Schneier on Security

OCTOBER 2, 2018

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn't hand over at all, but that was collected from other people's contact books, a hidden layer of details Facebook has about you that I've come to call "shadow contact information.

Advertising 278

Advertising Authentication Accountability Adware 278

Krebs on Security

OCTOBER 2, 2018

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it. When cybercriminals are the first to discover these missteps, usually the outcome is a demand for money in return for the stolen data. But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization

Data breaches 219

Data breaches Passwords Internet Internet 219

Adam Levin

OCTOBER 31, 2018

The U.S. Justice Department announced charges against ten Chinese intelligence agents for hacking into computer systems belonging to U.S. and international companies to steal aerospace technology and data. The indictment , revealed earlier this week accuses agents working for the Jiangsu Province Ministry of State Security (JSSD) of conspiring “to steal sensitive commercial technological, aviation, and aerospace data by hacking into computers in the United States and abroad.”.

Government 213

Government Hacking Engineering Technology 213

Security Affairs

OCTOBER 4, 2018

China used tiny chips implanted on computer equipment manufactured for US companies and government agencies to steal secret information. According to a report published by Bloomberg News, China used tiny chips implanted on computer equipment manufactured for US companies and government agencies, including Amazon and Apple, to steal secret information.

Manufacturing 111

Manufacturing Government Advertising Surveillance 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

OCTOBER 15, 2018

A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.

Education 102

Education Cybersecurity 102

PerezBox Security

OCTOBER 13, 2018

As a parent, and a technologist, I struggle with creating a safe online experience at home. I’m constantly playing with different technologies – hardware and software – trying to find. Read More. The post Creating a Safe Online Experience At Home appeared first on PerezBox.

Technology 98

Technology Software Cybersecurity 98

Krebs on Security

OCTOBER 12, 2018

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology s

Computers and Electronics 210

Computers and Electronics Internet Internet Technology 210

Adam Levin

OCTOBER 16, 2018

The credit card data and travel records of roughly 30,000 employees of the U.S. Defense Department have been compromised in a data breach. The hack was first detected on October 4th, but may have occurred months ago and could have affected more accounts than initially reported. Despite this, the Pentagon has tried to downplay the potentially wider scope of the incident.

Data breaches 210

Data breaches Accountability Government Hacking 210

Security Affairs

OCTOBER 26, 2018

Security experts Antonio Pirozzi and Pierluigi Paganini presented BOTCHAIN, the first fully functional Botnet built upon the Bitcoin Protocol. Security expert Antonio Pirozzi, director at ZLab malware lab at Cybaze firm, presented at the EU Cyber Threat Conference in Dublin conducted a research along with Pierluigi Paganini (aka @securityaffairs ), about how crooks could abuse blockchain for malicious purposes.

DNS 111

DNS Malware Advertising Technology 111

WIRED Threat Level

OCTOBER 2, 2018

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse.

Hacking 108

Hacking Internet Internet 108

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

OCTOBER 12, 2018

There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.

97

97

Schneier on Security

OCTOBER 15, 2018

If you're an American of European descent, there's a 60% you can be uniquely identified by public information in DNA databases. This is not information that you have made public; this is information your relatives have made public. Research paper : "Identity inference of genomic data using long-range familial searches." Abstract: Consumer genomics databases have reached the scale of millions of individuals.

258

258

Krebs on Security

OCTOBER 9, 2018

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act? If ever there were a technology giant that deserved to be named and shamed for polluting the Web, it is Xiongmai — a Chinese maker of electronic parts that power a huge percentage of cheap digital video recorders (DVRs) and Internet-connected security cameras.

Computers and Electronics 210

Computers and Electronics IoT Passwords Internet 210

Adam Levin

OCTOBER 8, 2018

Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer emailed addresses were leaked by an employee to an online reseller in exchange for money. What you need to know: 1.) A crime was committed, and 2.) It still counts as a data compromise.

