Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user's device, scanning each cleartext message before it is sent and each encrypted message after it is dec

Encryption 139

Encryption Manufacturing Mobile Government 139

Krebs on Security

AUGUST 22, 2019

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee , an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United S

Energy and Utilities 276

Energy and Utilities Retail Data breaches Marketing 276

Troy Hunt

AUGUST 12, 2019

251

251

Adam Levin

AUGUST 19, 2019

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. . The Texas Department of Information Resources (DIR) became aware of the ransomware campaign after being contacted by the municipal governments of several towns that were unable to access critical files. The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Secur

Government 213

Government Ransomware Encryption Malware 213

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

AUGUST 1, 2019

Company officials at Capital One Financial Corp ought to have a crystal clear idea of what to expect next — after admitting to have allowed a gargantuan data breach. Capital One’s mea culpa coincided with the FBI’s early morning raid of a Seattle residence to arrest Paige Thompson. Authorities charged the 33-year-old former Amazon software engineer with masterminding the hack.

Data privacy 198

Data privacy Data breaches Internet Internet 198

Adam Shostack

AUGUST 2, 2019

Shortly, I’m off to Blackhat. My Threat Modeling Intensive classes both sold out (thank you!). Nearly a decade ago, I put forth a set of best practices: Breath mints Ricola Purell Advil Gatorade This year, I’m adding a travel humidifier. I’ve been using this one, and it really needs to soak for 10 minutes, but then it adds a nice stream of moisture to the room.

192

192

Krebs on Security

AUGUST 7, 2019

Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists.

Wireless 266

Wireless Mobile Banking Authentication 266

Troy Hunt

AUGUST 2, 2019

Over the last year and a bit I've been working to make more data in HIBP freely available to governments around the world that want to monitor their own exposure in data breaches. Like the rest of us, governments regularly rely on services that fall victim to attacks resulting in data being disclosed and just like the commercial organisations monitoring domains on HIBP, understanding that exposure is important.

Government 229

Government Data breaches 229

Adam Levin

AUGUST 15, 2019

Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations. . Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data breach.

Hacking 182

Hacking Data breaches Insurance Government 182

The Last Watchdog

AUGUST 20, 2019

A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online. Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers. Related: Most companies ignorant about rising mobile attacks While it might be tempting to dismiss the potential revenue lost by Apple, Samsung, HTC and other suppliers of authentic phones, this counterfeit wave is particu

Malware 185

Malware Mobile Manufacturing Marketing 185

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Elie

AUGUST 18, 2019

In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried.

Passwords 118

Passwords Accountability 118

Schneier on Security

AUGUST 2, 2019

Yesterday, I blogged about a Facebook plan to backdoor WhatsApp by adding client-side scanning and filtering. It seems that I was wrong, and there are no such plans. The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video presentation from a Facebook developers conference.

Encryption 262

Encryption Engineering Authentication 262

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. This story is about how crooks increasingly are abusing third-party financial aggregation services like Mint , Plaid , Yodlee , YNAB and others to surveil and drain consumer accounts online.

Banking 258

Banking Passwords Risk Accountability 258

Troy Hunt

AUGUST 26, 2019

Australia! Sunshine, good coffee and back in the water on the tail end of "winter". I'm pretty late doing this week's video as the time has disappeared rather quickly and I'm making the most of it before the next round of events. Be that as it may, there's a bunch of new stuff this week not least of which is the unexpected limit I hit with the Azure API Management consumption tier.

InfoSec 173

InfoSec CISO 173

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

AUGUST 5, 2019

A report from the Senate Intelligence Committee released last week concluded that the Russian government extensively interfered in U.S. elections from 2014 to at least 2017. The partially redacted bipartisan report describes several findings related to Russian activities, including: “While the Committee does not know with confidence what Moscow’s intentions were, Russia may have been probing vulnerabilities in voting systems to exploit later… [or] may have sought to undermine confidence in the 2

Cyber Attacks 174

Cyber Attacks Government Cybersecurity Hacking 174

The Last Watchdog

AUGUST 22, 2019

178

178

Thales Cloud Protection & Licensing

AUGUST 20, 2019

117

117

Schneier on Security

AUGUST 16, 2019

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System.

Software 252

Software Architecture Engineering Hacking 252

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

AUGUST 27, 2019

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of We

Cybersecurity 254

Cybersecurity Firewall Passwords Data breaches 254

Troy Hunt

AUGUST 10, 2019

Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed me of my voice but hey, I got a flying cow! Scott and I both spent BSides, Black Hat and DEF CON doing "hallway con" or in other words, wandering around just meeting people. The personal engagement you get from these ad hoc meetups really can't be beat and I appreciate everyone who took the time to come over and say hi.

CISO 163

CISO Data breaches Passwords 163

Adam Levin

AUGUST 31, 2019

Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.

Hacking 172

Hacking Accountability Malware Passwords 172

The Last Watchdog

AUGUST 26, 2019

Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.

Artificial Intelligence 157

Artificial Intelligence Hacking Technology Malware 157

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

AUGUST 2, 2019

The British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

Cybersecurity 117

Cybersecurity Data breaches Government Encryption 117

Schneier on Security

AUGUST 14, 2019

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

Encryption 250

Encryption Telecommunications Risk Government 250

Krebs on Security

AUGUST 2, 2019

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown “zero-day” flaw, or an “insider” attack in which the accused took advantage of access surreptitiously obtained from her former employer.

Hacking 243

Hacking Firewall Data breaches Software 243

Troy Hunt

AUGUST 4, 2019

Vegas! I'm a bit late with this week's update but I thought I'd catch up with Scott Helme and do the video together. We're talking about the events in Vegas, the ongoing Project Svalbard process, some very screwy messaging about certificates from Sectigo and the Irish government coming on board HIBP. Next week we'll do another one from Vegas and talk about what the events of the week here were like.

CISO 162

CISO Government 162

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Adam Levin

AUGUST 26, 2019

The data breach of Capital One was big news, but it was also a familiar story: a major financial company with the budget and means to secure its data didn’t bother to do so, and the personal information of over a hundred million of its customers and applicants was exposed. The discovery, announcement, and subsequent arrest of the alleged perpetrator all happened within a week of the FTC’s settlement with Equifax for its own 2017 mega-breach.

Data breaches 142

Data breaches Cyber Insurance Hacking Insurance 142

The Last Watchdog

AUGUST 19, 2019

IoT 157

IoT Mobile 157

Thales Cloud Protection & Licensing

AUGUST 13, 2019

Originally published in Payments Journal on July 31, 2019. There’s a very tough question on the table that no one can afford to ignore: If more than half of global IT and security executives say they actively fear the exposure of payment card data and other personal identifiable information, why are 70% of them not deploying measures such as encryption to maintain security?

Threat Reports 115

Threat Reports Encryption Internet Internet 115

Schneier on Security

AUGUST 21, 2019

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.

243

243

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity