Sat.Aug 24, 2019 - Fri.Aug 30, 2019

article thumbnail

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Yet that's not possible, because there is no longer any difference between those categories of devices. Consumer devices are critical infrastructure. They affect national security. And it would be foolish to weaken them, even at the request of law enforcement.

article thumbnail

Cybersecurity Firm Imperva Discloses Breach

Krebs on Security

Imperva , a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores, Calif.-based Imperva sells technology and services designed to detect and block various types of malicious Web traffic, from denial-of-service attacks to digital probes aimed at undermining the security of We

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 153

Troy Hunt

Australia! Sunshine, good coffee and back in the water on the tail end of "winter". I'm pretty late doing this week's video as the time has disappeared rather quickly and I'm making the most of it before the next round of events. Be that as it may, there's a bunch of new stuff this week not least of which is the unexpected limit I hit with the Azure API Management consumption tier.

InfoSec 173
article thumbnail

NEW TECH: ICS zero-day flaws uncovered by Nozomi Networks’ analysis of anomalous behaviors

The Last Watchdog

Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Attacking the Intel Secure Enclave

Schneier on Security

Interesting paper by Michael Schwarz, Samuel Weiser, Daniel Gruss. The upshot is that both Intel and AMD have assumed that trusted enclaves will run only trustworthy code. Of course, that's not true. And there are no security mechanisms that can deal with malicious enclaves, because the designers couldn't imagine that they would be necessary. The results are predictable.

Malware 230
article thumbnail

Ransomware Bites Dental Data Backup Firm

Krebs on Security

PerCSoft , a Wisconsin-based company that manages a remote data backup service relied upon by hundreds of dental offices across the country, is struggling to restore access to client systems after falling victim to a ransomware attack. West Allis, Wis.-based PerCSoft is a cloud management provider for Digital Dental Record (DDR), which operates an online data backup service called DDS Safe that archives medical records, charts, insurance documents and other personal information for various denta

Backups 231

More Trending

article thumbnail

MY TAKE: Six-figure GDPR privacy fines reinforce business case for advanced SIEM, UEBA tools

The Last Watchdog

Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers’ personal data. The EU slammed the UK airline with a $230 million fine , and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU’s toughened General Data Protection Regulation , which took effect May 25, 2018.

Big data 153
article thumbnail

Detecting Credit Card Skimmers

Schneier on Security

Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There's now an app that can detect them : The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices -- like sensors, smartphones, or vehicle tracking hardware -- from card skimmers that ar

Wireless 230
article thumbnail

Phishers are Angling for Your Cloud Providers

Krebs on Security

Many companies are now outsourcing their marketing efforts to cloud-based Customer Relationship Management (CRM) providers. But when accounts at those CRM providers get hacked or phished, the results can be damaging for both the client’s brand and their customers. Here’s a look at a recent CRM-based phishing campaign that targeted customers of Fortune 500 construction equipment vendor United Rentals.

Phishing 219
article thumbnail

Mysterious iOS Attack Changes Everything We Know About iPhone Hacking

WIRED Threat Level

For two years, a handful of websites have indiscriminately hacked thousands of iPhones.

Hacking 112
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NEW TECH: Nozomi Networks tracks anomalous behaviors, finds zero-day ICS vulnerabilities

The Last Watchdog

Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. Related: Why the Golden Age of cyber spying is here Carcano hacked a computer screen at age 14, and that got him intrigued by software controls. He went on to earn a masters degree in cybersecurity, during which time he won a scholarship from the European Commission to craft a proof of concept attack against an industrial control system (ICS.

article thumbnail

The Threat of Fake Academic Research

Schneier on Security

Interesting analysis of the possibility, feasibility, and efficacy of deliberately fake scientific research, something I had previously speculated about.

220
220
article thumbnail

Kaspersky found malware in popular CamScanner app. Remove it now from your phone!

Security Affairs

Security experts from Kaspersky spotted a malware in the free version of the popular PDF creator application CamScanner app. CamScanner is a very popular Phone PDF creator app with more than 100 million downloads on Google Play Store. Experts from Kaspersky have discovered malware in the free Android version of the CamScanner app that could be used by attackers to remotely hack Android devices and steal targets’ data.

Malware 111
article thumbnail

Cryptocurrency Mining Employees Expose Nuclear Plant to Internet

WIRED Threat Level

Xbox eavesdropping, email scammers, and more of the week's top security news.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

18 Cyber Security Startups to Watch in 2019

eSecurity Planet

Here are 18 hot IT security startups addressing everything from IoT security and blockchain to artificial intelligence and machine learning.

article thumbnail

AI Emotion-Detection Arms Race

Schneier on Security

Voice systems are increasingly using AI techniques to determine emotion. A new paper describes an AI-based countermeasure to mask emotion in spoken words. Their method for masking emotion involves collecting speech, analyzing it, and extracting emotional features from the raw signal. Next, an AI program trains on this signal and replaces the emotional indicators in speech, flattening them.

215
215
article thumbnail

Ransomware attack hits DDS Safe backup service used by hundreds of dental offices

Security Affairs

The company behind DDS Safe solution used by hundreds of dental offices was hit by a ransomware attack and it is working to restore access to client data. PerCSoft is a cloud management provider for Digital Dental Record (DDR), that operates the online data backup service called DDS Safe. DDS Safe, is a HIPAA Compliant 3 layered online dental backup system that provides dental offices triple the protection of traditional online back-up solutions.

Backups 111
article thumbnail

A History of Plans to Nuke Hurricanes (and Other Stuff Too)

WIRED Threat Level

If you think dropping a nuclear bomb into the eye of a hurricane is a bad idea, wait'll you see what they had in mind for the polar ice caps.

111
111
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

More Than Half of Social Media Login Attempts Are Fraud

Dark Reading

Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.

Media 92
article thumbnail

Ethical Hackers: A Business’s Best Friend?

Thales Cloud Protection & Licensing

Originally published in Forbes on July 29, 2019. Brands are under pressure to protect themselves and their customers from increasingly sophisticated cyber attacks. With daily media headlines and new regulations, consumers have never been more aware of the threats out there. As a result, businesses are being forced to take the issue of cybersecurity more seriously, facing it head on and putting in place the necessary steps (e.g., encryption, two-factor authentication and key management) to protec

article thumbnail

A total of six hackers already become millionaires on HackerOne

Security Affairs

HackerOne announced that five more hackers have become millionaires thanks to their contributes to the bug bounty programs managed by the platform. Bug bounty platform HackerOne announced that four more hackers have become millionaires after participating in the bug bounty programs managed by the platform. In March, HackerOne announced that two of its members have each earned more than $1 million by participating bug bounty programs.

Internet 111
article thumbnail

OpenAI Said Its Code Was Risky. Two Grads Recreated It Anyway

WIRED Threat Level

The artificial intelligence lab cofounded by Elon Musk said its software could too easily be adapted to crank out fake news.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

WannaCry Remains No. 1 Ransomware Weapon

Dark Reading

Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.

article thumbnail

The Next Step in End-to-End Encryption: Introducing EncryptReduce

Thales Cloud Protection & Licensing

This past March at RSAC 2019, Pure Storage and Thales introduced the security industry’s first end-to-end data encryption framework that realizes storage array data reduction efficiencies. Historically, host data encryption and array data reduction are like oil and water – they simply don’t mix. Our partner Vaughn Stewart from Pure Storage wrote about our work together to overcome this problem in this blog post.

article thumbnail

Bad Packets warns of over 14,500 Pulse secure VPN endpoints vulnerable to CVE-2019-11510

Security Affairs

BadPackets experts observed on August 22 a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. On August 22, BadPackets experts observed a mass scanning activity targeting Pulse Secure “Pulse Connect Secure” VPN endpoints vulnerable to CVE-2019-11510. Recently another popular cybersecurity expert, Kevin Beaumont, has also observed attackers attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 fl

VPN 111
article thumbnail

Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again

WIRED Threat Level

The same researchers who figured out how to clone a Tesla Model S key fob have done it again, cracking the replacement that was meant to fix the problem.

Hacking 104
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

'It Saved Our Community': 16 Realistic Ransomware Defenses for Cities

Dark Reading

Practical steps municipal governments can take to better prevent and respond to ransomware infections.

article thumbnail

Employers Beware: Microsoft Word ‘Resume’ Phish Delivers Quasar RAT

Threatpost

A round of phishing emails purports to be from job seekers - but actually uses a slew of detection evasion tactics to download malware on victim systems.

article thumbnail

Experts uncovered a hacking campaign targeting several WordPress Plugins

Security Affairs

Researchers at Wordfence reported an ongoing hacking campaign exploiting security flaws in some WordPress plugins. Researchers from Wordfence uncovered an ongoing hacking campaign exploiting security vulnerabilities in some WordPress plugins to redirect visitors to websites under the control of the attackers. The campaign specifically targeted flaws in WordPress plugins developed by the developer NicDark (now renamed as “Endreww”), such as a plugin called Simple 301 Redirects – Addon – Bulk Uplo

Hacking 111
article thumbnail

Alleged 'Snake Oil' Crypto Firm Sues Over Boos at Black Hat

WIRED Threat Level

The paper being presented suggested that the two researchers had a method to quickly find large semiprime numbers and essentially break RSA-2048 and any other semiprime-based encryption.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!