Data breaches 209

Data breaches Accountability 209

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

OCTOBER 14, 2018

Security expert published the PoC exploit code for the recently fixed critical remote code execution flaw in Edge web browser tracked as CVE-2018-8495. The October 2018 Patch Tuesday addressed 50 known vulnerabilities in Microsoft’s products, 12 of them were labeled as critical. One of the issues is a critical remote code execution vulnerability in Edge web browser tracked as CVE-2018-8495. “A remote code execution vulnerability exists when Windows Shell improperly handles URIs, aka

Advertising 111

Advertising Hacking 111

WIRED Threat Level

OCTOBER 31, 2018

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

110

110

eSecurity Planet

OCTOBER 8, 2018

This new IT security testing technology continually monitors networks and systems to help organizations determine how secure their environment is.

Technology 103

Technology 103

Schneier on Security

OCTOBER 4, 2018

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I've written ( alternate link ) this threat more generally. Supply-chain security is an insurmountably hard problem. Our IT industry is inexorably international, and anyone involved in the process can subvert the security of the end product.

257

257

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Krebs on Security

OCTOBER 22, 2018

A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity.

Software 205

Software Accountability Malware Healthcare 205

Dark Reading

OCTOBER 24, 2018

Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.

DNS 90

DNS Risk 90

Security Affairs

OCTOBER 10, 2018

A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as CVE-2018-8453, affects the Win32k component of Windows handles objects in memory.

Advertising 111

Advertising Malware Authentication Government 111

WIRED Threat Level

OCTOBER 11, 2018

For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while.

104

104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Lenny Zeltser

OCTOBER 12, 2018

The language of cybersecurity evolves in step with attack and defense tactics. You can get a sense for such dynamics by examining the term fileless. It fascinates me not only because of its relevance to malware, but also because of its knack for agitating many security practitioners. I traced the origins of “fileless” to 2001, when Eugene Kaspersky (of Kaskersky Labs) used it in reference to Code Red worm’s ability to exist solely in memory.

Malware 85

Malware Antivirus Software Cybersecurity 85

Schneier on Security

OCTOBER 24, 2018

This is a long -- and somewhat technical -- paper by Chris C. Demchak and Yuval Shavitt about China's repeated hacking of the Internet Border Gateway Protocol (BGP): " China's Maxim ­ Leave No Access Point Unexploited: The Hidden Story of China Telecom's BGP Hijacking.". BGP hacking is how large intelligence agencies manipulate Internet routing to make certain traffic easier to intercept.

Hacking 252

Hacking Internet Internet 252

Threatpost

OCTOBER 7, 2018

Researchers say a medium severity bug should now be rated critical because of a new hack technique that allows for remote code execution on MikroTik edge and consumer routers.

Hacking 83

Hacking 83

Dark Reading

OCTOBER 4, 2018

Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.

Risk 88

Risk 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Security Affairs

OCTOBER 28, 2018

Researchers at Cymulate security firm devised a new stealthy technique to deliver malware leveraging videos embedded into weaponized Microsoft Office Documents. The technique could be used to execute JavaScript code when a user clicks on a weaponized YouTube video thumbnail embedded in a Weaponized Office document. Experts pointed out that no message is displayed by Microsoft Office to request the victim’s consent. “Cymulate’s research team has discovered a way to abuse the Online Vi

Malware 111

Malware Internet Internet Advertising 111

WIRED Threat Level

OCTOBER 25, 2018

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice.

Marketing 112

Marketing 112

PerezBox Security

OCTOBER 20, 2018

On September 28th, 2018, Facebook announced it’s biggest data breach to date. They estimated 50 million accounts were affected at the time of the disclosure. Subsequent to the disclosure, security. Read More. The post The 2018 Facebook Data Breach appeared first on PerezBox.

Data breaches 80

Data breaches Accountability Information Security Cybersecurity 80

Schneier on Security

OCTOBER 22, 2018

IoT devices are surveillance devices, and manufacturers generally use them to collect data on their customers. Surveillance is still the business model of the Internet, and this data is used against the customers' interests: either by the device manufacturer or by some third-party the manufacturer sells the data to. Of course, this data can be used by the police as well; the purpose depends on the country.

IoT 244

IoT Surveillance Manufacturing Internet 244

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software