Sat.Aug 17, 2019 - Fri.Aug 23, 2019

article thumbnail

Influence Operations Kill Chain

Schneier on Security

Influence operations are elusive to define. The Rand Corp.'s definition is as good as any: "the collection of tactical information about an adversary as well as the dissemination of propaganda in pursuit of a competitive advantage over an opponent." Basically, we know it when we see it, from bots controlled by the Russian Internet Research Agency to Saudi attempts to plant fake stories and manipulate political debate.

Media 278
article thumbnail

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee , an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United S

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Texas Government Agencies Hit by Ransomware

Adam Levin

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. . The Texas Department of Information Resources (DIR) became aware of the ransomware campaign after being contacted by the municipal governments of several towns that were unable to access critical files. The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Secur

article thumbnail

SHARED INTEL: Malware-ridden counterfeit phones place consumers, companies in harm’s way

The Last Watchdog

A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online. Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers. Related: Most companies ignorant about rising mobile attacks While it might be tempting to dismiss the potential revenue lost by Apple, Samsung, HTC and other suppliers of authentic phones, this counterfeit wave is particu

Malware 185
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Google Finds 20-Year-Old Microsoft Windows Vulnerability

Schneier on Security

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.

261
261
article thumbnail

Forced Password Reset? Check Your Assumptions

Krebs on Security

Passwords 263

LifeWorks

More Trending

article thumbnail

GUEST ESSAY: The ethical considerations of personal privacy viewed as a human right

The Last Watchdog

178
178
article thumbnail

License Plate "NULL"

Schneier on Security

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets are still showing up. The unanswered question is: now that he has a way to get parking fines removed, can he park anywhere for free?

261
261
article thumbnail

The Rise of “Bulletproof” Residential Networks

Krebs on Security

Cybercrooks increasingly are anonymizing their malicious traffic by routing it through residential broadband and wireless data connections. Traditionally, those connections have been mainly hacked computers, mobile phones, or home routers. But this story is about so-called “bulletproof residential VPN services” that appear to be built by purchasing or otherwise acquiring discrete chunks of Internet addresses from some of the world’s largest ISPs and mobile data providers.

Wireless 263
article thumbnail

Unprotected MoviePass Database Exposes Customer Data

Adam Levin

MoviePass confirmed a data breach that exposed customer data on an unprotected database. The incident included credit card numbers. Researchers discovered the database online on a subdomain of MoviePass with no password protection. The subdomain contained 161 million records. At least 58,000 records on the database contained customer card and credit card information, as well as names, email addresses, and what appears to be password data from failed login attempts. .

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

MY TAKE: Can embedding security deep inside mobile apps point the way to securing IoT?

The Last Watchdog

IoT 157
article thumbnail

Modifying a Tesla to Become a Surveillance Platform

Schneier on Security

From DefCon : At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features­ -- into a system that spots, tracks, and stores license plates and faces over time.

article thumbnail

Protecting accounts from credential stuffing with password breach alerting

Elie

In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried.

Passwords 118
article thumbnail

The rise of hybrid cloud poses new security challenges – are you prepared?

Thales Cloud Protection & Licensing

117
117
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

MY TAKE: Coping with security risks, compliance issues spun up by ‘digital transformation’

The Last Watchdog

A core security challenge confronts just about every company today. Related : Can serverless computing plus GitOps lock down DX? Companies are being compelled to embrace digital transformation, or DX , if for no other reason than the fear of being left behind as competitors leverage microservices, containers and cloud infrastructure to spin-up software innovation at high velocity.

article thumbnail

Surveillance as a Condition for Humanitarian Aid

Schneier on Security

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal data.

article thumbnail

Interesting Reads, August 19

Adam Shostack

If you needed more reasons to move away from using SMS-based authentication, and treating phone companies as trusted, “ AT&T employees took over $1 million in bribes to plant malware and unlock millions of smartphones: DOJ “ Abuse reporting systems are being abused. You need to threat model and play the chess game. “ How Flat Earthers Nearly Derailed a Space Photo Book “ My conflict modeling work is a first draft of how to threat model such systems.

Media 113
article thumbnail

Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs

Security Affairs

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. Fortigate Fortinet SSL VPN is being exploited in the wild since last night at scale using 1996 style././ exploit – if you use this as a security boundary, you wan

VPN 112
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

What Is Cyberwar? The Complete WIRED Guide

WIRED Threat Level

The threat of cyberwar looms over the future: a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front.

111
111
article thumbnail

Backdoor Found in Utility for Linux, Unix Servers

Threatpost

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.

Hacking 102
article thumbnail

CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats

Dark Reading

Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.

CISO 97
article thumbnail

Employees abused systems at Ukrainian nuclear power plant to mine cryptocurrency

Security Affairs

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. The Ukrainian Secret Service (SBU) launched an investigation after employees at a local nuclear power plant connected some systems of the internal network to the Internet to mine cryptocurrency. The incident was first reported by the Ukrainian news site UNIAN.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

History Doesn’t Repeat Itself in Cyberspace

Thales Cloud Protection & Licensing

Originally published in Dark Reading on Aug. 13, 2019. The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape. Ten years ago, GPS on phones was just becoming available. Self-driving cars were secretly making their way into traffic, and most people hadn’t even heard of 3D printing.

article thumbnail

Finally, a Lightning YubiKey to Kill Password Clutter on Your iPhone

WIRED Threat Level

First promised back in January, the first YubiKey for iOS will help cut down on painful password clutter starting. now.

article thumbnail

Instagram Added to Facebook Data-Abuse Bounty Program

Dark Reading

Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.

Media 96
article thumbnail

A new Zero-Day in Steam client impacts over 96 million Windows users

Security Affairs

A new zero-day vulnerability in the for Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. A news zero-day flaw in the Steam client for Windows client impacts over 96 million users. The flaw is a privilege escalation vulnerability and it has been publicly disclosed by researcher Vasily Kravets. Kravets is one of the researchers that discovered a first zero-day flaw in the Steam client for Windows, the issue was initially addressed by Valve, but the researcher Xia

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Protecting accounts from credential stuffing with password breach alerting

Elie

Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and identity providers remain in the dark as to which accounts require remediation. In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without reve

article thumbnail

Facebook’s New Privacy Feature Comes With a Loophole

WIRED Threat Level

"Off-Facebook Activity" will give users more control over their data, but Facebook needs up to 48 hours to aggregate your information into a format it can share with advertisers.

article thumbnail

Cyberthreats Against Financial Services Up 56%

Dark Reading

Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.

article thumbnail

Hacker publicly releases Jailbreak for iOS version 12.4

Security Affairs

Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers. A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.

Hacking 111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!