Sat.Jan 25, 2020 - Fri.Jan 31, 2020

article thumbnail

Wawa Breach May Have Compromised More Than 30 Million Payment Cards

Krebs on Security

In late December 2019, fuel and convenience store chain Wawa Inc. said a nine-month-long breach of its payment card processing systems may have led to the theft of card data from customers who visited any of its 850 locations nationwide. Now, fraud experts say the first batch of card data stolen from Wawa customers is being sold at one of the underground’s most popular crime shops, which claims to have 30 million records to peddle from a new nationwide breach.

Retail 328
article thumbnail

NSA Security Awareness Posters

Schneier on Security

From a FOIA request, over a hundred old NSA security awareness posters. Here are the BBC's favorites. Here are Motherboard's favorites. I have a related personal story. Back in 1993, during the first Crypto Wars, I and a handful of other academic cryptographers visited the NSA for some meeting or another. These sorts of security awareness posters were everywhere, but there was one I especially liked -- and I asked for a copy.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Avast Subsidiary Sells User Browsing History

Adam Levin

A subsidiary of Avast antivirus is selling sensitive user browsing data to many companies, including Revlon, Microsoft, Google, Yelp, Condé Nast, and TripAdvisor. According to a recent joint investigation by Vice’s Motherboard and PCMag, highly granular and sensitive user data from users of Avast antivirus is being repackaged and sold to companies via a subsidiary called Jumpshot which promises buyers of the data information on “Every search.

article thumbnail

GUEST ESSAY: Strategic tactics are key to a robust Cloud Security Posture Management regime

The Last Watchdog

A cyber strategy is a documented approach to handling various aspects of cyberspace. It is mostly developed to address the cybersecurity needs of an entity by focusing on how data, networks, technical systems, and people are protected. An effective cyber strategy is normally on par with the cybersecurity risk exposure of an entity. It covers all possible attack landscapes that can be targeted by malicious parties.

Risk 203
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Iowa Prosecutors Drop Charges Against Men Hired to Test Their Security

Krebs on Security

On Sept. 11, 2019, two security experts at a company that had been hired by the state of Iowa to test the physical and network security of its judicial system were arrested while probing the security of an Iowa county courthouse, jailed in orange jumpsuits, charged with burglary, and held on $100,000 bail. On Thursday Jan. 30, prosecutors in Iowa announced they had dropped the criminal charges.

article thumbnail

Customer Tracking at Ralphs Grocery Store

Schneier on Security

To comply with California's new data privacy law, companies that collect information on consumers and users are forced to be more transparent about it. Sometimes the results are creepy. Here's an article about Ralphs, a California supermarket chain owned by Kroger: the form proceeds to state that, as part of signing up for a rewards card, Ralphs "may collect" information such as "your level of education, type of employment, information about your health and information about insurance coverage y

More Trending

article thumbnail

Weekly Update 176

Troy Hunt

Well that's the audio issues fixed - mostly. The Zoom H6 is an awesome recorder, I just can't quite work out the right adaptors for the mic. I've got a couple of Saramonic SR-XLM1 lav mics and the guy at the DJ store I bought the Zoom from was convinced we'd be fine with just with 3.5mm to 6.35mm jack converters which appears to be incorrect. Someone else hen said we'd need a TRRS to TRS adaptor so we grabbed a couple of Rode SC3s which also didn't solve the problem.

164
164
article thumbnail

Sprint Exposed Customer Support Site to Web

Krebs on Security

Fresh on the heels of a disclosure that Microsoft Corp. leaked internal customer support data to the Internet, mobile provider Sprint has addressed a mix-up in which posts to a private customer support community were exposed to the Web. KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues w

article thumbnail

U.S. Department of Interior Grounding All Drones

Schneier on Security

The Department of Interior is grounding all non-emergency drones due to security concerns: The order comes amid a spate of warnings and bans at multiple government agencies, including the Department of Defense, about possible vulnerabilities in Chinese-made drone systems that could be allowing Beijing to conduct espionage. The Army banned the use of Chinese-made DJI drones three years ago following warnings from the Navy about "highly vulnerable" drone systems.

article thumbnail

Data Privacy: Top trends to watch in 2020

Tech Republic Security

Data privacy is an increasing concern for companies and individuals. Learn more about what's on the landscape for 2020.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to Keep Your Information Safe for Data Privacy Day 2020

Thales Cloud Protection & Licensing

January 28, 2020 marks the 13th iteration of Data Privacy Day. An extension of the celebration for Data Protection Day in Europe, Data Privacy Day functions as the signature event of the National Cyber Security Centre’s ongoing education and awareness efforts surrounding online privacy. Its aim is to foster dialogue around the importance of privacy.

article thumbnail

Cisco Webex flaw allows unauthenticated remote attackers to join private meetings

Security Affairs

Cisco addressed a vulnerability in Cisco Webex that could be exploited by a remote, unauthenticated attacker to join a protected video conference meeting. Cisco has addressed a high-severity flaw in the Cisco Webex video conferencing platform ( CVE-2020-3142) that could be exploited by a remote, unauthenticated attacker to enter a password-protected video conference meeting.

