Krebs on Security

SEPTEMBER 21, 2018

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable reven

Identity Theft 277

Identity Theft Banking Insurance Marketing 277

Schneier on Security

SEPTEMBER 21, 2018

NIST has released a new study concluding that the AES encryption standard has resulted in a $250 billion world-wide economic benefit over the past twenty years. I have no idea how to even begin to assess the quality of the study and its conclusions -- it's all in the 150-page report, though -- but I do like the pretty block diagram of AES on the report's cover.

Encryption 227

Encryption 227

Adam Levin

SEPTEMBER 20, 2018

An email server containing “sensitive but unclassified” data belonging to the State Department was breached, the government agency announced earlier this month. The information included personally identifiable information of an undisclosed number of employees who have since been notified. While the breach itself is relatively minor, it highlights the relative lack of progress made by the department to enact more rigorous security measures, despite repeated hack attempts and security breaches.

Authentication 203

Authentication Government Cyber Attacks Cybersecurity 203

Troy Hunt

SEPTEMBER 21, 2018

It's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and I just simply didn't get time to push this out until sitting at the airport waiting for the plan home. This week's update is a little different as we did it at SSW's recording setup in front of a live audience.

Data breaches 162

Data breaches 162

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

SEPTEMBER 17, 2018

Government Payment Service Inc. — a company used by thousands of U.S. state and local governments to accept online payments for everything from traffic citations and licensing fees to bail payments and court-ordered fines — has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.

Mobile 235

Mobile Identity Theft Government Telecommunications 235

Schneier on Security

SEPTEMBER 20, 2018

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't think the security through, and the result is a voter-verifiable paper audit trail that doesn't provide the security it promises.

Computers and Electronics 225

Computers and Electronics Hacking 225

Adam Levin

SEPTEMBER 17, 2018

The first major piece of cybersecurity legislation to address vulnerabilities in Internet of Things (IoT) devices has passed in California, and is ready to be signed into law by Governor Jerry Brown. First introduced in 2017 by State Senator Hannah-Beth Jackson, SB-327 calls for “a manufacturer of a connected device… to equip [it] with a reasonable security feature or features that are appropriate to the nature and function of the device… to protect the device and any information contained there

IoT 143

IoT Manufacturing Firewall Marketing 143

Krebs on Security

SEPTEMBER 19, 2018

Citing “extraordinary cooperation” with the government, a court in Alaska on Tuesday sentenced three men to probation, community service and fines for their admitted roles in authoring and using “ Mirai ,” a potent malware strain used in countless attacks designed to knock Web sites offline — including an enormously powerful attack in 2016 that sidelined this Web site for nearly four days.

Government 184

Government Internet Internet IoT 184

Schneier on Security

SEPTEMBER 17, 2018

A 2006 document from the Snowden archives outlines successful NSA operations against "a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems.". It's hard to believe that many of the Snowden documents are now more than a decade old.

Media 225

Media Internet Internet VPN 225

The Last Watchdog

SEPTEMBER 21, 2018

For many start-ups, DevOps has proven to be a magical formula for increasing business velocity. Speed and agility is the name of the game — especially for Software as a Service (SaaS) companies. Related: How DevOps enabled the hacking of Uber. DevOps is a process designed to foster intensive collaboration between software developers and the IT operations team, two disciplines that traditionally have functioned as isolated silos with the technology department.

Financial Services 152

Financial Services Data privacy Cryptocurrency Software 152

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 18, 2018

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue , is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack. The malicious code was leaked online by the Shadow Brokers hacking group that stole it from the arsenal of the NSA-linked Equation Group.

Advertising 99

Advertising Software Malware Hacking 99

Dark Reading

SEPTEMBER 21, 2018

How Park Jin Hyok - charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks - inadvertently blew his cover via email accounts.

Banking 90

Banking Government Accountability 90

Schneier on Security

SEPTEMBER 21, 2018

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers. Public-key cryptography algorithms like RSA get their security from the difficulty of factoring large composite numbers that are the product of two prime numbers.

219

219

WIRED Threat Level

SEPTEMBER 19, 2018

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer.

109

109

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Affairs

SEPTEMBER 16, 2018

The Bristol Airport was hit by a cyber attack that caused problems with operations, flight display screens were taken offline for two days. The Bristol Airport was hit by a ransomware-based attack that caused problems to the flight display screens for two entire days. The news reported by the BBC and was confirmed by an airport spokesman that explained that the information screens were taken offline early on Friday in response to a “ransomware” based attack. “Bristol Airport ha

Cyber Attacks 90

Cyber Attacks Advertising Ransomware Hacking 90

Dark Reading

SEPTEMBER 20, 2018

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

Cybersecurity 103

Cybersecurity Technology 103

Schneier on Security

SEPTEMBER 18, 2018

Troy Hunt makes some good points , with good examples.

210

210

WIRED Threat Level

SEPTEMBER 19, 2018

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year.

Cryptocurrency 109

Cryptocurrency 109

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

SEPTEMBER 20, 2018

Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows that it has built upon privacy, by meaning It’s not that simple to figure out Monero wallet balance.

Malware 88

Malware Computers and Electronics Penetration Testing Cryptocurrency 88

Dark Reading

SEPTEMBER 20, 2018

Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.

Cybersecurity 97

Cybersecurity Technology 97

Threatpost

SEPTEMBER 21, 2018

Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.

Surveillance 79

Surveillance Software IoT 79

Thales Cloud Protection & Licensing

SEPTEMBER 20, 2018

Now in its 13 th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies. This year, we found that multi-cloud use as well as compliance requirements have encouraged organizations around the globe to embrace a more extensive encryption strategy. Our study also found that these two key drivers along with protection of information against specific, identified threats are ushering in a new era of encryp

Encryption 70

Encryption Healthcare 70

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Affairs

SEPTEMBER 17, 2018

Palo Alto Network researchers discovered a new malware, tracked as XBash, that combines features from ransomware, cryptocurrency miners, botnets, and worms. Security researchers at Palo Alto Networks have discovered a new piece of malware, dubbed XBash piece that is targeting both Linux and Microsoft Windows servers. Xbash was developed using Python, then the authors converted into self-contained Linux ELF executables by abusing the legitimate tool PyInstaller for distribution.

Cryptocurrency 87

Cryptocurrency Malware Ransomware Cybercrime 87

Dark Reading

SEPTEMBER 17, 2018

Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.

Technology 97

Technology 97

Threatpost

SEPTEMBER 17, 2018

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks.

Hacking 90

Hacking 90

WIRED Threat Level

SEPTEMBER 18, 2018

“Turnkey tyranny” has never been closer. For some communities, it feels like it’s already here.

Surveillance 92

Surveillance 92

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Security Affairs

SEPTEMBER 19, 2018

Security experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo. A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for sale on a Russian-speaking underground marketplace called MagBo.

Advertising 87

Advertising Cryptocurrency Cybercrime Insurance 87

Dark Reading

SEPTEMBER 20, 2018

Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.

95

95

Threatpost

SEPTEMBER 20, 2018

The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.

Mobile 78

Mobile Malware 78

eSecurity Planet

SEPTEMBER 17, 2018

Patching failures alone didn't lead to the massive data breach at Equifax. Here are a half-dozen other mistakes that Equifax made.

Data breaches 76

Data breaches 76

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk