Krebs on Security

AUGUST 22, 2019

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee , an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United S

Energy and Utilities 258

Energy and Utilities Retail Data breaches Marketing 258

Schneier on Security

AUGUST 21, 2019

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.

224

224

Adam Levin

AUGUST 23, 2019

MoviePass confirmed a data breach that exposed customer data on an unprotected database. The incident included credit card numbers. Researchers discovered the database online on a subdomain of MoviePass with no password protection. The subdomain contained 161 million records. At least 58,000 records on the database contained customer card and credit card information, as well as names, email addresses, and what appears to be password data from failed login attempts. .

Data breaches 125

Data breaches Passwords 125

The Last Watchdog

AUGUST 22, 2019

A core security challenge confronts just about every company today. Related : Can serverless computing plus GitOps lock down DX? Companies are being compelled to embrace digital transformation, or DX , if for no other reason than the fear of being left behind as competitors leverage microservices, containers and cloud infrastructure to spin-up software innovation at high velocity.

Digital transformation 117

Digital transformation Risk Firewall Accountability 117

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Shostack

AUGUST 21, 2019

If you needed more reasons to move away from using SMS-based authentication, and treating phone companies as trusted, “ AT&T employees took over $1 million in bribes to plant malware and unlock millions of smartphones: DOJ “ Abuse reporting systems are being abused. You need to threat model and play the chess game. “ How Flat Earthers Nearly Derailed a Space Photo Book “ My conflict modeling work is a first draft of how to threat model such systems.

Media 113

Media Authentication Malware Personal Security 113

Schneier on Security

AUGUST 22, 2019

From DefCon : At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features­ -- into a system that spots, tracks, and stores license plates and faces over time.

Surveillance 223

Surveillance Software 223

Krebs on Security

AUGUST 21, 2019

Passwords 216

Passwords 216

Security Affairs

AUGUST 23, 2019

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. Fortigate Fortinet SSL VPN is being exploited in the wild since last night at scale using 1996 style././ exploit – if you use this as a security boundary, you wan

VPN 111

VPN Advertising Firewall Hacking 111

Schneier on Security

AUGUST 23, 2019

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets are still showing up. The unanswered question is: now that he has a way to get parking fines removed, can he park anywhere for free?

222

222

WIRED Threat Level

AUGUST 23, 2019

The threat of cyberwar looms over the future: a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front.

106

106

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

AUGUST 22, 2019

Originally published in Dark Reading on Aug. 13, 2019. The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape. Ten years ago, GPS on phones was just becoming available. Self-driving cars were secretly making their way into traffic, and most people hadn’t even heard of 3D printing.

Digital transformation 92

Digital transformation Encryption Technology Risk 92

Security Affairs

AUGUST 19, 2019

Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers. A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.

Hacking 108

Hacking Advertising Mobile Malware 108

Schneier on Security

AUGUST 20, 2019

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal data.

Surveillance 208

Surveillance Technology 208

Threatpost

AUGUST 21, 2019

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.

Hacking 102

Hacking 102

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 23, 2019

Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.

Ransomware 89

Ransomware Encryption 89

Security Affairs

AUGUST 23, 2019

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. The Ukrainian Secret Service (SBU) launched an investigation after employees at a local nuclear power plant connected some systems of the internal network to the Internet to mine cryptocurrency. The incident was first reported by the Ukrainian news site UNIAN.

Cryptocurrency 107

Cryptocurrency Advertising Engineering Internet 107

WIRED Threat Level

AUGUST 20, 2019

"Off-Facebook Activity" will give users more control over their data, but Facebook needs up to 48 hours to aggregate your information into a format it can share with advertisers.

Advertising 77

Advertising 77

Threatpost

AUGUST 19, 2019

Researchers say that the targeted ransomware cyberattack on 23 Texas local and state entities represents a shift from "attacks of opportunity" to more targeted, malicious attacks.

Ransomware 82

Ransomware Government Malware 82

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Dark Reading

AUGUST 19, 2019

As employees grow more comfortable using new technologies, they could inadvertently be putting their enterprises at risk. And that leaves security teams having to defend an ever-expanding attack surface.

Technology 85

Technology Risk 85

Security Affairs

AUGUST 22, 2019

A new zero-day vulnerability in the for Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. A news zero-day flaw in the Steam client for Windows client impacts over 96 million users. The flaw is a privilege escalation vulnerability and it has been publicly disclosed by researcher Vasily Kravets. Kravets is one of the researchers that discovered a first zero-day flaw in the Steam client for Windows, the issue was initially addressed by Valve, but the researcher Xia

Advertising 106

Advertising Antivirus Firewall Information Security 106

The Last Watchdog

AUGUST 22, 2019

139

139

Threatpost

AUGUST 23, 2019

From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve's Steam gaming clients, Threatpost breaks down this week's top stories.

Data privacy 77

Data privacy Hacking 77

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Dark Reading

AUGUST 20, 2019

Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.

CISO 97

CISO Risk 97

Security Affairs

AUGUST 18, 2019

Bluetana App allows detecting Bluetooth card skimmers installed at the gas pumps to steal customers’ credit and debit card information in just 3 seconds on average. Bluetooth card skimmers continue to be one of the favorite tools in the arsenal of crooks that attempt to steal credit and debit card information. In recent years, law enforcement reported many cases of gas stations where cyber criminals have installed Bluetooth card skimmers.

Advertising 104

Advertising Mobile Hacking Cybercrime 104

WIRED Threat Level

AUGUST 19, 2019

Twitter and Facebook say they’ve taken down misinformation campaigns from China that cast pro-democracy activists as ISIS members and cockroaches.

81

81

Threatpost

AUGUST 21, 2019

The personal email addresses - some indicating user names or government official status - of more than a million pornography website users were exposed.

Government 82

Government 82

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Dark Reading

AUGUST 19, 2019

The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 23 different towns statewide.

Ransomware 87

Ransomware Mobile Government Cybersecurity 87

Security Affairs

AUGUST 21, 2019

A security expert discovered that the popular movie ticket subscription service MoviePass has exposed thousands of customer card numbers and personal credit cards. The security expert Mossab Hussein from cybersecurity firm SpiderSilk , discovered that MoviePass exposed a database containing the credit card data on one of its subdomains. The archive was containing 161 million records and the amount of data continues to grow in real-time.

Advertising 101

Advertising Encryption Authentication Passwords 101

The Last Watchdog

AUGUST 19, 2019

Mobile 127

Mobile IoT 127

Threatpost

AUGUST 21, 2019

After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client.

85

85

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk