September, 2019

article thumbnail

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Banking 279
article thumbnail

The Doghouse: Crown Sterling

Schneier on Security

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway. I want to put forward cases for both arguments here because seeing both sides is important. I want to help shed some light on why this practice happens and argue pragmatically both for and against.

Banking 234
article thumbnail

Voice Deepfake Scams CEO out of $243,000

Adam Levin

The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.

Scams 233
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Small businesses underestimate financial damage of cyberattacks

Tech Republic Security

The average breach causes an average of $149,000 in damages, yet most small-to-medium-sized businesses thought cyberattacks would cost them under $10,000, survey reports.

article thumbnail

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Thales Cloud Protection & Licensing

Access management is increasingly the answer to #TrustedAccess. With two decades of cloud computing now under the belt, this question is increasingly more relevant in our hyper-connected world. Massive amounts of data are constantly produced globally, shared and stored by a rapidly growing number of devices in an expanding cloud environment. But the tremendous capabilities and convenience we’ve come to depend on via the cloud often leaves the door open to increasing vulnerabilities.

More Trending

article thumbnail

Another Side Channel in Intel Chips

Schneier on Security

Not that serious, but interesting : In late 2011, Intel introduced a performance enhancement to its line of server processors that allowed network cards and other peripherals to connect directly to a CPU's last-level cache, rather than following the standard (and significantly longer) path through the server's main memory. By avoiding system memory, Intel's DDIO­short for Data-Direct I/O­increased input/output bandwidth and reduced latency and power consumption.

238
238
article thumbnail

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Hacking 111
article thumbnail

Top Cybersecurity Companies

eSecurity Planet

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

article thumbnail

Financial impact of ransomware attacks increasing despite overall decrease in attacks

Tech Republic Security

Vulnerabilities originally discovered by US government security services have been used by cybercriminals against municipalities, costing taxpayers an estimated $11.5 billion in 2019.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Ensure Your Digital Security During the Rugby World Cup

Thales Cloud Protection & Licensing

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Sports fans aren’t the only ones who are looking forward to this event. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament. It’s not like bad actors haven’t taken an interest in major sporting events before.

IoT 105
article thumbnail

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

article thumbnail

Massive iPhone Hack Targets Uyghurs

Schneier on Security

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.).

Hacking 238
article thumbnail

Hundreds of millions of Facebook users’ phone numbers exposed online

Security Affairs

New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The State of Malware Analysis: Advice from the Trenches

Lenny Zeltser

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute: Jim Clausing : Security Architect at AT&T and Internet Storm Center Handler (Panelist) Evan Dygert : Senior Security Engineer for Blue Cross Blue Shield Assoc

Malware 93
article thumbnail

Exposed RDP servers see 150K brute-force attempts per week: Here's how to protect them

Tech Republic Security

BlueKeep and DejaBlue renewed interest in brute-force scanning for vulnerable systems, which negatively impacts Windows Server performance. Cameyo has solutions to protect your Virtual Desktop server.

149
149
article thumbnail

Black Hat/DefCon 2019: Where is Quantum?

Thales Cloud Protection & Licensing

The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str

IoT 104
article thumbnail

Before He Spammed You, this Sly Prince Stalked Your Mailbox

Krebs on Security

A reader forwarded what he briefly imagined might be a bold, if potentially costly, innovation on the old Nigerian prince scam that asks for help squirreling away millions in unclaimed fortune: It was sent via the U.S. Postal Service, with a postmarked stamp and everything. In truth these old fashioned “advance fee” or “419” scams predate email and have circulated via postal mail in various forms and countries over the years.

Scams 208
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Supply-Chain Security and Trust

Schneier on Security

The United States government's continuing disagreement with the Chinese company Huawei underscores a much larger problem with computer technologies in general: We have no choice but to trust them completely, and it's impossible to verify that they're trustworthy. Solving this problem ­ which is increasingly a national security issue ­ will require us to both make major policy changes and invent new technologies.

article thumbnail

Backup files for Lion Air and parent airlines exposed and exchanged on forums

Security Affairs

Tens of millions of records belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. Data belonging to passengers of two airline companies owned by Lion Air have been exposed and exchanged on forums. The information was left exposed online on an unsecured Amazon bucket, the records were stored in two databases in a directory containing backup files mostly for Malindo Air and Thai Lion Air.

Backups 111
article thumbnail

7 Ways VPNs Can Turn from Ally to Threat

Dark Reading

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.

VPN 93
article thumbnail

How to control your privacy in Android 10

Tech Republic Security

With the newest Android version, Google has tried to improve and simplify the process of managing your privacy. Learn how to use the privacy controls and options in Android 10.

148
148
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

IoT and Quantum Computing’s Impact on the Federal Government

Thales Cloud Protection & Licensing

As government agencies get back to work after summer barbeques, family vacations and once-in-a-lifetime getaways, the focus is on the priorities for the rest of 2019. Cybersecurity remains one of the top concerns and priorities for our government. The focus on the rest of 2019 and looking ahead to 2020 was very clear when I attended two recent industry events.

IoT 101
article thumbnail

Mozilla Introduces Mechanism to Hijack all DNS Traffic in the Name of Privacy

PerezBox Security

In September of 2019 Mozilla will begin releasing DNS over HTTPS (DOH) in Firefox via their Trusted Recursive Resolver (TRR) program. A primer on DNS Security. The change is based. Read More. The post Mozilla Introduces Mechanism to Hijack all DNS Traffic in the Name of Privacy appeared first on PerezBox.

DNS 91
article thumbnail

Russians Hack FBI Comms System

Schneier on Security

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet.

Hacking 227
article thumbnail

A flaw in LastPass password manager leaks credentials from previous site

Security Affairs

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

After Six Years in Exile, Edward Snowden Explains Himself

WIRED Threat Level

In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists.

article thumbnail

Hackers targeting commercial routers to inject credit card stealing code in shopping sites

Tech Republic Security

Magecart 5 is targeting Layer 7 routers used in airports, casinos, hotels, and resorts, and others, to steal credit card data on popular US and Chinese shopping sites.

144
144
article thumbnail

The Etiquette of Respecting Privacy in the Age of IoT

Dark Reading

Is it rude to ask someone to shut off their Alexa? Ask the family who's written the book on etiquette for nearly 100 years -- the descendants of Emily Post herself.

IoT 93
article thumbnail

Smart TVs, Subscription Services Leak Data to Facebook, Google

Threatpost

Researchers discovered that smart TVs from Samsung, LG and others are sending sensitive user data to partner tech firms even when devices are idle.

IoT 90
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.