Sat.May 25, 2019 - Fri.May 31, 2019

article thumbnail

Should Failing Phish Tests Be a Fireable Offense?

Krebs on Security

Would your average Internet user be any more vigilant against phishing scams if he or she faced the real possibility of losing their job after falling for one too many of these emails? Recently, I met someone at a conference who said his employer had in fact terminated employees for such repeated infractions. As this was the first time I’d ever heard of an organization actually doing this, I asked some phishing experts what they thought (spoiler alert: they’re not fans of this partic

Phishing 261
article thumbnail

Fraudulent Academic Papers

Schneier on Security

The term "fake news" has lost much of its meaning, but it describes a real and dangerous Internet trend. Because it's hard for many people to differentiate a real news site from a fraudulent one, they can be hoodwinked by fictitious news stories pretending to be real. The result is that otherwise reasonable people believe lies. The trends fostering fake news are more general, though, and we need to start thinking about how it could affect different areas of our lives.

Internet 231
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 140

Troy Hunt

I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been a hell of a lot going on, particularly around HIBP and I'll be talking a lot more about that in the weeks to come.

article thumbnail

GUEST ESSAY: Only cloud-based security can truly protect cloud-delivered web applications

The Last Watchdog

159
159
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

NY Investigates Exposure of 885 Million Mortgage Documents

Krebs on Security

New York regulators are investigating a weakness that exposed 885 million mortgage records at First American Financial Corp. [NYSE:FAF] as the first test of the state’s strict new cybersecurity regulation. That measure, which went into effect in March 2019 and is considered among the toughest in the nation, requires financial companies to regularly audit and report on how they protect sensitive data, and provides for fines in cases where violations were reckless or willful.

article thumbnail

The Human Cost of Cyberattacks

Schneier on Security

The International Committee of the Red Cross has just published a report: " The Potential Human Cost of Cyber-Operations." It's the result of an "ICRC Expert Meeting" from last year, but was published this week. Here's a shorter blog post if you don't want to read the whole thing. And [link] by one of the authors.

Malware 227

More Trending

article thumbnail

Weekly Update 141

Troy Hunt

Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home town conference (I can literally see my house from Scott's balcony). We're talking about the event, upcoming ones, Scott's Hack Yourself First UK tour, some funky default values in EV certs and then we head off down a rabbit hole of 2FA and people getting fired for failing simulated phishing tests.

Phishing 144
article thumbnail

Canada Uses Civil Anti-Spam Law in Bid to Fine Malware Purveyors

Krebs on Security

Canadian government regulators are using the country’s powerful new anti-spam law to pursue hefty fines of up to a million dollars against Canadian citizens suspected of helping to spread malicious software. In March 2019, the Canadian Radio-television and Telecommunications Commission (CRTC) — Canada’s equivalent of the U.S. Federal Communications Commission (FCC), executed a search warrant in tandem with the Royal Canadian Mounted Police (RCMP) at the home of a Toronto softwa

article thumbnail

First American Financial Corp. Data Records Leak

Schneier on Security

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and even internal corporate documents if you're a small business.

Insurance 226
article thumbnail

Polymorphic Warnings On My Mind

Adam Shostack

There’s a fascinating paper, “ Tuning Out Security Warnings: A Longitudinal Examination Of Habituation Through Fmri, Eye Tracking, And Field Experiments.” (It came out about a year ago.). The researchers examined what happens in people’s brains when they look at warnings, and they found that: Research in the fields of information systems and human-computer interaction has shown that habituation—decreased response to repeated stimulation—is a serious threat to the effectiv

Mobile 113
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Russian military plans to replace Windows with Astra Linux

Security Affairs

The Russian army seems to be in the process of replacing the Windows system with the Debian-based Linux distribution Astra Linux. Cyber security seems to subvert the globalization concept, governments are working to develop their own technology fearing possible espionage and sabotage activities of foreign states. The Russian military is in the process of replacing the Windows system with the Linux distribution Astra Linux.

article thumbnail

All the Ways Google Tracks You—And How to Stop It

WIRED Threat Level

Google knows more about you than you might think. Here's how to keep it from knowing your location, web browsing, and more.

111
111
article thumbnail

Alex Stamos on Content Moderation and Security

Schneier on Security

Really interesting talk by former Facebook CISO Alex Stamos about the problems inherent in content moderation by social media platforms. Well worth watching.

CISO 195
article thumbnail

8 Ways to Authenticate Without Passwords

Dark Reading

Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

VPNpro research: this Chinese-linked company secretly owns 10 VPNs with 86 million installs

Security Affairs

Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt. Recent research by the cybersecurity experts at VPNpro shows that the popular mobile VPN developer Innovative Connecting is actually a Chinese company that secretly owns 10 VPN products with a total of 86 million installs under its belt.

VPN 111
article thumbnail

4 Best Password Managers of 2019 (Paid, Family, and Free)

WIRED Threat Level

We've picked our favorite password managers for PC, Mac, Android, iPhone, and web browsers.

article thumbnail

POS Malware Found at 102 Checkers Restaurant Locations

Threatpost

One of the most popular U.S. drive-through restaurants has been hit with a data breach due to POS malware.

Malware 101
article thumbnail

Seven Microservices Identity Questions to Secure your Data

Thales Cloud Protection & Licensing

As I noted in my last blog post , containers, which are now pervasive in enterprises, are ephemeral, and microservices frameworks like Kubernetes treat them as such. Data security is a complex subject, and, unfortunately, microservices only add to the complexity. I frequently try to untangle the threads of knotty issues by asking questions. So, in this and my next few blogs, I will share some questions you might want to ask as you go about securing your data in a microservices environment.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

HiddenWasp, a sophisticated Linux malware borroes from Mirai and Azazel

Security Affairs

Security experts at Intezer have discovered a new Linux malware tracked as ‘HiddenWasp’ that borrows from Mirai, Azazel malicious codes. HiddenWasp is a new sophisticated Linux malware still undetected by the majority of anti-virus solutions. According to the experts at Intezer, the malware was involved in targeted attacks. . “Unlike common Linux malware, HiddenWasp is not focused on crypto-mining or DDoS activity.

Malware 111
article thumbnail

How to Spring Clean Your Digital Clutter to Protect Yourself

WIRED Threat Level

You don't have to get your hands dirty to do the most important spring cleaning of the year.

105
105
article thumbnail

New Linux Malware ‘HiddenWasp’ Borrows from Mirai, Azazel

Threatpost

HiddenWasp is unique for Linux-based malware in that it targets systems to remotely control them.

Malware 98
article thumbnail

Cybercrime: Looking Beyond the Dark Web

Dark Reading

Fighting cybercrime requires visibility into much more than just the Dark Web. Here's where to look and a glimpse of what you'll find.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Google white hat hacker found code execution flaw in Notepad

Security Affairs

The popular white hat hacker Tavis Ormandy has announced the discovery of a code execution vulnerability in Microsoft’s Notepad text editor. The Google Project Zero researcher Tavis Ormandy announced the discovery of a code execution flaw in Microsoft’s Notepad text editor. Am I the first person to pop a shell in notepad? … believe it or not, It's a real bug!

article thumbnail

Microsoft's BlueKeep Bug Isn't Getting Patched Fast Enough

WIRED Threat Level

At this rate, it will take years to fix a critical vulnerability that remains in over 900,000 Windows machines. A worm will arrive much sooner.

Hacking 98
article thumbnail

Researcher Exploits Microsoft’s Notepad to ‘Pop a Shell’

Threatpost

Google Project Zero researcher unearths a bug in Microsoft’s Notepad Windows application.

Hacking 96
article thumbnail

Impersonation Attacks Up 67% for Corporate Inboxes

Dark Reading

Nearly three-quarters of organizations hit with impersonation attacks experienced direct losses of money, customers, and data.

93
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Using Public Wi-Fi? Your data can be hacked easily! Here’s How…

Security Affairs

Public Wi-Fi is easily accessible by everyone, as much as free surfing sounds cool, it is risky as well. Let’s see how your data can be hacked easily. In the contemporary world of networking, Wi-Fi has become a vital commodity. Wi-Fi are now installed in each and every place regardless of the size of the place; from international airports to small kiosks, you can find an internet connection everywhere.

Hacking 111
article thumbnail

Facebook Removes a Fresh Batch of Iran-Linked Fake Accounts

WIRED Threat Level

Outside researchers tipped Facebook off that a social media network was pushing Iranian interests, posing as journalists, and even impersonating politicians.

article thumbnail

Gen Z Interns and Social Media: A Perfect Security Storm

Threatpost

A lack of security training for interns, and their obsession with sharing content on social media, could lead to a perfect storm for hackers looking to collect social engineering data.

Media 87
article thumbnail

WannaCry Lives On in 145K Infected Devices

Dark Reading

Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!