Krebs on Security
JULY 19, 2019
Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.
Schneier on Security
JULY 16, 2019
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
JULY 19, 2019
The Kazakhstan government is intercepting all HTTPS-encrypted internet traffic within its borders. Under a new directive effective 7/17, the Kazakhstan government is requiring every internet service provider in the country to install a security certificate onto every internet-enabled device and browser. Once installed, this certificate allows the government to decrypt and analyze all incoming internet traffic. .
Troy Hunt
JULY 19, 2019
It's the last one from Norway before heading off to the US and diving into the deep end of the Project Svalbard pool followed by Black Hat and DEF CON in Vegas. That's off the back of the last week being focused on pushing out Pwned Passwords V5, loading several hundred million new records worth of new data breaches and finally launching something I've been very excited about for a long time now: auth on the HIBP API.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Krebs on Security
JULY 17, 2019
“It takes a certain kind of man with a certain reputation. To alleviate the cash from a whole entire nation…” KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake. The name of this particular card shop won’t be mentioned here, and its various domain names featured in the video have been pixelated so as not to further
Schneier on Security
JULY 15, 2019
Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: If police have a name that's associated with a license plate, they can use automatic license plate reader data to find out where they've been, and when
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
JULY 14, 2019
A Man on the Moon , Andrew Chaikin is probably the best of the general histories of the moon landings. Failure is not an Option , by Gene Kranz, who didn’t actually say that during Apollo 13. Marketing The Moon by David Scott and Richard Jurek. I was surprised what a good history this was, and how much it brought in the overall history of the program and put it in context.
Krebs on Security
JULY 15, 2019
The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “ REvil ,” “ Sodin ,” and “ Sodinokibi.” “We are getting a well-deserv
Schneier on Security
JULY 18, 2019
Identity theft is getting more subtle: " My job application was withdrawn by someone pretending to be me ": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did. At first, he assumed he was unsuccessful, but after emailing his contact there, it turned out someone had created a Gmail account in his name and asked the company to withdraw his application.
WIRED Threat Level
JULY 16, 2019
Medtronic and the FDA left an insulin pump with a potentially deadly vulnerability on the market—until researchers who found the flaw showed how bad it could be.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JULY 13, 2019
The Magecart continues to target websites worldwide, it infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . The Magecart gang made the headlines again, according to a new report published by RiskIQ , it has infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . A few days ago, security experts at Sanguine Security have uncovered a new large-scale payment card skimming campaign that already hacked 962 online stores running on the Magento
Dark Reading
JULY 16, 2019
The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?
Schneier on Security
JULY 19, 2019
I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.
WIRED Threat Level
JULY 17, 2019
The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
JULY 18, 2019
Experts at Intezer discovered a new backdoor, dubbed EvilGnome, that is targeting Linux systems for cyber espionage purpose. Intezer spotted a new piece of Linux malware dubbed EvilGnome because it disguises as a Gnome extension. The researchers attribute the spyware to the Russia-linked and Gamaredon Group. The modules used by EvilGnome are reminiscent of the Windows tools used by the Gamaredon Group, other analogies include the use of SFX, persistence with task scheduler and the deployment o
Dark Reading
JULY 18, 2019
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Schneier on Security
JULY 13, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is maintained on this page.
Thales Cloud Protection & Licensing
JULY 16, 2019
This week marks the return of Amazon Prime Day – Amazon’s seasonal retail event which has fast become a masterclass in driving demand and growth through great customer experience. In fact, last year’s event was touted as ‘the biggest shopping event in history’ , with over 100 million products sold. In a savvy move to drive up premium subscriptions, Prime Day sees subscribed members of the Amazon Prime service access exclusive discounts on an array of products for a limited amount of time – 48 ho
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
JULY 19, 2019
The former NSA contractor who pled guilty to stealing over 50TB of data from the Agency, was sentenced to nine years in prison. The former National Security Agency contractor Harold Thomas Martin III , who was accused and subsequently pled guilty to stealing over 50TB of classified NSA data, was sentenced to nine years in prison. The man was arrested by the FBI in October 2016 , the US DoJ charged Harold Thomas Martin with theft of secret documents and highly classified government material.
Dark Reading
JULY 17, 2019
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Threatpost
JULY 15, 2019
In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JULY 19, 2019
Poland and Lithuania are probing the potential privacy and security risks of using a Russian-made app FaceApp. Millions of people recently downloaded the FaceApp app and are taking part in the “ #FaceApp Challenge ” to show friends how they can look like when they will be old and grey. Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp.
Dark Reading
JULY 19, 2019
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
WIRED Threat Level
JULY 14, 2019
All those services you signed up for but forgot about? They're a security risk. Here's how to get rid of them.
Threatpost
JULY 19, 2019
The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
JULY 14, 2019
Security experts at Emsisoft released a new decryptor, it could be used for free by victims of the Ims00rry ransomware to decrypt their files. Thanks to the experts at Emsisoft the victims of the Ims00rry ransomware can decrypt their files for free. The Ims00rry ransomware used AES-128 algorithm for the encryption process. Unlike most of the ransomware, Ims00rry and doesn’t append an extension to the filenames of the encrypted files.
Dark Reading
JULY 17, 2019
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
CTOVision Cybersecurity
JULY 18, 2019
Your business operates in a world where there is an incredibly high demand for cybersecurity talent. Now with unemployment at a 50 year low there are no indications that anything can be done to dramatically increase the pool of cybersecurity talent. Enterprise grade cybersecurity requires enterprise grade experience. How do you get that in today’s […].
WIRED Threat Level
JULY 13, 2019
An Apple Watch bug, a hackable hair straightener, and more security news this week.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
253 
Let's personalize your content