Schneier on Security
JULY 18, 2018
Recently, Apple introduced restricted mode to protect iPhones from attacks by companies like Cellebrite and Greyshift , which allow attackers to recover information from a phone without the password or fingerprint. Elcomsoft just announced that it can easily bypass it. There is an important lesson in this: security is hard. Apple Computer has one of the best security teams on the planet.
Krebs on Security
JULY 16, 2018
A 21-year-old Kentucky man has pleaded guilty to authoring and distributing a popular hacking tool called “ LuminosityLink ,” a malware strain that security experts say was used by thousands of customers to gain unauthorized access to tens of thousands of computers across 78 countries worldwide. The LuminosityLink Remote Access Tool (RAT) was sold for $40 to thousands of customers, who used the tool to gain unauthorized access to tens of thousands of computers worldwide.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
JULY 16, 2018
When I first wrote about Cloud Access Security Brokers in 2015, so-called CASBs were attracting venture capital by the truckloads — and winning stunning customer testimonials. CASBs (pronounced caz-bees) originally sought to resolve a fast rising security nightmare: Shadow IT. Related podcast: Web gateways emerge as crucial defense layer. Striving to be productive, well-intentioned employees raced out to subscribe to cloud-enabled storage services, collaboration suites and project manageme
Adam Levin
JULY 16, 2018
The personal data for up to 14 million Verizon customers was discovered on an unprotected web server in late June by a cyber risk researcher. The Verizon customer data was posted to a publicly-accessible Amazon Web Server by an employee of Nice Systems, which is an enterprise software company. Included in this data was a wide range of personal information associated with anyone who had contacted Verizon’s customer service representatives over the last several months.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JULY 20, 2018
The company ProtectWise just published a long report linking a bunch of Chinese cyber-operations over the past few years. The always interesting gruqq has some interesting commentary on the group and its tactics. Lots of detailed information in the report, but I admit that I have never heard of ProtectWise or its research team 401TRG. Independent corroboration of this information would be helpful.
Troy Hunt
JULY 19, 2018
Two of my favourite developer things these days are Azure Functions and Cloudflare Workers. They're both "serverless" in that rather than running on your own slice of infrastructure, that concept is abstracted away and you get to focus on just code executions rather than the logical bounds of the server it runs on. So for example, when you have an Azure function and you deploy it under a consumption plan , you pay for per-second resource consumption (how much memory you use for how long)
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Adam Levin
JULY 20, 2018
LabCorp Diagnostics, one of the biggest medical diagnostic companies in the U.S., disclosed that it was investigating a data breach that may have occurred on their networks. While LabCorp isn’t a household name, there’s a good chance they’ve handled some of your medical records or those belonging to someone you know. As listed on their website, the company handles “more than 115 million patient encounters per year [and] processes tests on more than 2.5 million patient specimens per week[.]”.
Schneier on Security
JULY 17, 2018
Watch how someone installs a credit card skimmer in just a couple of seconds. I don't know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station.
Troy Hunt
JULY 17, 2018
I love so many of the underlying principles of GDPR as it relates to protecting our personal data. I love the idea of us providing it for a specific purpose and it not being used beyond that. I love that it seeks to give us more control over access to (and erasure of) our data. I also love that the regulation has the potential to seriously bite organisations that don't protect it.
Adam Shostack
JULY 16, 2018
Emergynt has created the Emergynt Risk Deck , a set of 51 cards, representing actors, vulnerabilities, targets, consequences and risks. It’s more a discussion tool than a game, but I have a weakness for the word “emergent,” and I’ve added it to my list of security games. Also, Lancaster University has created an Agile Security Game.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
JULY 18, 2018
July's critical patch update addresses 334 security vulnerabilities (including 61 rated critical) covering a vast swathe of the Oracle enterprise portfolio.
WIRED Threat Level
JULY 18, 2018
Buried in media scholar Jonathan Albright's research was proof of a massive political misinformation campaign. Now he's taking on the the world's biggest platforms before it's too late.
Troy Hunt
JULY 20, 2018
This week I'm doing my best "dress like a professional" impersonation as I prepare to record the next episode in our quarterly Creating a Security-centric Culture series. We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing.
