Sat.Aug 04, 2018 - Fri.Aug 10, 2018

article thumbnail

Florida Man Arrested in SIM Swap Conspiracy

Krebs on Security

Police in Florida have arrested a 25-year-old man accused of being part of a multi-state cyber fraud ring that hijacked mobile phone numbers in online attacks that siphoned hundreds of thousands of dollars worth of bitcoin and other cryptocurrencies from victims. On July 18, 2018, Pasco County authorities arrested Ricky Joseph Handschumacher , an employee of the city of Port Richey, Fla, charging him with grand theft and money laundering.

Mobile 225
article thumbnail

Measuring the Rationality of Security Decisions

Schneier on Security

Interesting research: " Dancing Pigs or Externalities? Measuring the Rationality of. Security Decisions ": Abstract: Accurately modeling human decision-making in security is critical to thinking about when, why, and how to recommend that users adopt certain secure behaviors. In this work, we conduct behavioral economics experiments to model the rationality of end-user security decision-making in a realistic online experimental system simulating a bank account.

Marketing 219
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Q&A: How your typing and screen swiping nuances can verify your identity

The Last Watchdog

The recent data breaches at Timehop and Macy’s are the latest harbingers of what’s in store for companies that fail to vigorously guard access to all of their mission-critical systems. Related podcast: Why identities are the new firewall. A common thread to just about every deep network breach these days is the failure of the victimized entity to effectively deploy multi-factor authentication (MFA) to at least make it harder for threat actors to access their sensitive systems.

article thumbnail

New Pluralsight Course: Defending Against JavaScript Keylogger Attacks on Payment Card Information

Troy Hunt

Only a few weeks ago, I wrote about a new GDPR course with John Elliott. We've been getting fantastic feedback on that course and I love the way John has been able to explain GDPR in a way that's actually practical and makes sense! In my experience, that's a bit of a rare talent in GDPR land. When we recorded that course in London a couple of months back, we also recorded another one on Defending Against JavaScript Keylogger Attacks on Payment Card Information.

Banking 122
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CyberSecurity Hall of Fame

Adam Shostack

Congratulations to the 2016 winners ! Dan Geer, Chief Information Security Officer at In-Q-Tel; Lance J. Hoffman, Distinguished Research Professor of Computer Science, The George Washington University; Horst Feistel, Cryptographer and Inventor of the United States Data Encryption Standard (DES); Paul Karger, High Assurance Architect, Prolific Writer and Creative Inventor; Butler Lampson, Adjunct Professor at MIT, Turing Award and Draper Prize winner; Leonard J.

article thumbnail

Hacking the McDonald's Monopoly Sweepstakes

Schneier on Security

Long and interesting story -- now two decades old -- of massive fraud perpetrated against the McDonald's Monopoly sweepstakes. The central fraudster was the person in charge of securing the winning tickets.

Hacking 174

More Trending

article thumbnail

New Pluralsight Course: Bug Bounties for Researchers

Troy Hunt

Earlier this year, I spent some time in San Fran with friend and Bugcrowd founder Casey Ellis where we recorded a Pluralsight "Play by Play" titled Bug Bounties for Companies. I wrote about that in the aforementioned post which went out in May and I mentioned back then that we'd also created a second course targeted directly at researchers. We had to pull together some additional material on that one but I'm please to now share the finished product with you: Bug Bounties for Researchers.

113
113
article thumbnail

CSO on AppSec at the Speed of Devops

Adam Shostack

“ 20 Ways to Make AppSec Move at the Speed of DevOps ” is in CSO. It’s a good collection, and I’m quoted.

CSO 100
article thumbnail

SpiderOak's Warrant Canary Died

Schneier on Security

BoingBoing has the story. I have never quite trusted the idea of a warrant canary. But here it seems to have worked. (Presumably, if SpiderOak wanted to replace the warrant canary with a transparency report, they would have written something explaining their decision. To have it simply disappear is what we would expect if SpiderOak were being forced to comply with a US government request for personal data.).

article thumbnail

Hacking WiFi Password in a few steps using a new attack on WPA/WPA2

Security Affairs

A security researcher has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers. The security researcher Jens ‘Atom’ Steube, lead developer of the popular password-cracking tool Hashcat , has devised a new WiFi hacking technique that could be exploited to easily crack WiFi passwords of most modern routers.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Pluralsight Course: Modern Browser Security Reports

Troy Hunt

Rounding out a recent spate of new Pluralsight courses is one final one: Modern Browser Security Reports. This time, it's with Scott Helme who for most of my followers, needs no introduction. You may remember Scott from such previous projects as securityheaders.io , Report URI and, as it relates to this course, our collective cleaning up at a couple of recent UK awards nights: With @Scott_Helme (at a different awards night) learning we both just scored at the European Cyber Security Blogger Awar

article thumbnail

Millions of Android Devices Are Vulnerable Out of the Box

WIRED Threat Level

Android smartphones from Asus, LG, Essential, and ZTE are the focus of a new analysis about risks from firmware bugs introduced by manufacturers and carriers.

article thumbnail

Don't Fear the TSA Cutting Airport Security. Be Glad That They're Talking about It.

Schneier on Security

Last week, CNN reported that the Transportation Security Administration is considering eliminating security at U.S. airports that fly only smaller planes -- 60 seats or fewer. Passengers connecting to larger planes would clear security at their destinations. To be clear, the TSA has put forth no concrete proposal. The internal agency working group's report obtained by CNN contains no recommendations.

Risk 139
article thumbnail

Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots

Dark Reading

Duo security researchers compiled a massive dataset of public Twitter profiles and built a tool to scour profiles and detect the fakes.

80
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Weekly Update 99

Troy Hunt

It's a traveling weekly update this week as I round out a couple of workshops in Sydney and head to Canberra. That's thrown the normal video cadence out a bit with me recording on a Thursday night (hence the beer) and publishing on a Friday morning, but there's a heap of stuff in there regardless. This week, I'm talking about a couple of different data breaches and delve into the Adult-FanFiction one in particular.

article thumbnail

When It Comes to a Data Breach, How Do You Want to Be Notified?

Thales Cloud Protection & Licensing

August is two-thirds of the way through year, and we have already seen a number of serious, far-reaching data breaches making headlines, some occurred in 2018, and some from 2017 that are now being disclosed. This underscores the harsh realities of the state of cybersecurity today. If you have looked at our recently released annual Data Threat Report: Retail Edition , you understand this is not just hyperbole.

article thumbnail

Detecting Phishing Sites with Machine Learning

Schneier on Security

Really interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. There are search tools, such as Censys.io , that allow humans to specifically search through the massive pile of certificate log entries for sites that spoof certain brands or functions common to identity-processing sites.

Phishing 126
article thumbnail

A New Pacemaker Hack Puts Malware Directly On the Device

WIRED Threat Level

Researchers at the Black Hat security conference will demonstrate a new pacemaker-hacking technique that can add or withhold shocks at will.

Hacking 77
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Russian troll factory suspected to be behind the attack against Italian President Mattarella

Security Affairs

The Russian shadow behind the attack on Italian President Mattarella, a coordinated attack via Twitter involved hundreds of profiles inviting him to resign. Cybersecurity experts and Italian media believe that the Italian President Sergio Mattarella is the last victim of the Russian troll farm. On May 27 the late afternoon, thousands of Twitter profiles suddenly started spreading messages against the Italian president asking him to resign.

article thumbnail

IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships

Dark Reading

Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network - and other findings - at Black Hat USA today.

IoT 63
article thumbnail

xkcd on Voting Computers

Schneier on Security

Funny and true.

105
105
article thumbnail

Machine Learning Can Identify the Authors of Anonymous Code

WIRED Threat Level

Researchers have repeatedly shown that writing samples, even those in artificial languages, contain a unique fingerprint that's hard to hide.

72
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first time the Department of Energy will test the electrical grid’s ability to recover from a blackout caused by cyberattacks. We have discussed many times the effects of a cyber attack against an electrical grid, the most scaring scenario sees wide power outage bringing population in the dark.

article thumbnail

That’s Right, We are Playing Both Sides of the Key Management Game:

Thales Cloud Protection & Licensing

Thales both giveth and taketh Bring Your Own Keys (BYOK). There is no longer denying that encryption is a hot topic. Encryption is everywhere. We hear about it when the FBI can’t hack an iPhone, when countries want back doors to compromise it, and, now, every major cloud provider offers at least baseline encryption as part of their service. These newbies to the land of enterprise encryption quickly learn from their prospects that offering encryption alone doesn’t earn them trust to house their d

article thumbnail

How Blackberry Does Secure Release Management

eSecurity Planet

In a Black Hat USA session, Christine Gadsby, Director of BlackBerry's global Product Security Operations Team, explained how organization can improve the product release process to reduce vulnerabilities.

58
article thumbnail

The Explosive-Carrying Drones in Venezuela Won’t Be the Last

WIRED Threat Level

There's still no good defense against drones attacks like the one that targeted Venezuelan president Nicolas Maduro Saturday.

75
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

ZombieBoy, a new Monero miner that allows to earn $1,000 on a monthly basis

Security Affairs

A security researcher discovered a new crypto mining worm dubbed ZombieBoy that leverages several exploits to evade detection. The security researcher James Quinn has spotted a new strain of crypto mining worm dubbed ZombieBoy that appears to be very profitable and leverages several exploits to evade detection. The expert called this new malware ZombieBoy because it uses a tool called ZombieBoyTools to drop the first dll, it uses some exploits to spread.

article thumbnail

Weakness in WhatsApp Enables Large-Scale Social Engineering

Dark Reading

Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.

article thumbnail

How Netflix Secures AWS Cloud Credentials

eSecurity Planet

At Black Hat USA, Netflix engineer explains how the streaming media giant uses cloud logs to spot security issues.

Media 64
article thumbnail

Hacking a Brand New Mac Remotely, Right Out of the Box

WIRED Threat Level

Researchers found a way to compromise a Mac the first time it connects to Wi-Fi, potentially putting scores of enterprise customers at risk.

Hacking 71
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!