Sat.Apr 13, 2019 - Fri.Apr 19, 2019

article thumbnail

How Not to Acknowledge a Data Breach

Krebs on Security

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.

article thumbnail

China Spying on Undersea Internet Cables

Schneier on Security

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony networks globally, has gone to sea. Under its Huawei Marine Networks component, it is constructing or improving nearly 100 submarine cables around the world.

Internet 273
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Facebook Acknowledges “Unintentional” Harvesting of Email Contacts

Adam Levin

Facebook announced that it “unintentionally” harvested the email contacts of 1.5 million of its users without their consent. The social media company automatically uploaded the information from users who had registered with the site after 2016 and provided their email addresses and passwords. Upon submitting a form to “confirm” their accounts, registrants saw a screen showing that their email contact lists were harvested without any means of providing consent, opting out, or interrupting the pro

Passwords 205
article thumbnail

MY TAKE: Most companies blissfully ignorant of rising attacks on most-used endpoint: mobile devices

The Last Watchdog

A dozen years after Apple launched the first iPhone, igniting the smartphone market, the Bring Your Own Device to work phenomenon is alive and well. Related: Stopping mobile device exploits. The security issues posed by BYOD are as complex and difficult to address as ever. Meanwhile, the pressure for companies to proactively address mobile security is mounting from two quarters.

Mobile 183
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Experts: Breach at IT Outsourcing Giant Wipro

Krebs on Security

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

Insurance 270
article thumbnail

New DNS Hijacking Attacks

Schneier on Security

DNS hijacking isn't new, but this seems to be an attack of uprecidented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like.co.uk or.ru that end a foreign web address -- putting all the traffic of every domain in multiple co

DNS 267

More Trending

article thumbnail

NYC Wireless Network Outage Raises Questions About Effectiveness, Transparency

Adam Levin

A technical glitch took down a wireless network used by New York City’s municipal government, raising serious questions about security and reliability of operational technology used by the city. The New York City Wireless Network, or NYCWiN, was initially deployed in 2008 at a cost of $500 million. It costs the city an additional $37 million per year to maintain.

Wireless 140
article thumbnail

‘Land Lordz’ Service Powers Airbnb Scams

Krebs on Security

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site that helps him manage more than

Scams 249
article thumbnail

Vulnerabilities in the WPA3 Wi-Fi Security Protocol

Schneier on Security

Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly handshake of WPA3, which in the Wi-Fi standard is better known as the Simultaneous Authentication of Equals (SAE) handshake.

Passwords 266
article thumbnail

Q&A: Researchers find evidence of emerging market for stolen, spoofed machine identities

The Last Watchdog

It’s edifying what you can find shopping in the nether reaches of the dark web. Related: Why government encryption backdoors should never be normalized. Academic researchers from Georgia State University in the U.S. and the University of Surrey in the U.K. recently teamed up and found evidence of an emerging market for stolen and spoofed machine identities.

Marketing 133
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A Mystery Agent Is Doxing Iran's Hackers and Dumping Their Code

WIRED Threat Level

Iranian intelligence seems to be getting its own taste of a Shadow Brokers-style leak of secrets.

Hacking 111
article thumbnail

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro , India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant , new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.

Retail 216
article thumbnail

A "Department of Cybersecurity"

Schneier on Security

Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wrong. In Click Here to Kill Everybody , I outline a strawman proposal; I call it the "National Cyber Office" and model it on the Office of the Director of National Intelligence.

article thumbnail

Q&A: How AI, digital transformation are shaking up revenue management in high tech, life sciences

The Last Watchdog

A recent poll of some 300 senior executives from U.S.-based life sciences and high-tech manufacturing companies sheds light on how digital transformation – and the rising role of third-party partners – have combined to create unprecedented operational challenges in the brave new world of digital commerce. Related: AI one-upsmanship prevails in antivirus field.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Source code of tools used by OilRig APT leaked on Telegram

Security Affairs

Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig , APT34 , and HelixKitten. OilRig is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical

article thumbnail

Marcus “MalwareTech” Hutchins Pleads Guilty to Writing, Selling Banking Malware

Krebs on Security

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry worm.

Banking 207
article thumbnail

Iranian Cyberespionage Tools Leaked Online

Schneier on Security

The source code of a set of Iranian cyberespionage tools was leaked online.

Hacking 233
article thumbnail

NEW TECH: Brinqa takes a ‘graph database’ approach to vulnerability management, app security

The Last Watchdog

Imposing just the right touch of policies and procedures towards mitigating cyber risks is a core challenge facing any company caught up in digital transformation. Related: Data breaches fuel fledgling cyber insurance market. Enterprises, especially, tend to be methodical and plodding. Digital transformation is all about high-velocity innovation and on-the-fly change.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

Security Affairs

Other problems for Facebook that admitted to have stored m illions of Instagram users’ passwords in plaintext. Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission. In March, Facebook admitted to have stored the passwords of hundreds of millions of users in plain text, including “tens of thousands” passwords belong

Passwords 111
article thumbnail

Microsoft Email Hack Shows the Lurking Danger of Customer Support

WIRED Threat Level

Hackers spent months with full access to Outlook, Hotmail, and MSN email accounts—and got in through Microsoft's customer support platform.

Hacking 111
article thumbnail

More on the Triton Malware

Schneier on Security

FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good -- but older -- article on Triton. We don't know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations. Fireeye report. BoingBoing post.

Malware 213
article thumbnail

Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug

Threatpost

The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.

Mobile 108
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ecuador suffered 40 Million Cyber attacks after the Julian Assange arrest

Security Affairs

Ecuador suffered 40 million cyber attacks on websites of public institutions since the arrest of Wikileaks founder Julian Assange. Last week, WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London. after Ecuador withdrew asylum after seven years. In response to the arrest acktivist communities launched several attacks against the Ecuador government.

article thumbnail

Cyberspies Hijacked the Internet Domains of Entire Countries

WIRED Threat Level

A mysterious new group called Sea Turtle targeted 40 organizations in a DNS hijacking spree.

Internet 108
article thumbnail

7 Tips for an Effective Employee Security Awareness Program

Dark Reading

Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.

article thumbnail

Weather Channel Knocked Off-Air in Dangerous Precedent

Threatpost

The incident was the work of malicious cyberattackers.

Hacking 105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

A new DDoS technique abuses HTML5 Hyperlink Audit Ping in massive attacks

Security Affairs

Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature. The DDoS attack peaked at a massive 7,500 requests per second and delivered more than 70 million requests over a four-hour period from around 4,000 user IPs. “We recently investigated a DDoS attack which was generated

DDOS 112
article thumbnail

The Mueller Report Is Out. Here's Where You Can Read It

WIRED Threat Level

Attorney general William Barr has released the redacted Mueller report to Congress. You can read all 300-plus pages of it right here.

86
article thumbnail

Data on Thousands of Law Enforcement Personnel Exposed in Breach

Dark Reading

Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.

98
article thumbnail

How to Conduct a Vulnerability Assessment: 5 Steps toward Better Cybersecurity

eSecurity Planet

A vulnerability assessment is a core requirement for IT security. We outline the benefits and steps for keeping your network and data safe.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!