Adam Levin

APRIL 9, 2019

Israeli cybersecurity researchers have created malware capable of showing fake cancerous growths on CT and MRI scans. The malware, called CT-GAN, served as a proof of concept to show the potential for hacking medical devices with fake medical news that was convincing enough to fool medical technicians. In a video demonstrating the exploit, researchers at Ben Gurion University described how such an attack might be deployed.

Malware 254

Malware Healthcare Technology Ransomware 254

Schneier on Security

APRIL 12, 2019

In what I am sure is only a first in many similar demonstrations, researchers are able to add or remove cancer signs from CT scans. The results easily fool radiologists. I don't think the medical device industry has thought at all about data integrity and authentication issues. In a world where sensor data of all kinds is undetectably manipulatable, they're going to have to start.

Authentication 246

Authentication Hacking 246

Krebs on Security

APRIL 11, 2019

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. The company announced that all phones running Android 7.0 and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. As first disclosed by KrebsOnSecurity last summer , Google maintains it has not had any of its 85,000+ employees successfully phished on their work-related acco

Mobile 242

Mobile Authentication Passwords Accountability 242

Troy Hunt

APRIL 12, 2019

That's the second update in a row I've done on time! It's also another one with a bunch of other things in common with last week, namely commentary on yet more data breaches. It's not just the breaches in HIBP, but the ones I'm busily trying to disclose. This is really sucking a lot of time right now and frankly, well, I summed it up here earlier in the week: Currently going through the process with 4 breach disclosures. 3 of them I just can’t get a response from and the one I can really doesn’t

Data breaches 156

Data breaches 156

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Levin

APRIL 10, 2019

A security analysis of 30 major banking and financial apps has shown major security holes and a lax approach to protecting user data. The analysis was conducted by the Aite Group, which looked at mobile apps in eight categories: retail banking, credit cards, mobile payment, healthcare savings, retail finance, health insurance, auto insurance and cryptocurrency.

Banking 187

Banking Retail Insurance Mobile 187

Schneier on Security

APRIL 10, 2019

Interesting scheme : It all starts off with a fairly bog standard gallery style certificate. Details of the work, the authenticating agency, a bit of embossing and a large impressive signature at the bottom. Exactly the sort of things that can be easily copied by someone on a mission to create the perfect fake. That torn-in-half banknote though? Never mind signatures, embossing or wax seals.

Authentication 245

Authentication 245

The Last Watchdog

APRIL 10, 2019

As long as cyber attacks continue, financial institutions will remain a prime target, for obvious reasons. Related: OneSpan’s rebranding launch. Outside of giants JP Morgan, Bank of America, Citigroup, Wells Fargo and U.S. Bancorp, the remainder of the more than 10,000 U.S. firms are comprised of community banks and regional credit unions. These smaller institutions, much like the giants, are hustling to expand mobile banking services.

Banking 147

Banking Mobile Accountability Artificial Intelligence 147

Adam Shostack

APRIL 10, 2019

The White Box , and its accompanying book, “The White Box Essays” are a FANTASTIC resource, and I wish I’d had them available to me as I designed Elevation of Privilege and helped with Control-Alt-Hack. The book is for people who want to make games, and it does a lovely job of teaching you how, including things like the relationship between story and mechanics, the role of luck, how the physical elements teach the players, and the tradeoffs that you as a designer make as you de

Marketing 113

Marketing Hacking 113

Schneier on Security

APRIL 11, 2019

Kaspersky has released details about a sophisticated nation-state spyware it calls TajMahal: The TajMahal framework's 80 modules, Shulmin says, comprise not only the typical keylogging and screengrabbing features of spyware, but also never-before-seen and obscure tricks. It can intercept documents in a printer queue, and keep track of "files of interest," automatically stealing them if a USB drive is inserted into the infected machine.

Spyware 239

Spyware Malware 239

Krebs on Security

APRIL 9, 2019

Microsoft today released fifteen software updates to fix more than 70 unique security vulnerabilities in various flavors of its Windows operating systems and supported software, including at least two zero-day bugs. These patches apply to Windows , Internet Explorer (IE) and Edge browsers, Office, Sharepoint and Exchange. Separately, Adobe has issued security updates for Acrobat/Reader and Flash Player.

Internet 226

Internet Internet Software Backups 226

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

APRIL 12, 2019

The central dilemma posed by digital transformation is this: How do companies reap the benefits of high-velocity software development without creating onerous security exposures? Related: Golden Age of cyber spying dawns. The best practices standards and protocols to pull off this delicate balancing act have been thoroughly vetted and are readily available.

Digital transformation 140

Digital transformation Marketing Architecture Technology 140

Adam Shostack

APRIL 8, 2019

When Andrew and I wrote The New School, and talked about the need to learn from other professions, we didn’t mean for doctors to learn from ‘cybersecurity thought leaders’ about hiding their problems: …Only one organism grew back. C. auris. It was spreading, but word of it was not. The hospital, a specialty lung and heart center that draws wealthy patients from the Middle East and around Europe, alerted the British government and told infected patients, but made no public

Government 113

Government Cybersecurity Risk 113

Schneier on Security

APRIL 12, 2019

Flame was discovered in 2012, linked to Stuxnet, and believed to be American in origin. It has recently been linked to more modern malware through new analysis tools that find linkages between different software. Seems that Flame did not disappear after it was discovered, as was previously thought. (Its controllers used a kill switch to disable and erase it.

