Sat.Nov 23, 2019 - Fri.Nov 29, 2019

article thumbnail

Hidden Cam Above Bluetooth Pump Skimmer

Krebs on Security

Tiny hidden spy cameras are a common sight at ATMs that have been tampered with by crooks who specialize in retrofitting the machines with card skimmers. But until this past week I’d never heard of hidden cameras being used at gas pumps in tandem with Bluetooth-based card skimming devices. Apparently, I’m not alone. “I believe this is the first time I’ve seen a camera on a gas pump with a Bluetooth card skimmer,” said Detective Matt Jogodka of the Las Vegas Police Departm

Banking 336
article thumbnail

Major Hotel Group Leaks 1TB of Customer Data

Adam Levin

One terabyte of data belonging to a major hotel booking platform was found leaked online. A huge trove of customer data belonging to Gekko Group was found online in an unsecured format. The data contained a wide array of records, including full names, credit card details, client login information, email addresses, home addresses and hotel reservations.

B2B 295
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Teach Your Kids to Code with Ari in Oslo and London

Troy Hunt

When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference. I didn't have an opportunity to create anything usable by others until years later and perhaps most importantly in the context of this blog post, I didn't have anyone in my family able to teach me about coding.

Software 284
article thumbnail

Manipulating Machine Learning Systems by Manipulating Training Data

Schneier on Security

Interesting research: " TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents ": Abstract: : Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process.

301
301
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Sale of 4 Million Stolen Cards Tied to Breaches at 4 Restaurant Chains

Krebs on Security

On Nov. 23, one of the cybercrime underground’s largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.

Marketing 335
article thumbnail

How Microsoft is using hardware to secure firmware

Tech Republic Security

Even full disk encryption can't keep you secure if your PC firmware is compromised, so Secured-core PCs will use the CPU to check if UEFI is telling the truth about secure boot.

Firmware 174

More Trending

article thumbnail

DHS Mandates Federal Agencies to Run Vulnerability Disclosure Policy

Schneier on Security

The DHS is requiring all federal agencies to develop a vulnerability disclosure policy. The goal is that people who discover vulnerabilities in government systems have a mechanism for reporting them to someone who might actually do something about it. The devil is in the details, of course, but this is a welcome development. The DHS is seeking public feedback.

article thumbnail

Facebook and Twitter warn of malicious SDK harvesting personal data from its accounts

Security Affairs

Some third-party apps quietly scraped personal information from people’s accounts from Twitter and Facebook, the social media companies claim. Facebook and Twitter revealed that some third-party apps quietly scraped personal information from people’s accounts without their consent. According to the company, the cause of behavior that violates their policies is a couple of “malicious” software development kits (SDKs) used by the third-party iOS and Android apps.

article thumbnail

Cybersecurity in 2020: More targeted attacks, AI not a prevention panacea

Tech Republic Security

As cloud complexity increases, hackers are relying on more targeted attacks, scoping out weak points across a larger attack surface.

article thumbnail

Welcoming the Swiss Government to Have I Been Pwned

Troy Hunt

I recently had the pleasure of spending a few days in Switzerland, firstly in Geneva visiting ( and speaking at ) CERN followed by a visit to the nation's capital, Bern. There I spent some time with a delegation of the National Cybersecurity Centre discussing the challenges they face and where HIBP can play a role. Continuing the march forward to provide governments with better access to their departments' data exposed in breaches , I'm very pleased to welcome Switzerland as the 7th national gov

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Home Safe: 20 Cybersecurity Tips for Your Remote Workers

Dark Reading

How can you protect your precious corporate endpoints from the mysterious dangers that might await when you're not by their side? Empower home office users with these tips.

article thumbnail

Microsoft warns of Dexphot miner, an interesting polymorphic threat

Security Affairs

Microsoft revealed that the new Dexphot cryptocurrency miner has already infected more than 80,000 computers worldwide. Security experts at Microsoft analyzed a new strain of cryptocurrency miner tracked as Dexphot that has been active since at least October 2018. The malicious code abuse of the resources of the infected machine to mine cryptocurrency , according to the experts it has already infected 80,000 computers worldwide.

article thumbnail

The top cybersecurity mistakes companies are making (and how to avoid them)

Tech Republic Security

There's not a one-size-fits-all approach to cybersecurity. Learn some of the common mistakes and how you can get on the right path.

article thumbnail

Travel Back To 1985 For A Guest Lecture By Commodore Grace Hopper on The Future of Computing

CTOVision Cybersecurity

Thanks to the power of computing you can watch Commodore Grace Hopper delivering her landmark lecture at MIT Laboratory on 25 April 1985. The entire presentation is excellent and worth listening to. But my favorite line is right around 23 minutes in, when after describing the nature of technology innovation she says: “Probably the most […].

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Black Friday Shoppers Targeted By Scams and Fake Domains

Threatpost

Cybercriminals are tapping in on Black Friday and Cyber Monday shoppers with an array of scams and malware - including domain impersonation, social media giveaway scams, and a malicious Chrome extension.

Scams 112
article thumbnail

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services.

article thumbnail

How Cyber insurance works to protect companies in case of a breach

Tech Republic Security

Cyber insurance can help protect your organization from the financial costs associated with data breaches. Learn the details to decide if it's the right fit for your company.

article thumbnail

Taking Stock of Your Data Security to Deliver a Happy Holiday Shopping Season

Thales Cloud Protection & Licensing

Originally published in Security Magazine on November 20, 2019. With the holidays approaching, many of us are thinking about taking time off from work to be with friends and family, as well all the last minute shopping that needs to be done. The sad truth is that cyber criminals do not take vacations and may be looking at the holidays as yet another opportunity to steal and monetize consumer data.

Retail 148
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Tainted Data Can Teach Algorithms the Wrong Lessons

WIRED Threat Level

Researchers show how AI programs can be sabotaged by even subtle tweaks to the data used to train them.

Hacking 119
article thumbnail

A Ransomware infected the network of the cybersecurity firm Prosegur

Security Affairs

A piece of the Ryuk Ransomware infected the network of the multinational cybersecurity firm Prosegur, forcing the company to shut down it. The Spanish multinational security company Prosegur announced that it was of a ransomware attack that disrupted its telecommunication platform. Comunicado sobre incidencia de seguridad informática pic.twitter.com/TMdOJzkFCB — Prosegur (@Prosegur) November 27, 2019.

article thumbnail

How credential stuffing attacks work, and how to prevent them

Tech Republic Security

Credential stuffing attacks pose a significant risk to consumers and businesses. Learn how they work and what you can do about them.

Risk 190
article thumbnail

Scary Movie: The horror facing business

Thales Cloud Protection & Licensing

Originally published in City A.M. on November 20, 2019 (Page 23). Be afraid, be very afraid, for here are the security fears lurking under your firm’s bed. The choices that characters make in scary movies can often seem baffling. Why do they never turn the lights on when entering the house at night alone? How come they always run upstairs and never outside when being chased?

104
104
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

5 Ways to Champion and Increase Your 2020 Security Budget

Dark Reading

Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.

94
article thumbnail

Kaspersky found dozens of flaws in 4 open-source VNC software

Security Affairs

Kaspersky researchers found dozens of flaws in four popular open-source virtual network computing (VNC) systems. Experts from Kaspersky analyzed several different implementations of a remote access system called Virtual Network Computing (VNC) and identified a number of memory corruption vulnerabilities. Some of the vulnerabilities found by the experts could lead to remote code execution.

Software 140
article thumbnail

How scammers use Black Friday to target consumers

Tech Republic Security

Holiday shopping scams try to bait consumers with special giveaways, giftcards, discounts, and coupons, according to a new report from cyber security company ZeroFOX.

Scams 128
article thumbnail

Federal Data Privacy Bill Takes Aim at Tech Giants

Threatpost

The COPRA legislation would provide GDPR-like data protections, and create a new FTC enforcement bureau.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Think Twice Before Giving Gifts With a Microphone or Camera

WIRED Threat Level

Black Friday is going to be overrun with cheap, internet-connected gifts. Just make sure you know exactly what you’re buying.

article thumbnail

PoC exploit code for Apache Solr RCE flaw is available online

Security Affairs

Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr is highly reliable, scalable and fault-tolerant, providing distributed indexing, replication and load-balanced querying, automated failover and recovery, ce

article thumbnail

The sinister timing of deepfakes and the 2020 election

Tech Republic Security

Education and legislation are needed to combat the significant threat of deepfakes.

Education 181
article thumbnail

A Cause You Care About Needs Your Cybersecurity Help

Dark Reading

By donating their security expertise, infosec professionals are supporting non-profits, advocacy groups, and communities in-need.

InfoSec 89
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.