Security Affairs
JULY 17, 2018
Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers and manipulate road navigation systems. Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers. The kit could be used to deceive receivers used by navigation systems and suggest drivers the wrong direction. “we explore the feasibility of a stealthy manipulation attack against road navigation systems.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
JULY 19, 2018
Hackers are embedding malicious code within compromised, uploaded images on trusted Google sites – weaponizing the website and staying under the radar.
WIRED Threat Level
JULY 16, 2018
A new facial recognition tool by RealNetworks aims to keep kids safe in school. But privacy experts fear the unchecked surveillance of kids could go awry.
Thales Cloud Protection & Licensing
JULY 19, 2018
Recently the Payment Card Industry Security Standards Council (PCI SSC) announced a minor update to the PCI DSS standard largely to make it easier to read with respect to key dates that are now in the past. It also made clear that by now organisations should have migrated from vulnerable Secure Sockets Layer (SSL) and early Transport Layer Security (TLS) implementations to full strength TLS when securing their communications links.
Security Affairs
JULY 15, 2018
Researchers from the Z-Lab at CSE Cybsec analyzed a new collection of malware allegedly part of a new espionage campaign conducted by the APT28 group. It was a long weekend for the researchers from the Z-Lab at CSE Cybsec that completed the analysis a number of payloads being part of a new cyber espionage campaign conducted by the Russian APT28 group (aka Fancy Bear , Pawn Storm , Sednit , Sofacy, and Strontium ).
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Kali Linux
JULY 17, 2018
We use live-build to create our official Kali releases and we encourage users to jump in and build their own customized versions of Kali whenever we can. Our documentation of the process is one of the most popular items on our documentation site , and the Kali Dojo also revolves around this topic. We love it and our users love it. One roadblock of live-build has always been the fact that you need a Kali system to build a Kali system.
WIRED Threat Level
JULY 20, 2018
Phishing attempts and DDoS attacks have begun hitting 2018 campaigns. The US seems ill-prepared to meet the challenge.
Thales Cloud Protection & Licensing
JULY 16, 2018
In June, Microsoft issued a patch for Cortana to solve a vulnerability whereby threat actors could access devices by activating their search functions, even if the devices were locked. As threat levels increase and the use of digital assistants grows, we wanted to take a look at how security concerns, as well as knowledge of security management, really plays out in the consumer mind.
Security Affairs
JULY 16, 2018
A security researcher discovered that the IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs. The IoT search engine ZoomEye has cached login passwords for tens of thousands of Dahua DVRs, the discovery was made by security researcher Ankit Anubhav, Principal Researcher at NewSky Security. Anubhav explained that the passwords are related to Dahua DVRs running very old firmware that is known to be affected by a five-year-old vulnerability tracked as CVE-2013
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Dark Reading
JULY 19, 2018
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
WIRED Threat Level
JULY 17, 2018
You may not have heard of Safe Browsing, but it's made the web more secure for over a decade. Here's its story, from the people who built it.
Security Affairs
JULY 18, 2018
Experts uncovered a money laundering ring that leverages fake Apple accounts and gaming profiles to make transactions with stolen payment cards. A money laundering ring leverages fake Apple accounts and gaming profiles to make transactions with stolen payment cards and then sells these game premiums on online forums and within gaming communities. The money laundering operation was unveiled by the US Department of Justice, the investigation started in mid-June when the experts from Kromtech Secur
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Dark Reading
JULY 16, 2018
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Threatpost
JULY 17, 2018
IT companies allege that one of New Zealand’s largest networks of doctors and nurses has been storing hundreds of thousands of sensitive patient records, without express consent.
WIRED Threat Level
JULY 14, 2018
Drone plans for sale, a Silk Road arrest, and more security news this week.
Security Affairs
JULY 16, 2018
Cyber Defense Magazine July 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with over 140 pages of excellent content. InfoSec Knowledge is Power. We have 6 years of eMagazines online with timeless content. Visit our online library by clicking here. Cyber Defense eMagazine. July 2018 Edition has arrived. We hope you enjoy this month’s edition…packed with 140 pages of excellent content.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
218 
Let's personalize your content