Schneier on Security
JULY 9, 2019
A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users: The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and dates of calls, and their cell-based locations -- on at least 20 individuals. [.].
Krebs on Security
JULY 8, 2019
The crooks behind an affiliate program that paid cybercriminals to install the destructive and wildly successful GandCrab ransomware strain announced on May 31, 2019 they were terminating the program after allegedly having earned more than $2 billion in extortion payouts from victims. What follows is a deep dive into who may be responsible for recruiting new members to help spread the contagion.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 8, 2019
Almost 2 years ago to the day, I wrote about Passwords Evolved: Authentication Guidance for the Modern Era. This wasn't so much an original work on my behalf as it was a consolidation of advice from the likes of NIST, the NCSC and Microsoft about how we should be doing authentication today. I love that piece because so much of it flies in the face of traditional thinking about passwords, for example: Don't impose composition rules (upper case, lower case, numbers, etc) Don't mandate password rot
Adam Shostack
JULY 12, 2019
Conflict online — bullying, trolling, threats and the like are everywhere. The media coverage is shifting from “OMG what are we doing about this?!” to “ Wow, this is really hard.” (Ayup). I’ve been exploring how to engineer for these problems, and I joined Chris Romeo and Robert Hurlbut to talk about it on the AppSec Podcast.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Schneier on Security
JULY 11, 2019
If you need to reset the software in your GE smart light bulb -- firmware version 2.8 or later -- just follow these easy instructions : Start with your bulb off for at least 5 seconds. Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on for 8 seconds Turn off for 2 seconds Turn on.
Krebs on Security
JULY 9, 2019
Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Shostack
JULY 8, 2019
“ Safety First For Automated Driving ” is a big, over-arching whitepaper from a dozen automotive manufacturers and suppliers. One way to read it is that those disciplines have strongly developed safety cultures, which generally do not consider cybersecurity problems. This paper is the cybersecurity specialists making the argument that cyber will fit into safety, and how to do so.
Schneier on Security
JULY 8, 2019
ProPublica is reporting on companies that pretend to recover data locked up by ransomware, but just secretly pay the hackers and then mark up the cost to the victims.
Adam Levin
JULY 12, 2019
Google employees and subcontractors are listening to recordings gleaned from Google Home smart speakers and the Google Assistant smartphone app. A report from Belgian news outlet VRT NWS showed that Google regularly uses staff and subcontractors to transcribe audio recordings taken from its network of home devices for the stated purpose of improving its speech recognition technology.
Security Affairs
JULY 11, 2019
Malware researchers from Kaspersky have discovered new and improved versions of the infamous FinFisher spyware used to infect both Android and iOS devices. Experts at Kaspersky have discovered a new improved variant of the FinFisher spyware used to spy on both iOS and Android users in 20 countries. According to the experts, the new versions have been active at least since 2018, one of the samples analyzed by Kaspersky was used last month in Myanmar, where local government is accused of violating
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Adam Shostack
JULY 11, 2019
There’s a new draft available from NIST, “ Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF).” They are accepting comments through August 5th.
Schneier on Security
JULY 12, 2019
At least one presidential candidate has a policy about quantum computing and encryption. It has two basic planks. One: fund quantum-resistant encryption standards. (Note: NIST is already doing this.) Two, fund quantum computing. (Unlike many far more pressing computer security problems, the market seems to be doing this on its own quite nicely.). Okay, so not the greatest policy -- but at least one candidate has a policy.
WIRED Threat Level
JULY 7, 2019
Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework.
Security Affairs
JULY 11, 2019
‘Agent Smith’ is a new malware discovered by Check Point researchers that replaces legit Android Apps with malicious ones that infected 25 Million devices worldwide. Researchers at Check Point recently discovered a new variant of Android malware, dubbed Agent Smith, that has already infected roughly 25 million devices. The malware is disguised as a Google related application and exploits several known Android vulnerabilities to replace installed apps on the victim’s device with
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Dark Reading
JULY 11, 2019
Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.
Schneier on Security
JULY 10, 2019
Reuters has a long article on the Chinese government APT attack called Cloud Hopper. It was much bigger than originally reported. The hacking campaign, known as "Cloud Hopper," was the subject of a U.S. indictment in December that accused two Chinese nationals of identity theft and fraud. Prosecutors described an elaborate operation that victimized multiple Western companies but stopped short of naming them.
WIRED Threat Level
JULY 9, 2019
All it takes is one wrong click, and the popular video conferencing software will put you in a meeting with a stranger.
Security Affairs
JULY 7, 2019
Yesterday, July 6, 2019, hackers breached the GitHub account of Canonical Ltd., the company behind the Ubuntu Linux distribution. On July 6, 2019, hackers have breached the GitHub account of Canonical Ltd., the organization behind the Ubuntu Linux distribution. The company immediately launched an investigation, the good news is that the source code of the popular Linux distro was not impacted. “We can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credential
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
JULY 12, 2019
QNAPCrypt continues to spread via brute-force attacks.
Schneier on Security
JULY 12, 2019
In Click Here to Kill Everybody , I promised clickable endnotes. They're finally available.
Dark Reading
JULY 8, 2019
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
Security Affairs
JULY 11, 2019
Malware researchers at two security firms Intezer and Anomali have discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. Experts at security firms Intezer and Anomali have separately discovered a new piece of ransomware targeting Network Attached Storage (NAS) devices. NAS servers are a privileged target for hackers because they normally store large amounts of data.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
JULY 10, 2019
Researchers say malware infects phones in order to sneak ads on devices for profit.
eSecurity Planet
JULY 10, 2019
We review 8 top cloud access security broker (CASB) products and break down their use cases, features, technology, delivery, and pricing.
Dark Reading
JULY 12, 2019
The ruling follows years of debate over whether German schools and institutions should use Microsoft tools and services.
Security Affairs
JULY 10, 2019
The popular operating system Kali Linux is finally available for Raspberry Pi 4, this is great news for hackers and passionate. Offensive Security has announced the availability of the popular operating system Kali Linux for Raspberry Pi 4, this is great news for hackers and security experts. Raspberry Pi 4 is a single-board computer developed in the United Kingdom by the Raspberry Pi Foundation , it was officially released in June 2019 with a 1.5 GHz 64-bit quad-core ARM Cortex-A72 processor,
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
JULY 9, 2019
The vulnerability can be exploited on a drive-by basis by a malicious website.
WIRED Threat Level
JULY 12, 2019
Some deals are too good to be true, even on the most made-up holiday of all.
Dark Reading
JULY 11, 2019
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
Security Affairs
JULY 12, 2019
BITPoint Japan-based cryptocurrency announced that hackers have stolen more than $32 million (3.5 billion yen) worth of cryptocurrency due to a cyber attack. BITPoint Japan-based cryptocurrency was victim of a cyber attack, the Remixpoint’s subsidiary announced that hackers have stolen more than $32 million (3.5 billion yen) worth of cryptocurrency.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
277 
Let's personalize your content