Adam Levin
SEPTEMBER 4, 2019
The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.
Schneier on Security
SEPTEMBER 5, 2019
A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 2, 2019
Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct , an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns. KrebsOnSecurity has learned that the charges are likely just the opening salvo in a much larger, ongoing federal investigation into the company’s commercial email practices.
Troy Hunt
SEPTEMBER 1, 2019
How's that for a setting in this week's video? ?? First day of spring here which aligned with a father's day on the water: May all your father’s days be full of fun and laughter ?? pic.twitter.com/pN1dQ38cDr — Troy Hunt (@troyhunt) September 1, 2019 Back on business as usual, there's the SIM hijacking issue with Jack Dorsey's Twitter account, more data breaches and joyously, the HIBP API being back in full swing with the 500 subscription limit issue on Azure's APIM now being overcome.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Levin
SEPTEMBER 5, 2019
As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to understand it’s totally uncool. .
Schneier on Security
SEPTEMBER 3, 2019
China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.).
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
SEPTEMBER 3, 2019
Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. One of the values of the four question frame is that it lets us reduce things into smaller, more assessable building blocks. And in that vein, there are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation.
Adam Levin
AUGUST 31, 2019
Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.
Schneier on Security
SEPTEMBER 6, 2019
Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win.
The Last Watchdog
SEPTEMBER 6, 2019
Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it’s clear to me that there are two primary reasons.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Daniel Miessler
SEPTEMBER 2, 2019
A while back I had the opportunity to chat with Ken Modeste, Director of Connected Technologies at UL, and I wanted to capture some of my takeaways from that conversation. I had the conversation as part of the media at Blackhat 2018. Here are some of the questions I asked: What is the mission of UL at this point? How does that relate to cyber? How are you different from other organizations with similar charters?
Adam Levin
SEPTEMBER 6, 2019
19 million Canadians are estimated to have been affected by data breaches between late 2018 and 2019, slightly more than half the population of the country. . The news was released by the Office of the Privacy Commissioner of Canada after the passage of the Personal Information and Electronic Documents Act ( PIPEDA ). Data breach reports have nearly sextupled since PIPEDA went into effect, with 446 incidents between November 2018 and June 2019.
Schneier on Security
SEPTEMBER 4, 2019
Good article in the Washington Post on all the surveillance associated with credit card use.
Thales Cloud Protection & Licensing
SEPTEMBER 4, 2019
The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
SEPTEMBER 5, 2019
New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .
Dark Reading
SEPTEMBER 5, 2019
New Bedford, Massachusetts' refusal to pay a $5.3 million ransom highlights how victim towns and cities may be hitting the limit to what they're willing to spend to speed recovery.
Thales Cloud Protection & Licensing
SEPTEMBER 5, 2019
In responding to ever-evolving threats and opportunities, enterprises today must embrace constant motion – a continuous cycle of responding to change and keeping one eye on what’s to come. This underpins the digital transformation imperative most of them face today, and the huge responsibility that rests on the shoulders of the CIO. With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the pro
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Affairs
SEPTEMBER 2, 2019
Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “I suspect it’s proba
Daniel Miessler
SEPTEMBER 2, 2019
This is UL Member Content Subscribe Already a member? Login No related posts.
Dark Reading
SEPTEMBER 4, 2019
The cost of breaches will rise by two-thirds over the next five years, exceeding an estimated $5 trillion in 2024, primarily driven by higher fines as more jurisdictions punish companies for lax security.
Threatpost
SEPTEMBER 3, 2019
International cosmetics brand Yves Rocher found itself caught in a third-party data exposure incident that leaked the personal information of millions of customers.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
SEPTEMBER 3, 2019
Criminals have stolen more than €1.5 million from the German bank OLB by cloning customer debit cards and using them to cash out user funds across Brazil. ZDnet first reported that last week cyber criminals have stolen more than €1.5 million from the German bank Oldenburgische Landesbank (OLB) by cloning customer debit cards and using them to cash out user funds across Brazil.
WIRED Threat Level
SEPTEMBER 3, 2019
A newly disclosed vulnerability in Supermicro hardware brings the threat of malicious USBs to corporate servers.
Dark Reading
SEPTEMBER 5, 2019
Field-programmable gate arrays are flexible, agile-friendly components that populate many infrastructure and IoT devices - and have recently become the targets of researchers finding vulnerabilities.
Threatpost
SEPTEMBER 5, 2019
After being hit by a ransomware attack, Massachusetts city New Bedford faced a payout demand of more than $5 million - one of the latest known ransoms ever.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Security Affairs
SEPTEMBER 4, 2019
Zero-day broker Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time. For the first time, the price for Android exploits is higher than the iOS ones, this is what has emerged from the updated price list published by the zero-day broker Zerodium. Announcement: We've updated our prices for major Mobile exploits.
Kali Linux
SEPTEMBER 1, 2019
We are pleased to announce that our third release of 2019, Kali Linux 2019.3, is available immediately for download. This release brings our kernel up to version 5.2.9 , and includes various new features across the board with NetHunter, ARM and packages (plus the normal bugs fixes and updates). As promised in our roadmap blog post , there are both user facing and backend updates.
Dark Reading
SEPTEMBER 5, 2019
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
Threatpost
SEPTEMBER 4, 2019
Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive's voice, according to a report.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
233 
Let's personalize your content