Krebs on Security

AUGUST 7, 2018

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher , an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering.

Mobile 225

Mobile Cryptocurrency Scams Computers and Electronics 225

Schneier on Security

AUGUST 7, 2018

Interesting research: " Dancing Pigs or Externalities? Measuring the Rationality of. Security Decisions ": Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account.

Marketing 216

Marketing Risk Banking Accountability 216

The Last Watchdog

AUGUST 6, 2018

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall. A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

Digital transformation 181

Digital transformation Passwords Data breaches Authentication 181

Troy Hunt

AUGUST 7, 2018

Only a few weeks ago, I wrote about a new GDPR course with John Elliott. We've been getting fantastic feedback on that course and I love the way John has been able to explain GDPR in a way that's actually practical and makes sense! In my experience, that's a bit of a rare talent in GDPR land. When we recorded that course in London a couple of months back, we also recorded another one on Defending Against JavaScript Keylogger Attacks on Payment Card Information.

Banking 121

Banking 121

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Shostack

AUGUST 5, 2018

Congratulations to the 2016 winners ! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J. Hoffman, Distinguished Research Professor of Computer Science, The George Washington University; Horst Feistel, Cryptographer and Inventor of the United States Data Encryption Standard (DES); Paul Karger, High Assurance Architect, Prolific Writer and Creative Inventor; Butler Lampson, Adjunct Professor at MIT, Turing Award and Draper Prize winner; Leonard J.

Cybersecurity 100

Cybersecurity Education Encryption Information Security 100

Schneier on Security

AUGUST 6, 2018

Long and interesting story -- now two decades old -- of massive fraud perpetrated against the McDonald's Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets.

Hacking 175

Hacking 175

Troy Hunt

AUGUST 6, 2018

Earlier this year, I spent some time in San Fran with friend and Bugcrowd founder Casey Ellis where we recorded a Pluralsight "Play by Play" titled Bug Bounties for Companies. I wrote about that in the aforementioned post which went out in May and I mentioned back then that we'd also created a second course targeted directly at researchers. We had to pull together some additional material on that one but I'm please to now share the finished product with you: Bug Bounties for Researchers.

112

112

Adam Shostack

AUGUST 6, 2018

“ 20 Ways to Make AppSec Move at the Speed of DevOps ” is in CSO. It’s a good collection, and I’m quoted.

CSO 100

CSO Engineering Software 100

Schneier on Security

AUGUST 8, 2018

BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. (Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear is what we would expect if SpiderOak were being forced to comply with a US government request for personal data.).

Government 141

Government 141

Security Affairs

AUGUST 7, 2018

A security researcher has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers. The security researcher Jens ‘Atom’ Steube, lead developer of the popular password-cracking tool Hashcat , has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers.

Passwords 75

Passwords Hacking Wireless Authentication 75

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Troy Hunt

AUGUST 8, 2018

Rounding out a recent spate of new Pluralsight courses is one final one: Modern Browser Security Reports. This time, it's with Scott Helme who for most of my followers, needs no introduction. You may remember Scott from such previous projects as securityheaders.io , Report URI and, as it relates to this course, our collective cleaning up at a couple of recent UK awards nights: With @Scott_Helme (at a different awards night) learning we both just scored at the European Cyber Security Blogger Awar

Technology 111

Technology 111

WIRED Threat Level

AUGUST 10, 2018

Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about risks from firmware bugs introduced by manufacturers and carriers.

Firmware 73

Firmware Manufacturing Risk 73

Schneier on Security

AUGUST 10, 2018

Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes -- 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations. To be clear, the TSA has put forth no concrete proposal. The internal agency working group's report obtained by CNN contains no recommendations.

Risk 137

Risk Government 137

Dark Reading

AUGUST 6, 2018

Duo security researchers compiled a massive dataset of public Twitter profiles and built a tool to scour profiles and detect the fakes.

80

80

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

AUGUST 9, 2018

It's a traveling weekly update this week as I round out a couple of workshops in Sydney and head to Canberra. That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. This week, I'm talking about a couple of different data breaches and delve into the Adult-FanFiction one in particular.

