Krebs on Security
JULY 19, 2019
Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.
Schneier on Security
JULY 16, 2019
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 19, 2019
It's the last one from Norway before heading off to the US and diving into the deep end of the Project Svalbard pool followed by Black Hat and DEF CON in Vegas. That's off the back of the last week being focused on pushing out Pwned Passwords V5, loading several hundred million new records worth of new data breaches and finally launching something I've been very excited about for a long time now: auth on the HIBP API.
Adam Levin
JULY 19, 2019
The Kazakhstan government is intercepting all HTTPS-encrypted internet traffic within its borders. Under a new directive effective 7/17, the Kazakhstan government is requiring every internet service provider in the country to install a security certificate onto every internet-enabled device and browser. Once installed, this certificate allows the government to decrypt and analyze all incoming internet traffic. .
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
JULY 15, 2019
The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “ REvil ,” “ Sodin ,” and “ Sodinokibi.” “We are getting a well-deserv
Schneier on Security
JULY 15, 2019
Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: If police have a name that's associated with a license plate, they can use automatic license plate reader data to find out where they've been, and when
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JULY 13, 2019
The Magecart continues to target websites worldwide, it infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . The Magecart gang made the headlines again, according to a new report published by RiskIQ , it has infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . A few days ago, security experts at Sanguine Security have uncovered a new large-scale payment card skimming campaign that already hacked 962 online stores running on the Magento
Krebs on Security
JULY 17, 2019
“It takes a certain kind of man with a certain reputation. To alleviate the cash from a whole entire nation…” KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake. The name of this particular card shop won’t be mentioned here, and its various domain names featured in the video have been pixelated so as not to further
Schneier on Security
JULY 18, 2019
Identity theft is getting more subtle: " My job application was withdrawn by someone pretending to be me ": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did. At first, he assumed he was unsuccessful, but after emailing his contact there, it turned out someone had created a Gmail account in his name and asked the company to withdraw his application.
WIRED Threat Level
JULY 13, 2019
An Apple Watch bug, a hackable hair straightener, and more security news this week.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
JULY 19, 2019
The former NSA contractor who pled guilty to stealing over 50TB of data from the Agency, was sentenced to nine years in prison. The former National Security Agency contractor Harold Thomas Martin III , who was accused and subsequently pled guilty to stealing over 50TB of classified NSA data, was sentenced to nine years in prison. The man was arrested by the FBI in October 2016 , the US DoJ charged Harold Thomas Martin with theft of secret documents and highly classified government material.
Thales Cloud Protection & Licensing
JULY 17, 2019
If the vast majority of the people in your office knew they would contract the flu today, it’s safe to say most chairs would remain empty. Anyone who actually came to work would avoid others, sanitize drawer handles, wash their hands, and/or wear a mask. There would be an obvious flurry of activity as people attempted to be part of the fortunate 30 percent that wouldn’t get sick.
Adam Shostack
JULY 14, 2019
A Man on the Moon , Andrew Chaikin is probably the best of the general histories of the moon landings. Failure is not an Option , by Gene Kranz, who didn’t actually say that during Apollo 13. Marketing The Moon by David Scott and Richard Jurek. I was surprised what a good history this was, and how much it brought in the overall history of the program and put it in context.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
JULY 19, 2019
Poland and Lithuania are probing the potential privacy and security risks of using a Russian-made app FaceApp. Millions of people recently downloaded the FaceApp app and are taking part in the “ #FaceApp Challenge ” to show friends how they can look like when they will be old and grey. Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp.
WIRED Threat Level
JULY 14, 2019
All those services you signed up for but forgot about? They're a security risk. Here's how to get rid of them.
Schneier on Security
JULY 19, 2019
I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.
Dark Reading
JULY 16, 2019
Publishing the keys should render existing versions of the ransomware far less dangerous for victims.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JULY 14, 2019
Security experts at Emsisoft released a new decryptor, it could be used for free by victims of the Ims00rry ransomware to decrypt their files. Thanks to the experts at Emsisoft the victims of the Ims00rry ransomware can decrypt their files for free. The Ims00rry ransomware used AES-128 algorithm for the encryption process. Unlike most of the ransomware, Ims00rry and doesn’t append an extension to the filenames of the encrypted files.
Threatpost
JULY 19, 2019
The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
Schneier on Security
JULY 13, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is maintained on this page.
Dark Reading
JULY 17, 2019
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
JULY 18, 2019
Drupal developers urge users to update their installs to version 8.7.5, which addresses the CVE-2019-6342 flaw that allows hackers to take control of Drupal 8 sites. Drupal developers informed users that version 8.7.4 is affected by a critical flaw, tracked as CVE-2019-6342, that could be exploited by attackers to take control of Drupal 8 websites. Users have to update to version 8.7.5 to address the vulnerability.
Threatpost
JULY 14, 2019
Most respondents in a recent survey say they're losing the battle despite having up-to-date protections in place.
Thales Cloud Protection & Licensing
JULY 16, 2019
This week marks the return of Amazon Prime Day – Amazon’s seasonal retail event which has fast become a masterclass in driving demand and growth through great customer experience. In fact, last year’s event was touted as ‘the biggest shopping event in history’ , with over 100 million products sold. In a savvy move to drive up premium subscriptions, Prime Day sees subscribed members of the Amazon Prime service access exclusive discounts on an array of products for a limited amount of time – 48 ho
Dark Reading
JULY 18, 2019
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JULY 18, 2019
Experts at Intezer discovered a new backdoor, dubbed EvilGnome, that is targeting Linux systems for cyber espionage purpose. Intezer spotted a new piece of Linux malware dubbed EvilGnome because it disguises as a Gnome extension. The researchers attribute the spyware to the Russia-linked and Gamaredon Group. The modules used by EvilGnome are reminiscent of the Windows tools used by the Gamaredon Group, other analogies include the use of SFX, persistence with task scheduler and the deployment o
Threatpost
JULY 18, 2019
More victims of a 2015 credential-harvesting incident have come to light.
WIRED Threat Level
JULY 18, 2019
The dramatic EU Galileo incident underscores the threat of satellite timing and navigation system failures.
Dark Reading
JULY 17, 2019
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
279 
Let's personalize your content