Krebs on Security

MAY 24, 2019

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [ NYSE:FAF ] leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records — including bank account numbers and statements, mortgage and tax records, Social Security numbers, wire transaction receipts, and drivers license images — were available without authentication to anyone with a Web browser.

Insurance 279

Insurance Banking Identity Theft Scams 279

Schneier on Security

MAY 24, 2019

Der Spiegel is reporting that the German Ministry for Internal Affairs is planning to require all Internet message services to provide plaintext messages on demand, basically outlawing strong end-to-end encryption. Anyone not complying will be blocked, although the article doesn't say how. (Cory Doctorow has previously explained why this would be impossible.).

Encryption 264

Encryption Internet Internet 264

Troy Hunt

MAY 21, 2019

Sometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse. In fact, it was only September that I proposed EV certificates are already dead for all sorts of good reasons that have only been reinforced since that time. Yet somehow, the discussion does seem to come up time and again as it did following this recent tweet of mine: Always find comments like this amusing: “The main concern about SSL certificates is that all of them are losing their

Phishing 254

Phishing 254

Adam Levin

MAY 24, 2019

Google announced a glitch that stored unencrypted passwords belonging to several business customers, a situation that had been exploitable since 2005. In a blog post released this week, the company admitted the passwords of “some” of its G Suite customers had been stored on internal servers without cryptographic protection, also known as a hash. “This issue has been fixed and, again, we have seen no evidence of improper access to or misuse of the affected passwords.

Passwords 247

Passwords System Administration Encryption 247

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

Phishing 279

Phishing Antivirus Scams Malware 279

Schneier on Security

MAY 22, 2019

This clever attack allows someone to uniquely identify a phone when you visit a website, based on data from the accelerometer, gyroscope, and magnetometer sensors. We have developed a new type of fingerprinting attack, the calibration fingerprinting attack. Our attack uses data gathered from the accelerometer, gyroscope and magnetometer sensors found in smartphones to construct a globally unique fingerprint.

263

263

Troy Hunt

MAY 19, 2019

Per the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid the conference swag cupboard to even find a clean t-shirt. But be that as it may, I'm yet to miss one of these weekly vids in the 2 and a half years I've been doing them and I'm not going to start now! So with that very short intro done, here's this week's and I'll try and be a little more on the ball for the next one.

Encryption 169

Encryption Accountability 169

Krebs on Security

MAY 18, 2019

Ogusers[.]com — a forum popular among people involved in hijacking online accounts and conducting SIM swapping attacks to seize control over victims’ phone numbers — has itself been hacked, exposing the email addresses, hashed passwords, IP addresses and private messages for nearly 113,000 forum users. On May 12, the administrator of OGusers explained an outage to forum members by saying a hard drive failure had erased several months’ worth of private messages, forum post

Accountability 242

Accountability Hacking Backups Passwords 242

Schneier on Security

MAY 20, 2019

This law review article by Noam Kolt, titled " Return on Data ," proposes an interesting new way of thinking of privacy law. Abstract: Consumers routinely supply personal data to technology companies in exchange for services. Yet, the relationship between the utility (U) consumers gain and the data (D) they supply -- "return on data" (ROD) -- remains largely unexplored.

Marketing 238

Marketing Technology 238

The Last Watchdog

MAY 20, 2019

Even if your company issues you a locked-down smartphone, embracing best security practices remains vital Our smartphones. Where would we be without them? Related Q&A: Diligence required of Android users If you’re anything like me, making a phone call is the fifth or sixth reason to reach for your Android or iPhone. Whichever OS you favor, a good portion of the key components that make up your digital life — email, texting, social media, shopping, banking, hobbies, and work duties — now rout

Mobile 138

Mobile Spyware Banking Manufacturing 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

MAY 21, 2019

A leaked database has compromised the personal information of more than 49 million Instagram users, including celebrities and “influencers.”. The information was found on an unsecured database hosted on an Amazon cloud server and includes public-facing information from Instagram accounts as well as personal details, including email addresses and phone numbers.

Media 127

Media Marketing Accountability 127

Security Affairs

MAY 20, 2019

Experts discovered a privilege escalation vulnerability in the Linux Kernel, tracked as CVE-2019-11815, that affects the implementation of RDS over TCP. Experts discovered a memory corruption vulnerability in Linux Kernel that resides in the implementation of the Reliable Datagram Sockets (RDS) over TCP. The vulnerability tracked as CVE-2019-11815 could lead to privilege escalation, it received a CVSS base score of 8.1.

Advertising 111

Advertising Cybersecurity Information Security Hacking 111

Schneier on Security

MAY 23, 2019

Summary : Thangrycat is caused by a series of hardware design flaws within Cisco's Trust Anchor module. First commercially introduced in 2013, Cisco Trust Anchor module (TAm) is a proprietary hardware security module used in a wide range of Cisco products, including enterprise routers, switches and firewalls. TAm is the root of trust that underpins all other Cisco security and trustworthy computing mechanisms in these devices.

System Administration 230

System Administration Software Firewall Engineering 230

Thales Cloud Protection & Licensing

MAY 24, 2019

It’s been one year since the European Union (EU) enforced the General Data Protection Regulation (GDPR) 1 , a legislation designed to protect the personal data of EU citizens and lay specific rules and guidelines on how their data is collected, stored, processed and deleted by various entities. GDPR requires that organizations must disclose to national Data Protection Agencies (DPAs) any breaches of security leading to “the accidental or unlawful destruction, loss, alteration, unauthorized discl

Data breaches 93

Data breaches Passwords Internet Internet 93

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

MAY 24, 2019

Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.

Insurance 94

Insurance Authentication 94

Security Affairs

MAY 18, 2019

Unistellar attackers have already wiped roughly 12,000 unsecured MongoDB databases exposed online over the past three. Every time hackers deleted a MongoDB database they left a message asking the administrators to contact them to restore the data. Unfortunately, the criminal practice of deleting MongoDB databases and request a ransom to restore data is common, experts observed several campaigns targeting unsecured archive exposed online.

Advertising 111

Advertising Cryptocurrency Cybersecurity Information Security 111

Schneier on Security

MAY 22, 2019

Yesterday, I visited the NSA. It was Cyber Command's birthday, but that's not why I was there. I visited as part of the Berklett Cybersecurity Project, run out of the Berkman Klein Center and funded by the Hewlett Foundation. (BERKman hewLETT -- get it? We have a web page , but it's badly out of date.). It was a full day of meetings, all unclassified but under the Chatham House Rule.

Cybersecurity 216

Cybersecurity 216

WIRED Threat Level

MAY 21, 2019

On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years.

Passwords 109

Passwords 109

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MAY 24, 2019

The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.

Cybercrime 98

Cybercrime 98

Security Affairs

MAY 24, 2019

Most of the digital certificates used to sign malware samples found on VirusTotal have been issued by the Certificate Authority (CA) Comodo CA. Most of the digital certificates used to sign malware samples found on VirusTotal in 2018 have been issued by the Certificate Authority (CA) Comodo CA (aka Sectigo ). Chronicle’s security researchers have analyzed submissions May 7, 2018, and May 7, 2019 discovering that out of a total of 3,815 signed malware samples, 1,775 were signed using a digital ce

Malware 110

Malware Advertising Accountability Cybersecurity 110

Schneier on Security

MAY 21, 2019

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all of this automatic. Meanwhile, Western countries have new laws and norms that put them at a disadvantage over other countries.

Technology 212

Technology Surveillance Internet Internet 212

Thales Cloud Protection & Licensing

MAY 21, 2019

Thales’s SafeNet Data Protection on Demand and SafeNet Trusted Access solutions have won the gold award in the Encryption and Identity and Access Management categories of the 2019 Cybersecurity Excellence Awards. As cloud services continue to be rapidly adopted by organizations, securing and controlling access to the data held there is paramount. In fact, with Gartner predicting that the majority of cloud security failures will be the fault of customers through to 2023, security teams are being

Encryption 88

Encryption Cybersecurity Data breaches 88

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

MAY 22, 2019

The zero trust model might be the answer to a world in which perimeters are made to be breached. Is it right for your organization?

105

105

Security Affairs

MAY 20, 2019

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. It is the first time that researchers found a Linux version of the backdoor user by China-linked APT groups tacked as Winnti.

Malware 111

Malware Advertising Hacking Cyber Attacks 111

Schneier on Security

MAY 24, 2019

Recently I've heard Edward Snowden talk about his working at the NSA in Hawaii as being "under a pineapple field." CBS News recently ran a segment on that NSA listening post on Oahu. Not a whole lot of actual information. "We're in office building, in a pineapple field, on Oahu." And part of it is underground -- we see a tunnel. We didn't get to see any pineapples, though.

209

209

WIRED Threat Level

MAY 19, 2019

Bluetooth and Bluetooth Low Energy are incredibly convenient—but increasingly at the center of a lot of security lapses.

Risk 102

Risk 102

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

MAY 24, 2019

The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.

Cybersecurity 103

Cybersecurity 103

Security Affairs

MAY 24, 2019

Getting your paycheck deposited directly into your bank account seems like a handy solution but in some cases. hackers can access them. Getting your paycheck deposited directly into your bank account seems like a handy solution because you don’t have to pick up the check from your workplace and take it to the bank to deposit it. It works well in many cases but is not immune to hackers.

Phishing 110

Phishing Accountability Banking Social Engineering 110

Schneier on Security

MAY 23, 2019

A German auction house is selling an SG-41. It looks beautiful. Starting price is 75,000 euros. My guess is that it will sell for around 100K euros.

Encryption 209

Encryption 209

Threatpost

MAY 22, 2019

Google said it had stored G Suite enterprise users' passwords in plain text since 2005 marking a giant security faux pas.

Passwords 98

Passwords 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity