Krebs on Security
JULY 8, 2019
The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.
Schneier on Security
JULY 9, 2019
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and dates of calls, and their cell-based locations -- on at least 20 individuals. [.].
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 8, 2019
Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today. I love that piece because so much of it flies in the face of traditional thinking about passwords, for example: Don't impose composition rules (upper case, lower case, numbers, etc) Don't mandate password rot
Adam Shostack
JULY 12, 2019
Conflict online — bullying, trolling, threats and the like are everywhere. The media coverage is shifting from “OMG what are we doing about this?!” to “ Wow, this is really hard.” (Ayup). I’ve been exploring how to engineer for these problems, and I joined Chris Romeo and Robert Hurlbut to talk about it on the AppSec Podcast.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
JULY 9, 2019
Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.
Schneier on Security
JULY 11, 2019
If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions : Start with your bulb off for at least 5 seconds. Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Shostack
JULY 8, 2019
“ Safety First For Automated Driving ” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. One way to read it is that those disciplines have strongly developed safety cultures, which generally do not consider cybersecurity problems. This paper is the cybersecurity specialists making the argument that cyber will fit into safety, and how to do so.
Adam Levin
JULY 12, 2019
Google employees and subcontractors are listening to recordings gleaned from Google Home smart speakers and the Google Assistant smartphone app. A report from Belgian news outlet VRT NWS showed that Google regularly uses staff and subcontractors to transcribe audio recordings taken from its network of home devices for the stated purpose of improving its speech recognition technology.
Schneier on Security
JULY 8, 2019
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.
Security Affairs
JULY 7, 2019
Yesterday, July 6, 2019, hackers breached the GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution. On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., the organization behind the Ubuntu Linux distribution. The company immediately launched an investigation, the good news is that the source code of the popular Linux distro was not impacted. “We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credential
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Adam Shostack
JULY 11, 2019
There’s a new draft available from NIST, “ Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” They are accepting comments through August 5th.
WIRED Threat Level
JULY 7, 2019
Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework.
Schneier on Security
JULY 8, 2019
MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance: A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser.
Security Affairs
JULY 11, 2019
Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries. According to the experts, the new versions have been active at least since 2018, one of the samples analyzed by Kaspersky was used last month in Myanmar, where local government is accused of violating
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
JULY 9, 2019
Black Hat USA programming will dive into the ways DevOps-driven shifts in practices and tools are introducing both new vulnerabilities and new ways of securing enterprises.
WIRED Threat Level
JULY 9, 2019
All it takes is one wrong click, and the popular video conferencing software will put you in a meeting with a stranger.
Schneier on Security
JULY 12, 2019
At least one presidential candidate has a policy about quantum computing and encryption. It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.). Okay, so not the greatest policy -- but at least one candidate has a policy.
Security Affairs
JULY 11, 2019
‘Agent Smith’ is a new malware discovered by Check Point researchers that replaces legit Android Apps with malicious ones that infected 25 Million devices worldwide. Researchers at Check Point recently discovered a new variant of Android malware, dubbed Agent Smith, that has already infected roughly 25 million devices. The malware is disguised as a Google related application and exploits several known Android vulnerabilities to replace installed apps on the victim’s device with
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JULY 8, 2019
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
eSecurity Planet
JULY 10, 2019
We review 8 top cloud access security broker (CASB) products and break down their use cases, features, technology, delivery, and pricing.
Schneier on Security
JULY 10, 2019
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them.
Security Affairs
JULY 8, 2019
Government computer systems at La Porte County, Indiana, were shut down after a cyber attack hit them on July 6. Experts believe it was a ransomware attack. On July 6, a cyber attack brought down government computer systems atLa Porte County, Indiana. At the time of writing, there were only a few details about the attack, according to LaPorte County Commission President Dr.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Dark Reading
JULY 10, 2019
A Raspberry Pi attached to the network at NASA JPL became the doorway for a massive intrusion and subsequent data loss. Here's how to keep the same thing from happening to your network.
Threatpost
JULY 9, 2019
Intel issued patches for a high-severity flaw in its processor diagnostic tool as well as a fix for a medium-severity vulnerability in its data center SSD lineup.
Schneier on Security
JULY 12, 2019
In Click Here to Kill Everybody , I promised clickable endnotes. They're finally available.
Security Affairs
JULY 12, 2019
BITPoint Japan-based cryptocurrency announced that hackers have stolen more than $32 million (3.5 billion yen) worth of cryptocurrency due to a cyber attack. BITPoint Japan-based cryptocurrency was victim of a cyber attack, the Remixpoint’s subsidiary announced that hackers have stolen more than $32 million (3.5 billion yen) worth of cryptocurrency.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Dark Reading
JULY 11, 2019
About a third of cybersecurity professionals believe that their companies see more cyberattacks during the summer, but the survey data does not convince on the reasons for the perception of a summer bump.
Threatpost
JULY 12, 2019
A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation.
WIRED Threat Level
JULY 12, 2019
Parents can use Life360 to track their teen’s location in real time. The company can use that data to sell car insurance.
Security Affairs
JULY 10, 2019
You work hard to keep your kids safe from so many different dangers, but every day they are exposed to countless threats online. . Predators, disturbing content, identity theft attempts, and other things you wouldn’t let them experience in real life are all waiting for them. Shockingly, 1 in 5 U.S. teenagers say they have been approached in a sexual way by strangers online; only 25% told their parents.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
262 
Let's personalize your content