Krebs on Security

FEBRUARY 18, 2019

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

DNS 262

DNS Internet Internet Government 262

Adam Levin

FEBRUARY 18, 2019

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission. The social media giant has been under investigation by the FTC since March 2018 in the wake of the Cambridge Analytica scandal, which affected 87 million users and may have been a pivotal influence in the 2016 election campaign.

Media 248

Media Technology Government 248

Schneier on Security

FEBRUARY 21, 2019

The police are increasingly getting search warrants for information about all cellphones in a certain location at a certain time: Police departments across the country have been knocking at Google's door for at least the last two years with warrants to tap into the company's extensive stores of cellphone location data. Known as "reverse location search warrants," these legal mandates allow law enforcement to sweep up the coordinates and movements of every cellphone in a broad area.

Surveillance 193

Surveillance 193

Adam Shostack

FEBRUARY 16, 2019

Apparently, “ Dolphins Seem to Use Toxic Pufferfish to Get High.” Of course, pufferfish toxins are also part of why the fish is a delicacy in Japan. It just goes to show that nature finds its own, chaotic, uses for things.

113

113

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

FEBRUARY 21, 2019

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card

Wireless 240

Wireless Mobile Accountability Technology 240

Adam Levin

FEBRUARY 21, 2019

As Brexit looms, the UK and the EU can still agree that Facebook needs to be reined in. A report published earlier this month by the U.K. Digital, Culture, Media and Sport committee likened the social media company to “‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.” The committee came to the conclusion that Facebook knowingly violated U.K. privacy and anti-competition laws and required further regulation and investigation.

Marketing 158

Marketing Media Government 158

Adam Shostack

FEBRUARY 20, 2019

“ Making the Case for a Cybersecurity Moon Shot ” is my latest, over at Dark Reading. “There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.

Cybersecurity 100

Cybersecurity 100

Security Affairs

FEBRUARY 18, 2019

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they have orchestrated the key attack vectors but the mitigation and detection guidance for each attack vector are also part of this framework.

Cybercrime 100

Cybercrime Advertising Threat Detection Marketing 100

WIRED Threat Level

FEBRUARY 18, 2019

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders.

Accountability 96

Accountability 96

Schneier on Security

FEBRUARY 22, 2019

Really interesting article by and interview with Paul M. Nakasone (Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service) in the current issue of Joint Forces Quarterly. He talks about the evolving role of US CyberCommand, and it's new posture of "persistent engagement" using a "cyber-presistant force": From the article: We must "defend forward" in cyberspace, as we do in the physical domains.

Technology 192

Technology Cybersecurity 192

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

FEBRUARY 21, 2019

The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.

Cybersecurity 92

Cybersecurity Malware 92

Security Affairs

FEBRUARY 21, 2019

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The GandCrab decryptor is available for free from BitDefender and from the NoMoreRansom project.

Ransomware 97

Ransomware Advertising Malware Encryption 97

WIRED Threat Level

FEBRUARY 21, 2019

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

111

111

Schneier on Security

FEBRUARY 20, 2019

At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.

DNS 191

DNS Government 191

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

FEBRUARY 22, 2019

VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.

VPN 97

VPN Information Security 97

Security Affairs

FEBRUARY 19, 2019

Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have. They ranged from regulatory fines to depression to damaged relationships with customers.

Cybersecurity 95

Cybersecurity IoT Mobile Malware 95

WIRED Threat Level

FEBRUARY 20, 2019

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean.

111

111

Schneier on Security

FEBRUARY 18, 2019

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories, screen shots of chats, etc. -- please forward them to me.

188

188

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

FEBRUARY 19, 2019

In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.

Software 84

Software 84

Security Affairs

FEBRUARY 17, 2019

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month. Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Hacking 94

Hacking Advertising Engineering Cybersecurity 94

WIRED Threat Level

FEBRUARY 18, 2019

It used to make sense to believe something until it was debunked; now, it makes sense to assume certain claims are fake—unless they are verified.

89

89

Schneier on Security

FEBRUARY 18, 2019

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters.

IoT 196

IoT Hacking 196

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

FEBRUARY 18, 2019

No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.

CISO 85

CISO Technology 85

Security Affairs

FEBRUARY 17, 2019

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block. Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.

Phishing 92

Phishing Advertising Accountability Authentication 92

WIRED Threat Level

FEBRUARY 17, 2019

What happens to all those emails and passwords that get leaked? They're frequently used to try to break into users' other accounts across the internet.

Passwords 83

Passwords Internet Internet Accountability 83

Thales Cloud Protection & Licensing

FEBRUARY 19, 2019

A few weeks ago, we issued the Global Edition of our 2019 Thales Data Threat Report, now in its seventh year. This year much of the emphasis within the results was on how digital transformation can put organizations’ sensitive data at risk. The results showed, for instance, that almost every organization surveyed is dealing with digital transformation at one level or another (97%), and that organizations that are aggressively investing in digital transformation had higher rates of data breaches.

Digital transformation 70

Digital transformation Data breaches Threat Reports Marketing 70

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

FEBRUARY 22, 2019

Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter.

Mobile 78

Mobile Malware 78

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer. Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years.

Advertising 91

Advertising Software Hacking 91

Elie

FEBRUARY 18, 2019

This post considers the perception clash that exists between what users perceive to be their most valuable accounts (email and social networks) and those they think they should protect the most (online banking).

Accountability 62

Accountability Account Security Banking 62

Threatpost

FEBRUARY 20, 2019

Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.

Cybersecurity 87

Cybersecurity Hacking 87

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk