Sat.Jul 14, 2018 - Fri.Jul 20, 2018

article thumbnail

Defeating the iPhone Restricted Mode

Schneier on Security

Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift , which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson in this: security is hard. Apple Computer has one of the best security teams on the planet.

article thumbnail

Human Resources Firm ComplyRight Breached

Krebs on Security

Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including names, addresses, phone numbers, email addresses and Social Security numbers -- from tax forms submitted by the company's thousands of clients on behalf of employees. Cloud-based human resources company ComplyRight said this week that a security breach of its Web site may have jeopardized sensitive consumer information -- including

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Companies need CASBs now more than ever — to help secure ‘digital transformation’

The Last Watchdog

When I first wrote about Cloud Access Security Brokers in 2015, so-called CASBs were attracting venture capital by the truckloads — and winning stunning customer testimonials. CASBs (pronounced caz-bees) originally sought to resolve a fast rising security nightmare: Shadow IT. Related podcast: Web gateways emerge as crucial defense layer. Striving to be productive, well-intentioned employees raced out to subscribe to cloud-enabled storage services, collaboration suites and project manageme

article thumbnail

14 Million Verizon Customers Affected by Data Compromise

Adam Levin

The personal data for up to 14 million Verizon customers was discovered on an unprotected web server in late June by a cyber risk researcher. The Verizon customer data was posted to a publicly-accessible Amazon Web Server by an employee of Nice Systems, which is an enterprise software company. Included in this data was a wide range of personal information associated with anyone who had contacted Verizon’s customer service representatives over the last several months.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Report on Chinese Intelligence Cyber-Operations

Schneier on Security

The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information would be helpful.

223
223
article thumbnail

‘LuminosityLink RAT’ Author Pleads Guilty

Krebs on Security

A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “ LuminosityLink ,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide. The LuminosityLink Remote Access Tool (RAT) was sold for $40 to thousands of customers, who used the tool to gain unauthorized access to tens of thousands of computers worldwide.

Marketing 158

More Trending

article thumbnail

Ukraine Blocks a Russian Hack, a Silk Road Arrest, and More Security News This Week

WIRED Threat Level

Drone plans for sale, a Silk Road arrest, and more security news this week.

Hacking 104
article thumbnail

Installing a Credit Card Skimmer on a POS Terminal

Schneier on Security

Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station.

142
142
article thumbnail

Medical Diagnostic Company LabCorp Experiences Data Breach

Adam Levin

LabCorp Diagnostics, one of the biggest medical diagnostic companies in the U.S., disclosed that it was investigating a data breach that may have occurred on their networks. While LabCorp isn’t a household name, there’s a good chance they’ve handled some of your medical records or those belonging to someone you know. As listed on their website, the company handles “more than 115 million patient encounters per year [and] processes tests on more than 2.5 million patient specimens per week[.]”.

article thumbnail

New Pluralsight Course: The State of GDPR - Common Questions and Misperceptions

Troy Hunt

I love so many of the underlying principles of GDPR as it relates to protecting our personal data. I love the idea of us providing it for a specific purpose and it not being used beyond that. I love that it seeks to give us more control over access to (and erasure of) our data. I also love that the regulation has the potential to seriously bite organisations that don't protect it.

InfoSec 125
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hey, this movie looks pretty interesting!

Adam Shostack

100
100
article thumbnail

Oracle Sets All-Time Record with July Critical Patch Update

Threatpost

July's critical patch update addresses 334 security vulnerabilities (including 61 rated critical) covering a vast swathe of the Oracle enterprise portfolio.

88
article thumbnail

Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products

Security Affairs

Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374 , CVE-2018-0375 , CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing.

article thumbnail

Weekly Update 96

Troy Hunt

This week I'm doing my best "dress like a professional" impersonation as I prepare to record the next episode in our quarterly Creating a Security-centric Culture series. We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing.

115
115
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Keeping the Internet Secure

Adam Shostack

Today, a global coalition led by civil society and technology experts sent a letter asking the government of Australia to abandon plans to introduce legislation that would undermine strong encryption. The letter calls on government officials to become proponents of digital security and work collaboratively to help law enforcement adapt to the digital era.

Internet 100
article thumbnail

Meet Jonathan Albright, The Digital Sleuth Exposing Fake News

WIRED Threat Level

Buried in media scholar Jonathan Albright's research was proof of a massive political misinformation campaign. Now he's taking on the the world's biggest platforms before it's too late.

Media 80
article thumbnail

Anarchy botmaster builds a botnet of 18,000 Huawei routers in a few hours

Security Affairs

The popular Anarchy botmaster builds a botnet of 18,000 Huawei routers in a few hours, and it is also planning to target vulnerable Realtek routers. NewSky Security first reported the born a new huge botnet, in just one day the botmaster compromised more than 18,000 Huawei routers. NewSky security researcher Ankit Anubhav announced that the botnet had already infected 18,000 routers.

IoT 76
article thumbnail

6 Ways to Tell an Insider Has Gone Rogue

Dark Reading

Malicious activity by trusted users can be very hard to catch, so look for these red flags.

73
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Games and Cards

Adam Shostack

Emergynt has created the Emergynt Risk Deck , a set of 51 cards, representing actors, vulnerabilities, targets, consequences and risks. It’s more a discussion tool than a game, but I have a weakness for the word “emergent,” and I’ve added it to my list of security games. Also, Lancaster University has created an Agile Security Game.

Risk 100
article thumbnail

The Midterm Elections Are Already Under Attack

WIRED Threat Level

Phishing attempts and DDoS attacks have begun hitting 2018 campaigns. The US seems ill-prepared to meet the challenge.

DDOS 77
article thumbnail

Researchers show how to manipulate road navigation systems with low-cost devices

Security Affairs

Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers and manipulate road navigation systems. Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers. The kit could be used to deceive receivers used by navigation systems and suggest drivers the wrong direction. “we explore the feasibility of a stealthy manipulation attack against road navigation systems.

article thumbnail

Stealthy Malware Hidden in Images Takes to GoogleUserContent

Threatpost

Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.

Malware 65
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Less Than Half of Cyberattacks Detected via Antivirus: SANS

Dark Reading

Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.

article thumbnail

RealNetworks Launches Free Facial Recognition Tool for Schools

WIRED Threat Level

A new facial recognition tool by RealNetworks aims to keep kids safe in school. But privacy experts fear the unchecked surveillance of kids could go awry.

article thumbnail

Update CSE Malware ZLab – Operation Roman Holiday – Hunting the Russian APT28

Security Affairs

Researchers from the Z-Lab at CSE Cybsec analyzed a new collection of malware allegedly part of a new espionage campaign conducted by the APT28 group. It was a long weekend for the researchers from the Z-Lab at CSE Cybsec that completed the analysis a number of payloads being part of a new cyber espionage campaign conducted by the Russian APT28 group (aka Fancy Bear , Pawn Storm , Sednit , Sofacy, and Strontium ).

Malware 75
article thumbnail

The Latest on PCI: Minor on PCI DSS, Major on Almost Everything Else

Thales Cloud Protection & Licensing

Recently the Payment Card Industry Security Standards Council (PCI SSC) announced a minor update to the PCI DSS standard largely to make it easier to read with respect to key dates that are now in the past. It also made clear that by now organisations should have migrated from vulnerable Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) implementations to full strength TLS when securing their communications links.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Fundamental Flaw in Security Awareness Programs

Dark Reading

It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.

article thumbnail

How Google's Safe Browsing Helped Build a More Secure Web

WIRED Threat Level

You may not have heard of Safe Browsing, but it's made the web more secure for over a decade. Here's its story, from the people who built it.

73
article thumbnail

ZoomEye IoT search engine cached login passwords for tens of thousands of Dahua DVRs

Security Affairs

A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security. Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013

IoT 75
article thumbnail

Digital Assistants Could Be Amongst the Hottest Selling Items on Amazon Prime Day, But Security Fears Are Still Putting Some Consumers Off

Thales Cloud Protection & Licensing

In June, Microsoft issued a patch for Cortana to solve a vulnerability whereby threat actors could access devices by activating their search functions, even if the devices were locked. As threat levels increase and the use of digital assistants grows, we wanted to take a look at how security concerns, as well as knowledge of security management, really plays out in the consumer mind.

IoT 54
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!