Krebs on Security
NOVEMBER 7, 2018
A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.
Troy Hunt
NOVEMBER 7, 2018
It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed. The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
NOVEMBER 9, 2018
This is a new thing : The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape. This feels like an example of the US's new strategy of actively harassing foreign government actors.
Adam Levin
NOVEMBER 5, 2018
The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017. That attack was attributed to a Russian hacking group alternately called Fancy Bear and APT28. News of this new hack was made public after FIFA documents were published on a website called Football Leaks , a whistleblower website dedicated to the soc
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Krebs on Security
NOVEMBER 6, 2018
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.
Troy Hunt
NOVEMBER 5, 2018
These days, I get a lot of messages from people on security related things. Often it's related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture. But on a fairly regular basis, I get an email from someone which effectively boils down to this: Hey, have you seen [insert thing here]?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
NOVEMBER 5, 2018
Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge.
Krebs on Security
NOVEMBER 4, 2018
Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own
Troy Hunt
NOVEMBER 5, 2018
A lot has changed in the Microsoft technology world in the last 7 years since I launched ASafaWeb in September 2011. Windows XP is no longer the dominant operating system ( Win 7 actually caught up the month I launched ASafaWeb ). Internet Explorer is no longer the dominant browser ( Chrome was in 3rd place back then ). Windows Server has gone from 2008 R2 to 2012 to 2012 R2 to 2016 to 2019.
Schneier on Security
NOVEMBER 6, 2018
Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Adam Levin
NOVEMBER 6, 2018
Facebook announced in a blog post on November 5th that it blocked 115 accounts on its platforms after being informed by law enforcement that they may have been “engaged in coordinated inauthentic behavior.”. Roughly 30 of the Facebook accounts blocked were from Russian or French speakers, with the remaining 85 on its Instagram platform being in English.
Krebs on Security
NOVEMBER 9, 2018
A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned. In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs.
Adam Shostack
NOVEMBER 9, 2018
A remote Hawaiian island, East Island, was destroyed by Hurricane Walaka. East Island was 11 acres. It was also a key refuge for turtles and seals. Read more in The Guardian. Maersk has sent a ship, the Venta Maersk, through the Northern Passage. The journey and its significance were outlined by the Washington Post, with predictions of 23 days (versus 34 to sail via Suez).
Schneier on Security
NOVEMBER 7, 2018
Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the user in different ways.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
NOVEMBER 9, 2018
VMware released security patches for a critical virtual machine (VM) escape vulnerability that was recently discovered at a Chinese hacking contest. VMware has released security patches for a critical virtual machine (VM) escape vulnerability (CVE-2018-6981 and CVE-2018-6982) that was recently discovered by the researcher Zhangyanyu at the Chinese GeekPwn2018 hacking contest.
eSecurity Planet
NOVEMBER 6, 2018
We review and compare 10 SIEM products that can help you manage your overall IT security from a single tool.
WIRED Threat Level
NOVEMBER 4, 2018
If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser.
Schneier on Security
NOVEMBER 5, 2018
Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have been breached or what it costs when people can't access their accounts is going to change that.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 9, 2018
According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach. Almost all Pakistani banks were affected by a recent security breach, the shocking news was confirmed by the head of the Federal Investigation Agency’s (FIA) cybercrime wing. “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad
Dark Reading
NOVEMBER 7, 2018
A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
WIRED Threat Level
NOVEMBER 4, 2018
Georgia's secretary of state is also its GOP gubernatorial candidate. And he just claimed that Democrats committed "cyber crimes.".
Schneier on Security
NOVEMBER 9, 2018
Interesting paper: " Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier ," by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
NOVEMBER 8, 2018
Security researchers revealed in a recent paper that over the past years, China Telecom used BGP hijacking to misdirect Internet traffic through China. Security researchers Chris C. Demchak and Yuval Shavitt revealed in a recent paper that over the past years, China Telecom has been misdirecting Internet traffic through China. China Telecom was a brand of the state-owned China Telecommunications Corporation, but after marketization of the enterprise spin off the brand and operating companies as
Dark Reading
NOVEMBER 6, 2018
The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason.
WIRED Threat Level
NOVEMBER 6, 2018
WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day.
eSecurity Planet
NOVEMBER 9, 2018
Cyber insurance is one more way to manage cybersecurity risk. Here are the top cyber insurance vendors that can help.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
NOVEMBER 9, 2018
Guy Fawkes Day, November 5th 2018 – LulzSec Italy announced credit a string of hacks and leaks targeting numerous systems and websites across Italy. In celebration of Guy Fawkes Day, November 5th 2018, LulzSec Italy announced credit for a massive string of hacks and leaks targeting numerous systems and websites across Italy. Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Le
Dark Reading
NOVEMBER 7, 2018
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
WIRED Threat Level
NOVEMBER 9, 2018
In an expansive on-the-record interview with WIRED, the principal deputy director of national intelligence made her pitch for public-private partnerships.
Thales Cloud Protection & Licensing
NOVEMBER 6, 2018
Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common? They each suffered a data breach at the hands of a third-party vendor. While the most common definition of a data breach is the unauthorized access, transition, reproduction, dissemination or sale of personal, confidential or privileged data, if data is mistakenly shared with an unauthorized user by an authorized user– that is also a breach.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
279 
Let's personalize your content