaining in case of a disaster is to follow a Disaster Recovery plan.

Backups 40

Backups Spyware Risk Antivirus 40

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk