Sat.Aug 11, 2018 - Fri.Aug 17, 2018

article thumbnail

Hanging Up on Mobile in the Name of Security

Krebs on Security

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

Mobile 249
article thumbnail

Q&A: Here’s how Google’s labeling HTTP websites “Not Secure” will strengthen the Internet

The Last Watchdog

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

Internet 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hacking Police Bodycams

Schneier on Security

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everythin

Hacking 151
article thumbnail

Medtronic Devices Fatal Flaw? Hackers Demonstrate New Attacks

Adam Levin

Security researchers at the recent Black Hat and Def Con security conferences in Las Vegas have placed malware on pacemakers as a proof-of-concept hack to highlight the potential for security vulnerabilities in IoT-enabled medical devices. Another separate demonstration revealed that patients’ vital signs could be falsified in real time. The malware attack on IoT medical devices made it possible for a hacker to deliver shocks to a target’s heart via an unencrypted connection, and as such represe

IoT 124
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

FBI Warns of ‘Unlimited’ ATM Cashout Blitz

Krebs on Security

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine

Banking 236
article thumbnail

MY TAKE: The back story on the convergence, continuing evolution of endpoint security

The Last Watchdog

No one in cybersecurity refers to “antivirus” protection any more. The technology that corrals malicious software circulating through desktop PCs, laptops and mobile devices has evolved into a multi-layered security technology referred to as ‘endpoint security.’. This designation change unfolded a few years back. It was a reflection of attackers moving to take full advantage of the fresh attack vectors cropping up as companies retooled their legacy networks – comprised of ‘on-premises’ servers a

Antivirus 174

More Trending

article thumbnail

Threat Modeling in 2018: Attacks, Impacts and Other Updates

Adam Shostack

The slides from my Blackhat talk, “ Threat Modeling in 2018: Attacks, Impacts and Other Updates ” are now available either as a PDF or online viewer.

113
113
article thumbnail

Patch Tuesday, August 2018 Edition

Krebs on Security

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “ zero-day ” flaws that attackers were already exploiting before Microsoft issued patches to fix them.

Backups 121
article thumbnail

How to Stop Google From Tracking Your Location

WIRED Threat Level

A new report shows that Google still tracks your location even if you thought you opted out.

111
111
article thumbnail

Google Tracks its Users Even if They Opt-Out of Tracking

Schneier on Security

Google is tracking you, even if you turn off tracking : Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Weekly Update 100

Troy Hunt

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.

111
111
article thumbnail

Check Your Fax: Hackers Find New Entry to Networks

Adam Levin

It’s long been known that organizations need to exercise extreme caution when jettisoning old office equipment, especially if it has built-in memory—and that it’s even more crucial to bear in mind that hackers can utilize digital or carbon-based memory. An Israeli-based company recently found another way older communication devices—and new versions of older technology—provide hackers entree into office networks—in this case an all-in-one, network-connected device that faxes, scans and copies.

CISO 106
article thumbnail

Aretha Franklin

Adam Shostack

I remember an interview I read with Ahmet Ertegün, the founder of Atlantic Records. He was talking about Aretha, and he said that one of his producers came in, saying that she wasn’t measuring up. He asked the producer what was up, and was told that they were trying to get her to sing like the other successful soul singers, and it wasn’t working out.

100
100
article thumbnail

Identifying Programmers by their Coding Style

Schneier on Security

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous.

Hacking 112
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

SAP Security Notes August 2018, watch out for SQL Injection

Security Affairs

SAP released security notes for August 2018 that address dozens patches, the good news is that there aren’t critical vulnerabilities. SAP issues 27 Security Notes, including 14 Patch Day Notes and 13 Support Package Notes. Seven notes are related to previously published patches. “On 14th of August 2018, SAP Security Patch Day saw the release of 12 Security Notes.

article thumbnail

FBI Investigates Case of Australian Teenage Student Hacking Apple

Adam Levin

A 16-year old private school student in Australia has pleaded guilty to hacking Apple’s network multiple times, downloading over 90GB of secure data from Apple for an entire year. His excuse? He’s a fan of Apple. The Melbourne teenager admitted to hacking Apple’s network multiple times from his suburban home using tools stored in a folder named as “Hacky hack hack”, local media The Age reported.

Hacking 100
article thumbnail

Police Bodycams Can Be Hacked to Doctor Footage

WIRED Threat Level

Analysis of five body camera models marketed to police departments details vulnerabilities could let a hacker manipulate footage.

Hacking 87
article thumbnail

Reconciling vulnerability responses within FIPS 140 security certifications

Thales Cloud Protection & Licensing

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories. A quick and efficient patch also needs a quick and efficient certification. To maintain security over a product’s lifetime, it is a best practice for companies to implement a vulnerability management process.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Google tracks users’ movements even if they have disabled the “Location History” on devices

Security Affairs

According to the AP, many Google services on both Android and iPhone store records of user location even if the users have disabled the “Location History” According to a recent investigation conducted by the Associated Press, many Google services on both Android and iPhone devices store records of user location data, and the bad news is that they do it even if the users have disabled the “Location History” on devices.

article thumbnail

The 5 Challenges of Detecting Fileless Malware Attacks

Dark Reading

Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

Malware 76
article thumbnail

Fax Machines Are Still Everywhere, and Wildly Insecure

WIRED Threat Level

Researchers have demonstrated that sending a single malicious fax is all it takes to break into a network.

82
article thumbnail

Microsoft Flaw Allows Full Multi-Factor Authentication Bypass

Threatpost

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Piping botnet: Researchers warns of possible cyberattacks against urban water services

Security Affairs

Piping botnet – Israeli researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously.

IoT 84
article thumbnail

Hacker Unlocks 'God Mode' and Shares the 'Key'

Dark Reading

A researcher proves that it's possible to break the most fundamental security on some CPUs.

63
article thumbnail

Saving Lives With Tech Amid Syria’s Endless Civil War

WIRED Threat Level

A band of activist-entrepreneurs is building a sensor network to warn when and where air strikes will hit—a constant threat under Bashar al-Assad's regime.

79
article thumbnail

BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?

Threatpost

In testing, an Internet of Things (IoT) botnet of large, power-consuming appliances was used to carry out coordinated attacks on the energy grid.

IoT 61
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Faxploit – Critical flaws potentially exposes millions of HP OfficeJet Printers to hack

Security Affairs

A vulnerability in HP OfficeJet all-in-one inkjet printer can be exploited by attackers to gain control of the printer and use it as entry point into the network environment. A critical vulnerability potentially exposes millions of HP OfficeJet printers to hack, according to the experts at Check Point the attackers only need to send a fax to the vulnerable printers.

Hacking 77
article thumbnail

The Data Security Landscape Is Shifting: Is Your Company Prepared?

Dark Reading

New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.

55
article thumbnail

'Foreshadow' Flaw Undermines the Intel CPU Secure Enclave

WIRED Threat Level

In the spirit of Meltdown and Spectre, a new vulnerability called Foreshadow could expose Intel's secure enclave to attack.

78
article thumbnail

Microsoft Cortana Flaw Allows Web Browsing on Locked PCs

Threatpost

The tricky Cortana flaw, CVE-2018-8253, was addressed by Microsoft during Patch Tuesday.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!