Sat.Dec 07, 2019 - Fri.Dec 13, 2019

article thumbnail

Ransomware at Colorado IT Provider Affects 100+ Dental Offices

Krebs on Security

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack this week that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned. Multiple sources affected say their IT provider, Englewood, Colo. based Complete Technology Solutions (CTS), was hacked, allowing a potent strain of ransomware known as “Sodinokibi” or “rEvil” to be installed on computers at more than 100 dentistry businesses

article thumbnail

City of Pensacola Hit By Cyberattack Following Shooting

Adam Levin

Pensacola, FL was hit by a cyberattack in the wake of what has been described as a terrorist shooting. “The city of Pensacola is experiencing a cyberattack that began this weekend that is impacting our city network, including phones and email at City Hall and some of our other buildings,” said Mayor Grover Robinson. . The cyberattack began early Saturday morning days after a shooting at the nearby Pensacola Naval Air Station that left four dead and eight wounded.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: Why it’s now crucial to preserve PKI, digital certificates as the core of Internet security

The Last Watchdog

For decades, the cornerstone of IT security has been Public Key Infrastructure, or PKI , a system that allows you to encrypt and sign data, issuing digital certificates that authenticate the identity of users. Related: How PKI could secure the Internet of Things If that sounds too complicated to grasp, take a look at the web address for the home page of this website.

Internet 160
article thumbnail

EFF on the Mechanics of Corporate Surveillance

Schneier on Security

EFF has published a comprehensible and very readable "deep dive" into the technologies of corporate surveillance, both on the Internet and off. Well worth reading and sharing. Boing Boing post.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Great $50M African IP Address Heist

Krebs on Security

A top executive at the nonprofit entity responsible for doling out chunks of Internet addresses to businesses and other organizations in Africa has resigned his post following accusations that he secretly operated several companies which sold tens of millions of dollars worth of the increasingly scarce resource to online marketers. The allegations stemmed from a three-year investigation by a U.S.

Internet 195
article thumbnail

Data Leak Exposes Birth Certificate Info of 750k

Adam Levin

The personal data of more than 752,000 applicants filed to obtain copies of birth and death certificates was found on an unprotected Amazon Web Services database. . The leaked data has been tracked back to a company that provides the online request forms for copies of birth and death certificates to state governments. States contracting with the company include California, New York, and Texas.

Passwords 153

More Trending

article thumbnail

Weekly Update 169

Troy Hunt

I recorded this right before heading out for my final conference talk of the year at YOW! Melbourne where I was due to do the closing keynote of the event. That's now done, questions answered and beers drunk and I left the event feeling great. One of the things I get the most pleasure out of at conferences is hanging around talking to people so a big thanks to everyone who made the time today to stay back on a Friday evening and cap a very busy year of conferences off in this fashion.

DNS 142
article thumbnail

Patch Tuesday, December 2019 Edition

Krebs on Security

Microsoft today released updates to plug three dozen security holes in its Windows operating system and other software. The patches include fixes for seven critical bugs — those that can be exploited by malware or miscreants to take control over a Windows system with no help from users — as well as another flaw in most versions of Windows that is already being exploited in active attacks.

Backups 152
article thumbnail

This Alleged Bitcoin Scam Looked a Lot Like a Pyramid Scheme

WIRED Threat Level

Five men face federal charges of bilking investors of $722 million by inviting them to buy shares in bitcoin mining pools. .

Scams 141
article thumbnail

63% of organizations face security breaches due to hardware vulnerabilities

Tech Republic Security

While hardware-level attacks are high, only 59% of companies have implemented a hardware security strategy, Dell and Forrester found.

138
138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Weekly Update 168

Troy Hunt

I'm presently on the YOW! conference tour which means doing the same keynote three times over in Sydney, Brisbane and Melbourne. It's my first time back at YOW! since 2015 and it's always a nice way to wrap up the year, especially the Brisbane leg I'm on at the moment in my home state. That's kept me busy, but it's some tweets last week that have kept me entertained so I'm talking about those as well as some reflections on what is now 6 years of running HIBP.

article thumbnail

CISO Magazine Honors KrebsOnSecurity

Krebs on Security

CISO Magazine , a publication dedicated to covering issues near and dear to corporate chief information security officers everywhere, has graciously awarded this author the designation of “ Cybersecurity Person of the Year ” in its December 2019 issue. KrebsOnSecurity is grateful for the unexpected honor. But I can definitely think of quite a few people who are far more deserving of this title.

CISO 143
article thumbnail

Extracting Data from Smartphones

Schneier on Security

Privacy International has published a detailed, technical examination of how data is extracted from smartphones.

Hacking 134
article thumbnail

How to protect your organization against the Snatch ransomware threat

Tech Republic Security

Discovered and analyzed by security provider Sophos, Snatch attempts to bypass traditional security software by rebooting your PC into Safe Mode.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Empirical Evaluation of Secure Development Processes

Adam Shostack

Earlier this year, I helped to organize a workshop at Schloss Dagstuhl on Empirical Evaluation of Secure Development Processes. I think the workshop was a tremendous success, we’ve already seen publications inspired by it, such as Moving Fast and Breaking Things: How to stop crashing more than twice , and I know there’s more forthcoming.

article thumbnail

Insights about the first five years of Right to be Forgotten requests at Google

Elie

The. “Right to be Forgotten” (RTBF). is a landmark European ruling that governs the delisting of personal information from search results. This ruling establishes a right to privacy, whereby individuals can request that search engines delist URLs across the Internet that contain “inaccurate, inadequate, irrelevant or excessive” information uncovered by queries containing the name of the requester.

Media 118
article thumbnail

Reforming CDA 230

Schneier on Security

There's a serous debate on reforming Section 230 of the Communications Decency Act. I am in the process of figuring out what I believe, and this is more a place to put resources and listen to people's comments. The EFF has written extensively on why it is so important and dismantling it will ben catastrophic for the Internet. Danielle Citron disagrees.

Internet 123
article thumbnail

How to use Firefox's Lockwise password manager

Tech Republic Security

Mozilla has evolved its Lockbox password tool into a more standard password manager. Jack Wallen shows you how to use the Firefox Lockwise password manager.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Star Wars Episode 9 is a week away!

Adam Shostack

Emily Asher-Perrin has some of the most interesting writing on the Star Wars universe. I like her analysis of where Rey may come from in Rey Should Choose to Adopt the Skywalker Name, Not Be Retconned Into the Family. I half look forward to the day when Disney assimilates her into the official writing team. The stories will get better, and we’ll lose her analysis.

124
124
article thumbnail

Unsupervised Learning: No. 206 (Member Edition)

Daniel Miessler

This is UL Member Content Subscribe Already a member? Login No related posts.

article thumbnail

Failure Modes in Machine Learning

Schneier on Security

Interesting taxonomy of machine-learning failures ( pdf ) that encompasses both mistakes and attacks, or -- in their words -- intentional and unintentional failure modes. It's a good basis for threat modeling.

122
122
article thumbnail

How to use the Firefox Lockwise password manager

Tech Republic Security

Mozilla has evolved its Lockbox password tool into a more standard password manager. Find out if Firefox Lockwise is right for you.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Encryption & Privacy Policy and Technology

Adam Shostack

The Open Technology Institute has an Open Letter to Law Enforcement in the U.S., UK, and Australia: Weak Encryption Puts Billions of Internet Users at Risk. ( press release , letter.) I am pleased to be one of the signers. In closely related news, nominations for the 2020 Caspar Bowden Award for Outstanding Research in Privacy Enhancing Technologies are open.

article thumbnail

Why Ring Doorbells Perfectly Exemplify the IoT Security Crisis

WIRED Threat Level

A new wave of reports about the home surveillance cameras getting hijacked by creeps is painfully familiar.

IoT 99
article thumbnail

Flaws in Siemens SPPA-T3000 control system expose power plants to hack

Security Affairs

Experts discovered tens of flaws in the Siemens SPPA-T3000 control systems that could be exploited to attack fossil and renewable power plants. Siemens informed customers that the SPPA-T3000 Application Server is affected by 19 vulnerabilities and the SPAA-T3000 MS3000 Migration Server is impacted by 35 security issues. Some of the vulnerabilities have been rated as critical and could be exploited by attackers to trigger a denial-of-service (DoS) condition or to execute arbitrary code on the ser

Hacking 98
article thumbnail

Intel expert divulges security trends

Tech Republic Security

Intel's Amit Elazari Bar On discussed IoT security, ethical hackers, bug bounties, and more.

IoT 112
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Five years of the Right to Be Forgotten

Elie

The “Right to be Forgotten” is a privacy ruling that enables Europeans to delist certain URLs appearing in search results related to their name. In order to illuminate the effect this ruling has on information access, we conducted a retrospective measurement study of 3.2 million URLs that were requested for delisting from Google Search over five years.

Media 83
article thumbnail

Toys “R” Us Is Back—Now With More Surveillance!

WIRED Threat Level

Reports about the toy store using cameras to track shoppers caused an uproar, but the companies behind the tech insist their systems are trained to ignore kids.

article thumbnail

More than 44 million Microsoft user accounts are exposed to hack

Security Affairs

Microsoft revealed that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking. Microsoft discovered that 44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking because of using of compromised passwords. Experts from the Microsoft threat research team analyzed a database containing 3 billion leaked credentials from different security breaches. “The Microsoft identity threat research team checks billions

article thumbnail

Your open source gift giving guide for 2019

Tech Republic Security

'Tis the season for open source gifts. But what to buy? Jack Wallen has a few ideas that are sure to put a smile on the faces of the open source lovers in your life.

109
109
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!