Krebs on Security

AUGUST 16, 2018

An entrepreneur and virtual currency investor is suing AT&T for $224 million, claiming the wireless provider was negligent when it failed to prevent thieves from hijacking his mobile account and stealing millions of dollars in cryptocurrencies. Increasingly frequent, high-profile attacks like these are prompting some experts to say the surest way to safeguard one’s online accounts may be to disconnect them from the mobile providers entirely.

Mobile 244

Mobile Cryptocurrency Accountability Authentication 244

The Last Watchdog

AUGUST 15, 2018

In a move to blanket the Internet with encrypted website traffic, Google is moving forward with its insistence that straggling website publishers adopt HTTPS Secure Sockets Layer (SSL). Related: How PKI can secure IoT. Google’s Chrome web browser commands a 60% market share. So the search giant has been leading the push to get 100% of websites to jettison HTTP and replace it with HTTPS.

Internet 203

Internet Internet Encryption Authentication 203

Schneier on Security

AUGUST 15, 2018

Suprising no one, the security of police bodycams is terrible. Mitchell even realized that because he can remotely access device storage on models like the Fire Cam OnCall, an attacker could potentially plant malware on some of the cameras. Then, when the camera connects to a PC for syncing, it could deliver all sorts of malicious code: a Windows exploit that could ultimately allow an attacker to gain remote access to the police network, ransomware to spread across the network and lock everythin

Hacking 144

Hacking Cryptocurrency Ransomware Malware 144

Adam Levin

AUGUST 13, 2018

Security researchers at the recent Black Hat and Def Con security conferences in Las Vegas have placed malware on pacemakers as a proof-of-concept hack to highlight the potential for security vulnerabilities in IoT-enabled medical devices. Another separate demonstration revealed that patients’ vital signs could be falsified in real time. The malware attack on IoT medical devices made it possible for a hacker to deliver shocks to a target’s heart via an unencrypted connection, and as such represe

IoT 124

IoT Encryption Hacking Manufacturing 124

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

AUGUST 12, 2018

The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours. “The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine

Banking 226

Banking Accountability Retail Phishing 226

The Last Watchdog

AUGUST 17, 2018

No one in cybersecurity refers to “antivirus” protection any more. The technology that corrals malicious software circulating through desktop PCs, laptops and mobile devices has evolved into a multi-layered security technology referred to as ‘endpoint security.’. This designation change unfolded a few years back. It was a reflection of attackers moving to take full advantage of the fresh attack vectors cropping up as companies retooled their legacy networks – comprised of ‘on-premises’ servers a

Antivirus 174

Antivirus Digital transformation Social Engineering Technology 174

Troy Hunt

AUGUST 17, 2018

Made it to 100! And by pure coincidence, it aligned with the week where I've tuned out more than I ever have since gaining my independence which means there's really not much to talk about. But I did want to share a little about the snow in Australia (turns out it's not all beaches) and some thoughts on gov initiatives in the news following my time with the Australia Cyber Security Centre in Canberra last week.

111

111

Krebs on Security

AUGUST 15, 2018

Adobe and Microsoft each released security updates for their software on Tuesday. Adobe plugged five security holes in its Flash Player browser plugin. Microsoft pushed 17 updates to fix at least 60 vulnerabilities in Windows and other software, including two “ zero-day ” flaws that attackers were already exploiting before Microsoft issued patches to fix them.

Backups 119

Backups Software Internet Internet 119

Adam Shostack

AUGUST 13, 2018

The slides from my Blackhat talk, “ Threat Modeling in 2018: Attacks, Impacts and Other Updates ” are now available either as a PDF or online viewer.

113

113

Schneier on Security

AUGUST 14, 2018

Google is tracking you, even if you turn off tracking : Google says that will prevent the company from remembering where you've been. Google's support page on the subject states: "You can turn off Location History at any time. With Location History off, the places you go are no longer stored." That isn't true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

Surveillance 120

Surveillance Internet Internet Accountability 120

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

AUGUST 15, 2018

It’s long been known that organizations need to exercise extreme caution when jettisoning old office equipment, especially if it has built-in memory—and that it’s even more crucial to bear in mind that hackers can utilize digital or carbon-based memory. An Israeli-based company recently found another way older communication devices—and new versions of older technology—provide hackers entree into office networks—in this case an all-in-one, network-connected device that faxes, scans and copies.

CISO 106

CISO Healthcare Banking Malware 106

Thales Cloud Protection & Licensing

AUGUST 17, 2018

In this blog, I will present a new and efficient approach to reconciling security vulnerabilities and FIPS 140 security certifications, led by Thales eSecurity in collaboration with NIST/CMVP and FIPS 140 evaluation laboratories. A quick and efficient patch also needs a quick and efficient certification. To maintain security over a product’s lifetime, it is a best practice for companies to implement a vulnerability management process.

