August, 2019

article thumbnail

Breach at Hy-Vee Supermarket Chain Tied to Sale of 5M+ Stolen Credit, Debit Cards

Krebs on Security

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee , an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United S

article thumbnail

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Welcoming the Irish Government to Have I Been Pwned

Troy Hunt

Over the last year and a bit I've been working to make more data in HIBP freely available to governments around the world that want to monitor their own exposure in data breaches. Like the rest of us, governments regularly rely on services that fall victim to attacks resulting in data being disclosed and just like the commercial organisations monitoring domains on HIBP, understanding that exposure is important.

article thumbnail

Texas Government Agencies Hit by Ransomware

Adam Levin

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. . The Texas Department of Information Resources (DIR) became aware of the ransomware campaign after being contacted by the municipal governments of several towns that were unable to access critical files. The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Secur

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Protecting accounts from credential stuffing with password breach alerting

Elie

In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried.

Passwords 118
article thumbnail

How Brexit Impacts the Future of Europe’s Cybersecurity Posture

Thales Cloud Protection & Licensing

The British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

More Trending

article thumbnail

More on Backdooring (or Not) WhatsApp

Schneier on Security

Yesterday, I blogged about a Facebook plan to backdoor WhatsApp by adding client-side scanning and filtering. It seems that I was wrong, and there are no such plans. The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video presentation from a Facebook developers conference.

article thumbnail

Extended Validation Certificates are (Really, Really) Dead

Troy Hunt

250
250
article thumbnail

WhatsApp flaws allow the attackers to manipulate conversations

Security Affairs

Security experts at CheckPoint discovered a series of vulnerabilities in WhatsApp that could be exploited by attackers to tamper with conversations. A team of Check Point security researchers composed of Dikla Barda, Roman Zaikin, and Oded Vanunu devised three attacks that leverage the vulnerabilities in WhatsApp to tamper with conversations. The flaws could allow attackers to intercept and manipulate messages by WhatApp users sent in both private and group conversations.

article thumbnail

The Weird, Dark History of 8chan and Its Founder Fredrick Brennan

WIRED Threat Level

Fredrick Brennan is appalled by the notorious chat site’s links to right-wing extremism and mass shootings. Inside his tortured journey through the web’s cesspool and his attempt at redemption.

110
110
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Payments and Security: Putting security where your money is

Thales Cloud Protection & Licensing

Originally published in Payments Journal on July 31, 2019. There’s a very tough question on the table that no one can afford to ignore: If more than half of global IT and security executives say they actively fear the exposure of payment card data and other personal identifiable information, why are 70% of them not deploying measures such as encryption to maintain security?

article thumbnail

The Risk of Weak Online Banking Passwords

Krebs on Security

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint , Plaid , Yodlee , YNAB and others to surveil and drain consumer accounts online.

Banking 256
article thumbnail

Software Vulnerabilities in the Boeing 787

Schneier on Security

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System.

Software 245
article thumbnail

Deconstructing the Phishing Campaigns that Target Gmail Users

Elie

In this talk we look into Gmail telemetry to illuminate the differences between phishing groups in terms of tactics and targets.

Phishing 114
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Boffins hacked Siemens Simatic S7, most secure controllers in the industry

Security Affairs

A group of Israeli researchers demonstrated that it is possible to take over the Simatic S7 controller one of the most secure controllers in the industry. A team of Israeli researchers demonstrated that it is possible to take control of the Simatic S7 controller without the knowledge of the operators. The team was composed of researchers from the Cyber ??

Hacking 112
article thumbnail

What Is Cyberwar? The Complete WIRED Guide

WIRED Threat Level

The threat of cyberwar looms over the future: a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front.

106
106
article thumbnail

18 Cyber Security Startups to Watch in 2019

eSecurity Planet

Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.

article thumbnail

Cybersecurity Firm Imperva Discloses Breach

Krebs on Security

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of We

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

article thumbnail

WannaCry Remains No. 1 Ransomware Weapon

Dark Reading

Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.

article thumbnail

Hackers are scanning the web for vulnerable Fortinet, Pulse Secure Products installs

Security Affairs

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. Fortigate Fortinet SSL VPN is being exploited in the wild since last night at scale using 1996 style././ exploit – if you use this as a security boundary, you wan

VPN 111
article thumbnail

Trump’s Intel Vacancies Put Americans in Danger

WIRED Threat Level

Sue Gordon's departure is the latest sign that US national security might be stretching its leaders too thin—and risks putting the wrong people into roles that American lives depend upon.

Risk 100
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Backdoor Found in Utility for Linux, Unix Servers

Threatpost

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.

Hacking 102
article thumbnail

What We Can Learn from the Capital One Hack

Krebs on Security

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown “zero-day” flaw, or an “insider” attack in which the accused took advantage of access surreptitiously obtained from her former employer.

Hacking 241
article thumbnail

Google Finds 20-Year-Old Microsoft Windows Vulnerability

Schneier on Security

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.

236
236
article thumbnail

5 Things to Know About Cyber Insurance

Dark Reading

More businesses are recognizing the need for cyber insurance as part of an overall security strategy. Here are some key points to consider when evaluating, purchasing, and relying on a policy.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

FBI is searching for contractors to monitor social media

Security Affairs

The FBI is searching for contractors to monitor social media for potential threats, the announcement raises concerns for user privacy. The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them. However, monitoring activity could threaten user privacy and set up possible conflicts with social media giants, such as Facebook, over privacy. “The Federal Bureau of Investigation (FBI) intends to award a firm f

Media 111
article thumbnail

A Remote-Start App Exposed Thousands of Cars to Hackers

WIRED Threat Level

The bugs could have let an industrious hacker locate cars, unlock them, and start them up from anywhere with an internet connection.

Internet 102
article thumbnail

Coordinated Ransomware Attack Hits 23 Texas Government Agencies

Threatpost

Researchers say that the targeted ransomware cyberattack on 23 Texas local and state entities represents a shift from "attacks of opportunity" to more targeted, malicious attacks.

article thumbnail

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. First American Financial Corp. In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.

Insurance 237
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.