Krebs on Security

FEBRUARY 18, 2019

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

DNS 279

DNS Internet Internet Government 279

Adam Levin

FEBRUARY 18, 2019

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission. The social media giant has been under investigation by the FTC since March 2018 in the wake of the Cambridge Analytica scandal, which affected 87 million users and may have been a pivotal influence in the 2016 election campaign.

Media 248

Media Technology Government 248

Schneier on Security

FEBRUARY 21, 2019

The police are increasingly getting search warrants for information about all cellphones in a certain location at a certain time: Police departments across the country have been knocking at Google's door for at least the last two years with warrants to tap into the company's extensive stores of cellphone location data. Known as "reverse location search warrants," these legal mandates allow law enforcement to sweep up the coordinates and movements of every cellphone in a broad area.

Surveillance 230

Surveillance 230

Troy Hunt

FEBRUARY 16, 2019

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one. That's why I'm a day late this week having finally arrived home late last night. Moving on though, I've got a bunch of other events coming up particularly in conjunctions with the folks at NDC.

Data breaches 223

Data breaches Hacking 223

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Krebs on Security

FEBRUARY 21, 2019

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card

Wireless 264

Wireless Mobile Accountability Technology 264

Adam Levin

FEBRUARY 21, 2019

As Brexit looms, the UK and the EU can still agree that Facebook needs to be reined in. A report published earlier this month by the U.K. Digital, Culture, Media and Sport committee likened the social media company to “‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.” The committee came to the conclusion that Facebook knowingly violated U.K. privacy and anti-competition laws and required further regulation and investigation.

Marketing 158

Marketing Media Government 158

The Last Watchdog

FEBRUARY 20, 2019

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established. That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.”. Related: Mark Zuckerberg’s intolerable business model.

Internet 113

Internet Internet Data privacy Engineering 113

Adam Shostack

FEBRUARY 16, 2019

Apparently, “ Dolphins Seem to Use Toxic Pufferfish to Get High.” Of course, pufferfish toxins are also part of why the fish is a delicacy in Japan. It just goes to show that nature finds its own, chaotic, uses for things.

113

113

WIRED Threat Level

FEBRUARY 21, 2019

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

111

111

Schneier on Security

FEBRUARY 19, 2019

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia. Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian border, and in the capital, Tallinn, about twice as far from it. The volunteers, who've inspired a handful of similar operations around the world, are readying themselves to defend against the kind of sustained digital attack that could

Banking 218

Banking 218

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

FEBRUARY 21, 2019

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The GandCrab decryptor is available for free from BitDefender and from the NoMoreRansom project.

Ransomware 111

Ransomware Advertising Malware Encryption 111

Adam Shostack

FEBRUARY 20, 2019

“ Making the Case for a Cybersecurity Moon Shot ” is my latest, over at Dark Reading. “There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.

Cybersecurity 100

Cybersecurity 100

WIRED Threat Level

FEBRUARY 20, 2019

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean.

111

111

Schneier on Security

FEBRUARY 18, 2019

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters.

IoT 213

IoT Hacking 213

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer. Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years.

Advertising 111

Advertising Software Hacking 111

Dark Reading

FEBRUARY 22, 2019

VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.

VPN 97

VPN Information Security 97

WIRED Threat Level

FEBRUARY 19, 2019

A new ranking of nation-state hacker speed puts Russia on top by a span of hours.

109

109

Schneier on Security

FEBRUARY 20, 2019

At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.

DNS 203

DNS Government 203

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

FEBRUARY 19, 2019

Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have. They ranged from regulatory fines to depression to damaged relationships with customers.

Cybersecurity 111

Cybersecurity IoT Mobile Malware 111

Dark Reading

FEBRUARY 21, 2019

The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.

Cybersecurity 92

Cybersecurity Malware 92

WIRED Threat Level

FEBRUARY 18, 2019

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders.

Accountability 100

Accountability 100

Schneier on Security

FEBRUARY 18, 2019

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories, screen shots of chats, etc. -- please forward them to me.

199

199

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

FEBRUARY 18, 2019

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they have orchestrated the key attack vectors but the mitigation and detection guidance for each attack vector are also part of this framework.

Cybercrime 111

Cybercrime Advertising Threat Detection Marketing 111

Elie

FEBRUARY 17, 2019

Account Security 91

Account Security Accountability 91

WIRED Threat Level

FEBRUARY 18, 2019

It used to make sense to believe something until it was debunked; now, it makes sense to assume certain claims are fake—unless they are verified.

94

94

Dark Reading

FEBRUARY 20, 2019

A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.

Phishing 88

Phishing Engineering 88

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 17, 2019

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month. Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Hacking 111

Hacking Advertising Engineering Cybersecurity 111

Threatpost

FEBRUARY 20, 2019

Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.

Hacking 87

Hacking Cybersecurity 87

WIRED Threat Level

FEBRUARY 17, 2019

What happens to all those emails and passwords that get leaked? They're frequently used to try to break into users' other accounts across the internet.

Passwords 93

Passwords Internet Internet Accountability 93

Dark Reading

FEBRUARY 22, 2019

Preventative technologies are only part of the picture and often come at the expense of the humans behind them.

Technology 86

Technology 86

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!