Malware 227

Malware Software 227

Security Affairs

APRIL 6, 2019

A vulnerability could be exploited by attackers to trigger a denial-of-service ( DoS ) condition on devices running RouterOS. MikroTik routers made the headlines again, the company disclosed this week technical details about a year-old vulnerability that exposes the device to remote attacks. Attackers could exploit the vulnerability to trigger a denial-of-service (DoS) condition on devices running RouterOS. “ RouterOS contained several IPv6 related resource exhaustion issues, that have now

Advertising 111

Advertising Risk Internet Internet 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

APRIL 11, 2019

Digital transformation is all about high-velocity innovation. But velocity cuts two ways. Related: Obsolescence creeps into perimeter defenses. Yes, the rapid integration of digital technologies into all aspects of commerce has enabled wonderful new services. But it has also translated into an exponential expansion of the attack surface available to cyber criminals.

Digital transformation 133

Digital transformation Adware Technology Software 133

WIRED Threat Level

APRIL 9, 2019

The TajMahal spyware includes more than 80 distinct spy tools, and went undetected for five years.

Spyware 111

Spyware Hacking 111

Schneier on Security

APRIL 8, 2019

Last month, the NSA released Ghidra , a software reverse-engineering tool. Early reactions are uniformly positive. Three news articles.

Engineering 226

Engineering Software Cybersecurity 226

Security Affairs

APRIL 6, 2019

Currently of 300,000+ Magento stores, the vast majority of the installs is still running vulnerable versions of the popular content management system. The problem with patches is that sometimes they fix something and sometimes they break something. Sounds strange, right? Well, let us explain ourselves. See, PRODSECBUG-2198 is a security patch for Magento that fixes a number of critical holes in Magento security.

B2B 111

B2B Accountability Advertising Hacking 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

APRIL 11, 2019

It was in 2012 that CRITICAL START burst onto the Managed Security Service Provider (MSSP) scene with bold intentions. Related: How SMBs can leverage threat intelligence. The Plano, TX-based company sought to elevate the “MSSP” space high above the accepted standard at the time. It set out to do this by delivering security services based on Zero-Trust and that also provided radical transparency to its customers.

Accountability 113

Accountability Engineering Internet Internet 113

WIRED Threat Level

APRIL 11, 2019

WikiLeaks founder Julian Assange has been arrested, and now faces extradition to the United States. But not for leaking classified information.

Hacking 111

Hacking 111

Dark Reading

APRIL 12, 2019

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.

VPN 110

VPN 110

Security Affairs

APRIL 10, 2019

Palo Alto Networks researchers discovered a new variant of the Mirai malware that is targeting more processor architectures than previous ones. Mirai botnet continues to be one of the most dangerous malware in the threat landscape, experts at Palo Alto Networks discovered a new variant that targets more processor architectures than before. Mirai malware first appeared in the wild in 2016 when the expert MalwareMustDie discovered it in massive attacks aimed at Internet of Things (IoT) devices. w

Architecture 111

Architecture DDOS IoT Internet 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Adam Shostack

APRIL 9, 2019

There’s an interesting article in Bentham’s Gaze, “ Science ‘of’ or ‘for’ security? ” It usefully teases apart some concepts, and, yes, it probably is consistent with the New School.

100

100

WIRED Threat Level

APRIL 7, 2019

Believe it or not, the robocall crisis has stabilized. But like email spam, it's never going to go away entirely.

106

106

Dark Reading

APRIL 12, 2019

These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.

106

106

Security Affairs

APRIL 12, 2019

At least four VPN apps sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC). Virtual private networks (VPNs) are affordable, easy to use, and a vital component in your system. Along with many security features, it ensure the user’s privacy and security. People use VPNs for several reasons, and one of the main reason is security and privacy, as it is used to create a secure, encrypted connection between

VPN 111

VPN Marketing Authentication Small Business 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Adam Shostack

APRIL 6, 2019

Congratulations to the Hayabusa2 mission team, who flew to an asteroid, dropped multiple rovers, an impactor and a separate camera satellite to observe the impactor. The Hayabusa2 then flew around, to the far side of the asteroid to avoid ejecta from the impactor. In a few weeks, Hayabusa2 will probably land, collect more samples and then fly back to Earth.

Engineering 100

Engineering 100

WIRED Threat Level

APRIL 11, 2019

A leadership void at DHS means the White House is calling the shots where it wants to, cybersecurity experts warn, and other agencies can muscle in where it won’t.

Cybersecurity 106

Cybersecurity 106

Dark Reading

APRIL 12, 2019

VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.

VPN 103

VPN 103

Security Affairs

APRIL 8, 2019

Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a recent Roaming Mantis campaign. Security experts at Kaspersky Lab reported that hundreds of users have been targeted with malware over the past month as part of a new campaign associated with Roaming Mantis gang. Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites.

DNS 111

DNS Mobile Phishing Malware 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity