Sat.Oct 13, 2018 - Fri.Oct 19, 2018

article thumbnail

How DNA Databases Violate Everyone's Privacy

Schneier on Security

If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper : "Identity inference of genomic data using long-range familial searches." Abstract: Consumer genomics databases have reached the scale of millions of individuals.

277
277
article thumbnail

30k+ Pentagon Employees Compromised in Data Breach

Adam Levin

The credit card data and travel records of roughly 30,000 employees of the U.S. Defense Department have been compromised in a data breach. The hack was first detected on October 4th, but may have occurred months ago and could have affected more accounts than initially reported. Despite this, the Pentagon has tried to downplay the potentially wider scope of the incident.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 108

Troy Hunt

I'm in Texas! And I've had enough BBQ to last me a very long time. I'm here doing a couple of speaking events and other related things as well as taking some time out with my wife to see the sites. As such, it's a bit quieter this week but there's still a couple of things I reckon are worthy of discussion. Just before jumping on the plane over here I pushed out a blog post on how my approach to callbacks in HIBP broke Mozilla's service which in turn broke my Azure Function.

InfoSec 205
article thumbnail

GUEST ESSAY: Pentagon’s security flaws highlighted in GAO audit — and recent data breach

The Last Watchdog

Being the obvious target that it is, the U.S. Department of Defense presumably has expended vast resources this century on defending its digital assets from perennial cyber attacks. Related: Why carpet bombing email campaigns endure. And yet two recent disclosures highlight just how brittle the military’s cyber defenses remain in critical areas. By extension these developments are yet another reminder of why constantly monitoring and proactively defending business networks must be a prime direct

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

West Virginia Using Internet Voting

Schneier on Security

This is crazy (and dangerous). West Virginia is allowing people to vote via a smart-phone app. Even crazier, the app uses blockchain -- presumably because they have no idea what the security issues with voting actually are.

Internet 262
article thumbnail

Social Media Companies Tout “War Rooms” To Combat Election Interference

Adam Levin

The social media companies Facebook and Reddit are publicizing “War Rooms” set up to closely monitor their network content for election tampering. Facebook in particular experienced significant backlash for their site’s role in disseminating information created by Russian “troll farms” where false and misleading new stories and advertisements were propagated to discredit then-candidate Hillary Clinton as well as to foment general disagreement and conflict across the United States.

Media 178

LifeWorks

More Trending

article thumbnail

GUEST ESSAY: Supply chain vulnerabilities play out in latest Pentagon personnel records breach

The Last Watchdog

It is disheartening, but not at all surprising, that hackers continue to pull off successful breaches of well-defended U.S. government strategic systems. Related podcast: Cyber attacks on critical systems have only just begun. On Friday, Oct. 12, the Pentagon disclosed that intruders breached Defense Department travel records and compromised the personal information and credit card data of U.S. military and civilian personnel.

Risk 133
article thumbnail

Privacy for Tigers

Schneier on Security

Ross Anderson has some new work : As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow leopards, for elephants and rhinos ­ and even for tortoises and sharks.

Mobile 235
article thumbnail

CINRA Act Looks to Standardize Breach Notification

Adam Levin

A bill seeking to standardize data breach notifications for the financial industry at the federal level was passed this week by the House Financial Services Committee. Bill H.R. 6743, also called the Consumer Information Notification Requirement Act, is an amendment to the Gramm-Leach-Bliley Act with the purported aim of creating a national standard to notify consumers if a financial institution has had their data compromised.

article thumbnail

Measuring ROI for DMARC

Adam Shostack

I’m pleased to be able to share work that Shostack & Associates and the Cyentia Institute have been doing for the Global Cyber Alliance. In doing this, we created some new threat models for email, and some new statistical analysis of. It shows the 1,046 domains that have successfully activated strong protection with GCA’s DMARC tools will save an estimated $19 million to $66 million dollars from limiting BEC for the year of 2018 alone.

124
124
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Brazil expert discovers Oracle flaw that allows massive DDoS attacks

Security Affairs

Oracle has just released a security update to prevent 2.3 million servers running the RPCBIND service from being used in amplified DDoS attacks. The flaw was discovered by the Brazilian researcher Mauricio Corrêa, founder of Brazilian security company XLabs. The exploitation of this vulnerability could cause major problems on the Internet. “A proof of concept (POC) made in only one XLabs server generated a traffic of 69 gigabits per second,” Mauricio told Cibersecurity.net.br.

DDOS 111
article thumbnail

Government Perspective on Supply Chain Security

Schneier on Security

This is an interesting interview with a former NSA employee about supply chain security. I consider this to be an insurmountable problem right now.

article thumbnail

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

WIRED Threat Level

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity.

111
111
article thumbnail

IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training

Dark Reading

A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.

Education 102
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

How Cybercriminals are Targeting free Wi-Fi Users?

Security Affairs

Free Wi-Fi is convenient, but it is also unsafe and puts users at great risk. Here’s how the cybercriminals attack user on these open networks. The free Wi-Fi is one of the catchiest things for the users in today’s world. This is the main reason why so many free public Wi-Fi can be found without much of a problem. It is not only free but convenient to use these open networks.

VPN 111
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I'm speaking at Data in Smarter Cities in New York City on October 23, 2018. I'm speaking at the Cyber Security Summit in Minneapolis, Minnesota on October 24, 2018. I'm speaking at ISF's 29th Annual World Congress in Las Vegas, Nevada on October 30, 2018. I'm speaking at Kiwicon in Wellington, New Zealand on November 16, 2018.

203
203
article thumbnail

Privacy Extension to Elevation of Privilege game

Adam Shostack

The fine folks at Logmein have released a version of Elevation of Privilege that adds privacy! Check out the fine work by Mark Vinkovits at their blog, by Mark Vinkovits.

100
100
article thumbnail

Creating a Safe Online Experience At Home

PerezBox Security

As a parent, and a technologist, I struggle with creating a safe online experience at home. I’m constantly playing with different technologies – hardware and software – trying to find. Read More. The post Creating a Safe Online Experience At Home appeared first on PerezBox.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Expert released PoC Code Microsoft Edge Remote Code Execution flaw

Security Affairs

Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical. One of the issues is a critical remote code execution vulnerability in Edge web browser tracked as CVE-2018-8495. “A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka

article thumbnail

3 Out of 4 Employees Pose a Security Risk

Dark Reading

New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.

Risk 97
article thumbnail

Kanye's Password, a WhatsApp Bug, and More Security News This Week

WIRED Threat Level

A grey hat hacking hero, bad boat news, and more security news this week.

article thumbnail

Multiple D-Link Routers Open to Complete Takeover with Simple Attack

Threatpost

The vendor only plans to patch two of the eight impacted devices, according to a researcher.

Hacking 91
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Chaining three critical vulnerabilities allows takeover of D-Link routers

Security Affairs

Researchers from the Silesian University of Technology in Poland discovered several flaws that could be exploited to take over some D-Link routers. A group of researchers from the Silesian University of Technology in Poland has discovered three vulnerabilities in some models of D-Link routers that could be chained to take full control over the devices.

Passwords 111
article thumbnail

6 Reasons Why Employees Violate Security Policies

Dark Reading

Get into their heads to find out why they're flouting your corporate cybersecurity rules.

article thumbnail

A Trove of Facebook Data Is a Spammer's Dream and Your Nightmare

WIRED Threat Level

A new report suggests that spammers, not nation states, may have been behind the Facebook hack. That could be even worse news.

Hacking 95
article thumbnail

Up to 35 Million 2018 Voter Records For Sale on Hacking Forum

Threatpost

Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web.

Hacking 83
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Thousands of servers easy to hack due to a LibSSH Flaw

Security Affairs

The Libssh library is affected by a severe flaw that could be exploited by attackers to completely bypass authentication and take over a vulnerable server. The Secure Shell (SSH) implementation library, the Libssh, is affected by a four-year-old severe vulnerability that could be exploited by attackers to completely bypass authentication and take over a vulnerable server without requiring a password.

Hacking 111
article thumbnail

Cybercrime-as-a-Service: No End in Sight

Dark Reading

Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.

article thumbnail

The Mysterious Return of Years-Old APT1 Malware

WIRED Threat Level

Security researchers have discovered a new instance code associated with APT1, a notorious Chinese hacking group that disappeared in 2013.

Malware 79
article thumbnail

AWS FreeRTOS Bugs Allow Compromise of IoT Devices

Threatpost

The bugs let hackers crash IoT devices, leak their information, and completely take them over.

IoT 81
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!