Schneier on Security
SEPTEMBER 5, 2019
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.
Krebs on Security
SEPTEMBER 2, 2019
Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct , an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
SEPTEMBER 4, 2019
The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.
Troy Hunt
SEPTEMBER 1, 2019
How's that for a setting in this week's video? ?? First day of spring here which aligned with a father's day on the water: May all your father’s days be full of fun and laughter ?? pic.twitter.com/pN1dQ38cDr — Troy Hunt (@troyhunt) September 1, 2019 Back on business as usual, there's the SIM hijacking issue with Jack Dorsey's Twitter account, more data breaches and joyously, the HIBP API being back in full swing with the 500 subscription limit issue on Azure's APIM now being overcome.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
SEPTEMBER 3, 2019
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.).
Krebs on Security
SEPTEMBER 3, 2019
A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “ Satori ” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
SEPTEMBER 4, 2019
The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps. Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the house, have begun acknowledging the importance of incorporating SecOps along the way.
Schneier on Security
SEPTEMBER 4, 2019
Good article in the Washington Post on all the surveillance associated with credit card use.
Adam Shostack
SEPTEMBER 3, 2019
Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. One of the values of the four question frame is that it lets us reduce things into smaller, more assessable building blocks. And in that vein, there are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
SEPTEMBER 6, 2019
Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it’s clear to me that there are two primary reasons.
Schneier on Security
SEPTEMBER 6, 2019
Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win.
Security Affairs
SEPTEMBER 5, 2019
New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .
Adam Levin
AUGUST 31, 2019
Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
SEPTEMBER 3, 2019
A newly disclosed vulnerability in Supermicro hardware brings the threat of malicious USBs to corporate servers.
Thales Cloud Protection & Licensing
SEPTEMBER 4, 2019
The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str
Security Affairs
SEPTEMBER 2, 2019
Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “I suspect it’s proba
Adam Levin
SEPTEMBER 6, 2019
19 million Canadians are estimated to have been affected by data breaches between late 2018 and 2019, slightly more than half the population of the country. . The news was released by the Office of the Privacy Commissioner of Canada after the passage of the Personal Information and Electronic Documents Act ( PIPEDA ). Data breach reports have nearly sextupled since PIPEDA went into effect, with 446 incidents between November 2018 and June 2019.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Daniel Miessler
SEPTEMBER 2, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Dark Reading
SEPTEMBER 6, 2019
APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own.
Security Affairs
SEPTEMBER 4, 2019
Zero-day broker Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time. For the first time, the price for Android exploits is higher than the iOS ones, this is what has emerged from the updated price list published by the zero-day broker Zerodium. Announcement: We've updated our prices for major Mobile exploits.
Thales Cloud Protection & Licensing
SEPTEMBER 5, 2019
In responding to ever-evolving threats and opportunities, enterprises today must embrace constant motion – a continuous cycle of responding to change and keeping one eye on what’s to come. This underpins the digital transformation imperative most of them face today, and the huge responsibility that rests on the shoulders of the CIO. With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the pro
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
WIRED Threat Level
SEPTEMBER 5, 2019
By releasing its homegrown differential privacy tool, Google will make it easier for any company to boost its privacy bona fides.
Dark Reading
SEPTEMBER 5, 2019
It's still unclear who owned the server storing hundreds of millions of records online without a password.
Security Affairs
SEPTEMBER 3, 2019
Criminals have stolen more than €1.5 million from the German bank OLB by cloning customer debit cards and using them to cash out user funds across Brazil. ZDnet first reported that last week cyber criminals have stolen more than €1.5 million from the German bank Oldenburgische Landesbank (OLB) by cloning customer debit cards and using them to cash out user funds across Brazil.
Threatpost
SEPTEMBER 4, 2019
Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive's voice, according to a report.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
SEPTEMBER 5, 2019
Opinion: Politicians and pundits' fixation with flawed Cold War metaphors have produced overly combative policies on emerging tech.
Dark Reading
SEPTEMBER 3, 2019
Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.
Security Affairs
SEPTEMBER 3, 2019
USBAnywhere – Tens of thousands of enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in USB devices. Tens of thousands of servers worldwide powered by Supermicro motherboards are affected by a vulnerability that would allow an attacker to remotely take over them. Researchers at firmware security firm Eclypsium discovered multiple vulnerabilities referred as USBAnywhere that could be exploited to potentially allow an attacker to take ove
Threatpost
SEPTEMBER 5, 2019
Server lacked password protection and included multiple databases with records from the U.S., U.K. and Vietnam.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
270 
Let's personalize your content