Mobile 143
article thumbnail

Collating Hacked Data Sets

Schneier on Security

Two Harvard undergraduates completed a project where they went out on the Dark Web and found a bunch of stolen datasets. Then they correlated all the information , and then combined it with additional, publicly available information. No surprise: the result was much more detailed and personal. "What we were able to do is alarming because we can now find vulnerabilities in people's online presence very quickly," Metropolitansky said.

Hacking 312
article thumbnail

Snowflake is the Linux SSH GUI you didn't know you needed

Tech Republic Security

Is a Linux SSH GUI in your future? Jack Wallen believes once you try Snowflake, there's no going back.

216
216
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Iranian Hackers Target U.S. Gov. Vendor With Malware

Threatpost

APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments.

Malware 108
article thumbnail

Over 200K WordPress sites potentially exposed to hack due to Code Snippets flaw

Security Affairs

Over 200K WordPress sites are exposed to attacks due to a high severity cross-site request forgery (CSRF) bug in Code Snippets plugin. A high severity cross-site request forgery (CSRF) bug, tracked as CVE-2020-8417 , in Code Snippets plugin could be exploited by attackers to take over WordPress sites running vulnerable versions of the Code Snippets plugin.

Hacking 134
article thumbnail

Smartphone Election in Washington State

Schneier on Security

This year : King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, they must verify their submissions and then submit a signature on the touch screen of their device.

Internet 311
article thumbnail

Security admins checklist: 10 tasks to perform every year

Tech Republic Security

Here are 10 important tasks security administrators should perform to keep devices protected and secure.

210
210
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks

Threatpost

New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks.

article thumbnail

For the second time in a few days, Greek Government websites hit by DDoS attacks

Security Affairs

The Greek government announced that a DDoS cyber attack hit the official state websites of the prime minister, the national police and fire service and several important ministries. Yesterday the Greek government announced that the official websites of the prime minister, the national police and fire service and several important ministries were hit by a DDoS cyberattack that took them down.

DDOS 145
article thumbnail

Google Receives Geofence Warrants

Schneier on Security

Sometimes it's hard to tell the corporate surveillance operations from the government ones: Google reportedly has a database called Sensorvault in which it stores location data for millions of devices going back almost a decade. The article is about geofence warrants , where the police go to companies like Google and ask for information about every device in a particular geographic area at a particular time.

article thumbnail

How to avoid the mistakes made in the UN data breach

Tech Republic Security

Falling prey to a hacker because it neglected to properly patch its systems, the United Nations also failed to publicly disclose the hack. Here's how your organization can avoid the same mistakes.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges

Threatpost

The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops.

article thumbnail

Chinese hackers exploited a Trend Micro antivirus zero-day used in Mitsubishi Electric hack

Security Affairs

Chinese hackers have exploited a zero-day vulnerability the Trend Micro OfficeScan antivirus in the recently disclosed hack of Mitsubishi Electric. According to ZDNet, the hackers involved in the attack against the Mitsubishi Electric have exploited a zero-day vulnerability in Trend Micro OfficeScan to infect company servers. This week, Mitsubishi Electric disclosed a security breach that might have exposed personal and confidential corporate data.

Antivirus 145
article thumbnail

Mark Warner Takes on Big Tech and Russian Spies

WIRED Threat Level

A former telecoms entrepreneur, the Virginia senator says that saving the industry (and democracy) might mean blowing up Big Tech as we know it.

100
100
article thumbnail

How to enable facial recognition in the BitWarden mobile password manager

Tech Republic Security

The latest version of the BitWarden Android client supports facial recognition. Find out how to enable it.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Account protections -- A Google Perspective

Elie

This talk provides a data driven analysis of how accounts get compromised. Then it provides an in-depth overview of the defense we found effective at Google to protect users from account compromise. In particular we will cover how to mitigate password reuse, build a risk aware login system, and how to setup an Advanced Protection Program to protect users at risk of targeted attacks.

article thumbnail

Fortinet removed hardcoded SSH keys and database backdoors from FortiSIEM

Security Affairs

The vendor Fortinet has finally released security patches to remove the hardcoded SSH keys in Fortinet SIEM appliances. Fortinet has finally released security updates to remove the hardcoded SSH keys in Fortinet SIEM appliances. Recently Andrew Klaus, a security specialist from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used by attackers to the FortiSIEM Supervisor. .

article thumbnail

Watch Out for Coronavirus Phishing Scams

WIRED Threat Level

At least one email campaign is preying on fears by claiming to offer info about the Wuhan coronavirus.

Scams 117
article thumbnail

How organizations should handle data breaches

Tech Republic Security

How an organization handles a breach can be just as critical as protecting against one, according to Security.org.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.