Manufacturing 86

Manufacturing Software Risk 86

Adam Shostack

AUGUST 13, 2018

I remember an interview I read with Ahmet Ertegün, the founder of Atlantic Records. He was talking about Aretha, and he said that one of his producers came in, saying that she wasn’t measuring up. He asked the producer what was up, and was told that they were trying to get her to sing like the other successful soul singers, and it wasn’t working out.

100

100

Schneier on Security

AUGUST 13, 2018

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found that code, like other forms of stylistic expression, are not anonymous.

Hacking 110

Hacking 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Adam Levin

AUGUST 17, 2018

A 16-year old private school student in Australia has pleaded guilty to hacking Apple’s network multiple times, downloading over 90GB of secure data from Apple for an entire year. His excuse? He’s a fan of Apple. The Melbourne teenager admitted to hacking Apple’s network multiple times from his suburban home using tools stored in a folder named as “Hacky hack hack”, local media The Age reported.

Hacking 100

Hacking VPN Accountability Mobile 100

WIRED Threat Level

AUGUST 13, 2018

A new report shows that Google still tracks your location even if you thought you opted out.

110

110

Dark Reading

AUGUST 17, 2018

Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

Malware 76

Malware 76

Security Affairs

AUGUST 17, 2018

The security researcher Sam Thomas from Secarma, has discovered a new attack technique that leverages critical deserialization vulnerabilities in PHP programming language. The flaws potentially expose web applications written in the popular language to cyber attacks, including websites running CMSs like WordPress and Typo3. The expert discovered that an attacker can use low-risk functions against Phar archives to trigger deserialization attack without requiring the use of unserialize() functio

Advertising 75

Advertising Hacking Cyber Attacks Media 75

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

AUGUST 14, 2018

The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.

VPN 58

VPN Encryption Internet Internet 58

WIRED Threat Level

AUGUST 16, 2018

A band of activist-entrepreneurs is building a sensor network to warn when and where air strikes will hit—a constant threat under Bashar al-Assad's regime.

76

76

Thales Cloud Protection & Licensing

AUGUST 16, 2018

On May 16, the Department of Homeland Security (DHS) released a new cybersecurity strategy to keep pace with the evolving cyber risk landscape. As we inch closer to the mid-term elections in November, I wanted to share what I hope (expect) to see as part of this strategy going forward. A wide scope of topics – With any cybersecurity strategy, it is important to ensure all stakeholders, pieces and potential battlefronts are included in the scope and that it is understandable to everyone.

Cybersecurity 54

Cybersecurity Cyber Risk Manufacturing IoT 54

Security Affairs

AUGUST 16, 2018

SAP released security notes for August 2018 that address dozens patches, the good news is that there aren’t critical vulnerabilities. SAP issues 27 Security Notes, including 14 Patch Day Notes and 13 Support Package Notes. Seven notes are related to previously published patches. “On 14th of August 2018, SAP Security Patch Day saw the release of 12 Security Notes.

Advertising 80

Advertising Risk 80

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

AUGUST 14, 2018

This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.

Authentication 67

Authentication Phishing 67

WIRED Threat Level

AUGUST 13, 2018

A new study found that just 42,000 of those hacked home devices could be enough to leave a country of 38 million people in the dark.

Hacking 73

Hacking 73

eSecurity Planet

AUGUST 15, 2018

An analysis of the strengths and weaknesses of Fortinet's and Palo Alto's next-generation firewall offerings.

Firewall 63

Firewall 63

Security Affairs

AUGUST 11, 2018

UpGuard discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems. Experts at cybersecurity firm UpGuard have reported that another big company was victim of a data leak, it is the domain name registrar and web hosting company GoDaddy. The popular UpGuard’s risk analyst Chris Vickery discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems. R

Advertising 75

Advertising Cyber Risk Risk Accountability 75

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

AUGUST 11, 2018

LAS VEGAS – In recent years there has been more attention paid to the security of medical devices; however, there has been little security research done on the unique protocols used by these devices. Many of the insulin pumps, heart monitors and other gadgets found in hospital rooms use aging protocol to communicate with nurses’ […].

Hacking 55

Hacking 55

WIRED Threat Level

AUGUST 11, 2018

Analysis of five body camera models marketed to police departments details vulnerabilities could let a hacker manipulate footage.

Hacking 74

Hacking Marketing 74

Privacy and Cybersecurity Law

AUGUST 15, 2018

The ICO have been discussing data breach reporting under GDPR in a new webinar. Here are the key points: GDPR […].

Data breaches 52

Data breaches 52

Security Affairs

AUGUST 14, 2018

According to the AP, many Google services on both Android and iPhone store records of user location even if the users have disabled the “Location History” According to a recent investigation conducted by the Associated Press, many Google services on both Android and iPhone devices store records of user location data, and the bad news is that they do it even if the users have disabled the “Location History” on devices.

Advertising 77

Advertising Marketing Accountability Software 77

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity