Sat.May 04, 2019 - Fri.May 10, 2019

article thumbnail

Protecting Yourself from Identity Theft

Schneier on Security

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections, and a host of other thingsĀ­ -- but most of that doesn't matter anymore.

article thumbnail

Whatā€™s Behind the Wolters Kluwer Tax Outage?

Krebs on Security

Early in the afternoon on Friday, May, 3, I asked a friend to relay a message to his security contact at CCH , the cloud-based tax division of the global information services firm Wolters Kluwer in the Netherlands. The message was that the same file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Access and Source Code to Samsung Apps Left Unprotected on Public Server

Adam Levin

The source code and security keys associated with a number of Samsung apps and projects have been discovered on unprotected server. Samsungā€™s SmartThings home automation platform was among the projects exposed in the compromise. The exposed server contained a code repository that was misconfigured and publicly available. In addition to the underlying code of several major Samsung apps was a security token that allowed unfettered access to 135 projects and applications.

article thumbnail

Q&A: Hereā€™s why Android users must remain vigilant about malicious apps, more so than ever

The Last Watchdog

Android users ā€“ and Iā€™m one ā€“ are well-advised to be constantly vigilant about the types of cyberthreats directed, at any given time, at the worldā€™s most popular mobile device operating system. Related: Vanquishing BYOD risks Attacks wonā€™t relent anytime soon, and awareness will help you avoid becoming a victim. Itā€™s well worth it to stay abreast of news about defensive actions Google is forced to take to protect Android users.

Adware 176
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperā€™s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Amazon Is Losing the War on Fraudulent Sellers

Schneier on Security

Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies bribe corporate Amazon employees to leak information from the company's wiki pages and business reports, which they then resell to marketplace sellers for steep prices.

article thumbnail

Nine Charged in Alleged SIM Swapping Ring

Krebs on Security

Eight Americans and an Irishman have been charged with wire fraud this week for allegedly hijacking mobile phones through SIM-swapping, a form of fraud in which scammers bribe or trick employees at mobile phone stores into seizing control of the target’s phone number and diverting all texts and phone calls to the attacker’s mobile device.

Mobile 231

More Trending

article thumbnail

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

The Last Watchdog

The recent network breach of Wipro , a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways. Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that weā€™ve also created fresh attack vectors at a rapid rate ā€“ exposures that are not being adequately addressed.

article thumbnail

Malicious MS Office Macro Creator

Schneier on Security

Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code (via p-code) and confuse popular macro analysis tools. It runs on Linux, OSX and Windows.

Antivirus 254
article thumbnail

Episode 9 Spoilers

Adam Shostack

Today is the last Star Wars Day before Episode 9 comes out, and brings the Skywalker saga to its end. Film critics have long talked about how Star Wars is about Luke’s Hero’s Journey, or the core trilogy is about his relationship to his father, but they’re wrong. Also, I regularly say that Star Wars is fundamentally the story of information disclosure: from the opening shot of Princess Leia’s ship being pursued through the climatic destruction of the Death Star, it’

article thumbnail

How Encryption Became the Boardā€™s New Best Friend

Thales Cloud Protection & Licensing

Originally published in TEISS on May 1, 2019. For many years, encryption has been viewed as a burden on businesses ā€“ expensive, complex and of questionable value. How things have changed. In just the past few years (and hundreds of high-profile breaches and Ā£Trillions of economic damage later), cyber threats became impossible for the boardroom to ignore.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youā€™ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NEW TECH: SlashNext dynamically inspects web page contents to detect latest phishing attacks

The Last Watchdog

Humans are fallible. Cyber criminals get this. Human fallibility is the reason social engineering has proven to be so effective ā€“ and why phishing persists. Consider these metrics from messaging security firm Proofpoint : ā€¢Email-based corporate credential phishing attacks quadrupled in Q3 2018 vs. the previous quarter. ā€¢Web-based social engineering attacks jumped 233% vs. the previous quarter. ā€¢99% of the most highly targeted email addresses in the quarter didnā€™t rank as such in the previous rep

Phishing 157
article thumbnail

Cryptanalyzing a Pair of Russian Encryption Algorithms

Schneier on Security

A pair of Russia-designed cryptographic algorithms -- the Kuznyechik block cipher and the Streebog hash function -- have the same flawed S-box that is almost certainly an intentional backdoor. It's just not the kind of mistake you make by accident, not in 2014.

article thumbnail

Top-Tier Russian Hacking group Fxmsp claims hack of major AntiVirus Companies

Security Affairs

A Russian hacking group Fxmsp is offering for sale the access to the networks of at least three antivirus companies in the US and source code of their software. Fxmsp is a high-profile Russian- and English-speaking hacking group focused on breaching high-profile private corporate and government information. The group is offering the accesses to the single companies for $250,000 and is asking $150,000 for the source code of the software.

Antivirus 111
article thumbnail

Securing Sensitive Data in Pivotal Cloud Foundry

Thales Cloud Protection & Licensing

The Cloud Security Challenge. Itā€™s no secret that cloud technology usage is pervasive among enterprises. According to the 2019 Thales Data Threat Report -Global Edition, some 90 percent of 1,200 responding data security professionals worldwide report their organizations are using the cloud. While the agility and cost-saving benefits of cloud technologies are compelling, the need to protect sensitive application data remains.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatā€™s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Q&A: The drivers behind the stark rise ā€” and security implications ā€” of ā€˜memory attacksā€™

The Last Watchdog

A distinctive class of hacking is rising to the fore and is being leveraged by threat actors to carry out deep, highly resilient intrusions of well-defended company networks. Related: Memory hacking becomes a go-to tactic These attacks are referred to in the security community as ā€œfileless attacksā€ or ā€œmemory attacks.ā€ The latter conveys a more precise picture: memory hacking refers to a broad set of practices, which can include fileless attacks, that constitute this go-deep form of network brea

Hacking 153
article thumbnail

Leaked NSA Hacking Tools

Schneier on Security

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question.

Hacking 237
article thumbnail

Inside Chinaā€™s Surveillance Crackdown on Uyghurs

WIRED Threat Level

In Xinjiang, northwest China, the government is cracking down on the minority Muslim Uyghur population, keeping them under constant surveillance and throwing more than a million people into concentration camps. But in Istanbul, 3,000 miles away, a community of women who have escaped a life of repression are fighting a digital resistance.

article thumbnail

LulZSec and Anonymous Ita hackers published sensitive data from 30,000 Roman lawyers

Security Affairs

A group of hackers has stolen and published online sensitive data of 30,000 Roman lawyers, including the Mayor of Rome. The announcement was made on Twitter by Lulzsec and Anonymous Ita. The story is very simple, LulZSec, the collective of hackers recently hit the Italian Ministry of the Environment, has collected a huge amount of data belonging to 30,000 Roman lawyers.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnā€™t hand those out too freely. You have stuff thatā€™s worth protectingā€”and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

The Last Watchdog

No matter how reliant we ultimately become on cloud storage and streaming media, itā€™s hard to image consumers ever fully abandoning removable storage devices. Thereā€™s just something about putting your own two hands on a physical device, whether itā€™s magnetic tape, or a floppy disk, or a CD. Today, itā€™s more likely to be an external drive, a thumb drive or a flash memory card.

article thumbnail

Another NSA Leaker Identified and Charged

Schneier on Security

In 2015, the Intercept started publishing " The Drone Papers ," based on classified documents leaked by an unknown whistleblower. Today, someone who worked at the NSA, and then at the National Geospatial-Intelligence Agency, was charged with the crime. It is unclear how he was initially identified. It might have been this: "At the agency, prosecutors said, Mr.

Software 223
article thumbnail

The Law Being Used to Prosecute Julian Assange Is Broken

WIRED Threat Level

Opinion: Julian Assange is being prosecuted under the Computer Fraud and Abuse Act, a minimally defined statute that can have maximally destructive consequences.

111
111
article thumbnail

A hacker has taken over at least 29 IoT botnets

Security Affairs

Hacker “Subby” brute-forces the backends of 29 IoT botnets that were using weak or default credentials. A hacker that goes online with the moniker ‘Subby’ took over 29 IoT botnets in the past few week s with brute-force attacks. The hacker ‘Subby’ took over 29 IoT botnets in the past few weeks brute-forcing the back end panels of their command and control servers.

IoT 111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Demystifying the Dark Web: What You Need to Know

Dark Reading

The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.

Internet 103
article thumbnail

Locked Computers

Schneier on Security

This short video explains why computers regularly came with physical locks in the late 1980s and early 1990s. The one thing the video doesn't talk about is RAM theft. When RAM was expensive, stealing it was a problem.

218
218
article thumbnail

The CIA Sets Up Shop on Tor, the Anonymous Internet

WIRED Threat Level

Even the Central Intelligence Agency has a so-called onion service now.

Internet 111
article thumbnail

Japan will develop its first-ever malware as a defense measure against cyber attacks

Security Affairs

The news was reported by the Kyodo News and has caught my attention, Japan will develop its first-ever computer virus as defense against cyber attacks. The Kyodo News revealed that Japan will develop its first-ever computer virus as a defense measure against cyber attacks and that the development will be completed by next March. The Defense Ministry plans to use the malware as a vaccine that could neutralize the other malicious codes.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Social Engineering Slams the C-Suite: Verizon DBIR

Dark Reading

Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.

article thumbnail

Testing Building Blocks

Adam Shostack

There are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation. A Comparison of System Description Models for Data Protection by Design. What makes these interesting is that they are digging into better-formed building blocks of threat modeling, comparing them to requirements, and analyzing how they stack up.

100
100
article thumbnail

Artificial Intelligence May Not 'Hallucinate' After All

WIRED Threat Level

What makes an algorithm mistake a helicopter for a gun? Researchers think the answer has to do more with man than machine.

article thumbnail

A bug in Mirai code allows crashing C2 servers

Security Affairs

Ankit Anubhav, a principal researcher at NewSky Security, explained how to exploit a vulnerability in the Mirai bot to crash it. Ankit Anubhav, a principal researcher at NewSky, explained how to exploit a trivial bug in the code of the Mirai bot , which is present in many of its variants, to crash it. The expert pointed out that a Mirai C2 server crashes when someone connects it using as username a sequence of 1025+ “a” characters.

IoT 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!