Data breaches 110

Data breaches 110

Thales Cloud Protection & Licensing

AUGUST 7, 2018

August is two-thirds of the way through year, and we have already seen a number of serious, far-reaching data breaches making headlines, some occurred in 2018, and some from 2017 that are now being disclosed. This underscores the harsh realities of the state of cybersecurity today. If you have looked at our recently released annual Data Threat Report: Retail Edition , you understand this is not just hyperbole.

Data breaches 63

Data breaches Retail Identity Theft Threat Reports 63

Schneier on Security

AUGUST 9, 2018

Really interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io , that allow humans to specifically search through the massive pile of certificate log entries for sites that spoof certain brands or functions common to identity-processing sites.

Phishing 124

Phishing 124

WIRED Threat Level

AUGUST 9, 2018

Researchers at the Black Hat security conference will demonstrate a new pacemaker-hacking technique that can add or withhold shocks at will.

Hacking 77

Hacking Malware 77

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

AUGUST 4, 2018

The Russian shadow behind the attack on Italian President Mattarella, a coordinated attack via Twitter involved hundreds of profiles inviting him to resign. Cybersecurity experts and Italian media believe that the Italian President Sergio Mattarella is the last victim of the Russian troll farm. On May 27 the late afternoon, thousands of Twitter profiles suddenly started spreading messages against the Italian president asking him to resign.

Artificial Intelligence 75

Artificial Intelligence Internet Internet Advertising 75

Dark Reading

AUGUST 9, 2018

Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network - and other findings - at Black Hat USA today.

IoT 63

IoT Malware Hacking 63

Schneier on Security

AUGUST 10, 2018

Funny and true.

104

104

WIRED Threat Level

AUGUST 10, 2018

Researchers have repeatedly shown that writing samples, even those in artificial languages, contain a unique fingerprint that's hard to hide.

70

70

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 6, 2018

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first time the Department of Energy will test the electrical grid’s ability to recover from a blackout caused by cyberattacks. We have discussed many times the effects of a cyber attack against an electrical grid, the most scaring scenario sees wide power outage bringing population in the dark.

Cyber Attacks 76

Cyber Attacks Energy and Utilities Advertising Hacking 76

Thales Cloud Protection & Licensing

AUGUST 9, 2018

Thales both giveth and taketh Bring Your Own Keys (BYOK). There is no longer denying that encryption is a hot topic. Encryption is everywhere. We hear about it when the FBI can’t hack an iPhone, when countries want back doors to compromise it, and, now, every major cloud provider offers at least baseline encryption as part of their service. These newbies to the land of enterprise encryption quickly learn from their prospects that offering encryption alone doesn’t earn them trust to house their d

Cloud Migration 54

Cloud Migration Encryption Big data Marketing 54

eSecurity Planet

AUGUST 9, 2018

In a Black Hat USA session, Christine Gadsby, Director of BlackBerry's global Product Security Operations Team, explained how organization can improve the product release process to reduce vulnerabilities.

58

58

WIRED Threat Level

AUGUST 4, 2018

There's still no good defense against drones attacks like the one that targeted Venezuelan president Nicolas Maduro Saturday.

74

74

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

AUGUST 5, 2018

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. The expert called this new malware ZombieBoy because it uses a tool called ZombieBoyTools to drop the first dll, it uses some exploits to spread.

Cryptocurrency 74

Cryptocurrency Advertising Malware Ransomware 74

Dark Reading

AUGUST 9, 2018

Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.

Social Engineering 69

Social Engineering Engineering 69

eSecurity Planet

AUGUST 10, 2018

At Black Hat USA, Netflix engineer explains how the streaming media giant uses cloud logs to spot security issues.

Media 64

Media Engineering 64

WIRED Threat Level

AUGUST 9, 2018

Researchers found a way to compromise a Mac the first time it connects to Wi-Fi, potentially putting scores of enterprise customers at risk.

Hacking 68

Hacking Risk 68

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity