Schneier on Security

FEBRUARY 12, 2019

279

279

Krebs on Security

FEBRUARY 12, 2019

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever. Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.

Hacking 277

Hacking DDOS Backups Accountability 277

Troy Hunt

FEBRUARY 11, 2019

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once there's so much of something all vying for the attention of those consuming it, the value of it plummets. On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain

Passwords 244

Passwords Data breaches Media InfoSec 244

Adam Shostack

FEBRUARY 9, 2019

The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership. For an upcoming flight, I paid extra to reserve an upper deck seat before the last of the passenger-carrying Queens of the Skies retires.

Engineering 223

Engineering Mobile Government 223

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

FEBRUARY 14, 2019

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer.

235

235

Krebs on Security

FEBRUARY 13, 2019

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked.

Hacking 260

Hacking DDOS Government Accountability 260

Adam Shostack

FEBRUARY 13, 2019

I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “ Anticipating Failure through Threat Modeling w/ Adam Shostack.

145

145

Schneier on Security

FEBRUARY 13, 2019

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. First, the scope of cyber risks vastly exceeds available coverage, as cyber perils cut across most areas of commercial insurance in an unprecedented manner: d

Cyber Insurance 235

Cyber Insurance Insurance Cyber Risk Risk 235

Krebs on Security

FEBRUARY 12, 2019

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday.

Internet 213

Internet Internet Malware Hacking 213

The Last Watchdog

FEBRUARY 12, 2019

Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation. Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It’s called Project Furnace , an all-new open source software development platform.

Digital transformation 124

Digital transformation Software Surveillance IoT 124

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Adam Shostack

FEBRUARY 14, 2019

I’m getting ready for the 5-year anniversary of my book, “ Threat Modeling: Designing for Security.” As part of that, I would love to see the book have more than 55 5 reviews on Amazon. If you found the book valuable, I would appreciate it if you could take a few minutes to write a review.

113

113

Schneier on Security

FEBRUARY 15, 2019

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system.

Encryption 193

Encryption 193

Security Affairs

FEBRUARY 13, 2019

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the file was not malicious. Because the manufacturer’s analysis was not satisfactory, the team responsible for handling the incident requested a second opinion, since in other anti-virus

Antivirus 111

Antivirus Advertising Manufacturing Hacking 111

The Last Watchdog

FEBRUARY 11, 2019

The moment we’ve all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN’s encryption seemed like the light at the end of the tunnel. Related: California enacts pioneering privacy law. However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”.

Encryption 124

Encryption VPN Telecommunications Data privacy 124

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

FEBRUARY 13, 2019

In an astonishing indictment, the DoJ details how Monica Witt allegedly turned on her former counterintelligence colleagues.

Hacking 109

Hacking 109

Dark Reading

FEBRUARY 12, 2019

All data belonging to US users-including backup copies-have been deleted in catastrophe, VMEmail says.

Backups 107

Backups 107

Security Affairs

FEBRUARY 11, 2019

Security experts found a serious flaw tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O. Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O.

Advertising 111

Advertising Engineering Hacking Software 111

Adam Levin

FEBRUARY 14, 2019

The U.S. Federal Government should pass legislation protecting citizens’ privacy online, according to a new report by the Government Accountability Office. The GAO study referenced 101 privacy violations that had been referred to the FTC for enforcement, nearly none of them resulting in fines or penalties for offenders. All of the violations were associated with internet companies.

Consumer Protection 100

Consumer Protection Internet Internet Government 100

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

FEBRUARY 10, 2019

The shutdown may have ended two weeks ago, but federal cybersecurity professionals will be coping with its impact for a long time to come.

Cybersecurity 105

Cybersecurity 105

Dark Reading

FEBRUARY 12, 2019

We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.

Cybersecurity 97

Cybersecurity 97

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. The advertising for the sale of the huge trove of data was published in the popular Dream Market black marketplace, data are available for less than $20,000 worth of Bitcoin.

Accountability 111

Accountability Hacking Advertising Data breaches 111

Threatpost

FEBRUARY 15, 2019

Researchers warn that the phishing campaign looks "deceptively realistic.".

Phishing 93

Phishing Scams Social Engineering Engineering 93

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

FEBRUARY 12, 2019

A hacker can accelerate Xiaomi M365 scooter—or hit the breaks—while a rider is on it.

Hacking 99

Hacking 99

Dark Reading

FEBRUARY 14, 2019

Some have even turned to alcohol and medication as their demands outpace resources.

CISO 96

CISO 96

Security Affairs

FEBRUARY 11, 2019

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update. Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. According to the users, the malicious code adds some 700 entries to the /etc/hosts file that redirects requests to IP address 0.0.0.0.

Antivirus 111

Antivirus Firmware Advertising Manufacturing 111

eSecurity Planet

FEBRUARY 13, 2019

87

87

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

FEBRUARY 9, 2019

Location data scandals, a Zcash bug, and more of the week's top security news.

Hacking 92

Hacking 92

Dark Reading

FEBRUARY 11, 2019

But it can't operate in a bubble, a new Washington Post study indicates.

Hacking 91

Hacking 91

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner, researchers observed it killing other Linux malware and coin miners present on the infected machine.

Malware 111

Malware Cryptocurrency Advertising DNS 111

Threatpost

FEBRUARY 12, 2019

"Every file server is lost, every backup server is lost.”.

Backups 84

Backups Hacking 84

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!