Krebs on Security

JUNE 4, 2019

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Insurance 265

Insurance Banking Accountability Data privacy 265

Schneier on Security

JUNE 7, 2019

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb" mode. It also sends a quick text to a predetermined contact to tell them you've been pulled over, and it starts recording using the iPhone's front-facing camera.

243

243

The Last Watchdog

JUNE 4, 2019

There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems

Cybersecurity 193

Cybersecurity Computers and Electronics Technology Marketing 193

Troy Hunt

JUNE 7, 2019

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved ????

Data breaches 174

Data breaches 174

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JUNE 3, 2019

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “ Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “ Eternal Blue ,” a hacking tool developed by the U.S.

Ransomware 210

Ransomware Accountability Malware Government 210

Schneier on Security

JUNE 6, 2019

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system : Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac.

Hacking 225

Hacking Government 225

Adam Shostack

JUNE 6, 2019

New at Dark Reading, my When Security Goes Off the Rails , Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis. (As I watch the competing stories, “ Baltimore City leaders blame NSA for ransomware attack. ,” and “ N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says ,” I’d like to see an investigations capability that can give us facts.).

Ransomware 113

Ransomware 113

Elie

JUNE 7, 2019

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences.

107

107

Schneier on Security

JUNE 4, 2019

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud.The use of social networks has become extremely widespread.

Cybercrime 216

Cybercrime Scams Cryptocurrency Antivirus 216

Adam Levin

JUNE 3, 2019

Quest Diagnostics, a leading American clinical laboratory company, announced today that 11.9 million patients may have been compromised in a vendor-related incident. A statement released by Quest revealed that an “unauthorized user” had gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor subcontracted by a Quest contractor called Optum360.

Big data 125

Big data Data breaches 125

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JUNE 7, 2019

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account. The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank.

Cybersecurity 111

Cybersecurity Scams Banking Accountability 111

Thales Cloud Protection & Licensing

JUNE 4, 2019

On May 25, the European Union celebrated the first anniversary of the enforcement of the General Data Protection Regulation (GDPR) , the most important change in data privacy regulations in the last decade, designed to restructure the way in which personal data is handled across every sector (public or private) and every industry. Now that one year has passed since the GDPR came into effect, we’ve had a lot of questions arising such as how are companies managing the adoption of the new stricter

Data privacy 102

Data privacy Artificial Intelligence Data breaches Technology 102

Schneier on Security

JUNE 6, 2019

Today is the second day of the twelfth Workshop on Security and Human Behavior , which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philoso

207

207

Adam Levin

JUNE 3, 2019

HBO’s hit series Game of Thrones is now history, but it will live on in the hearts, minds and social media interactions of its followers for some time to come. Before now the only thing GoT fans wanted besides a juicy spoiler was to know who would take the Iron Throne. How it all ended was something hackers spent significant time and effort trying to find out.

Data breaches 119

Data breaches Marketing Firewall Hacking 119

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JUNE 2, 2019

The popular privacy-focused email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement. The popular privacy-focused email service ProtonMail made the headlines because it has been accused of supporting real-time surveillance carried out by law enforcement. On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swi

Government 111

Government Surveillance Telecommunications Advertising 111

Thales Cloud Protection & Licensing

JUNE 6, 2019

Warning: Spoilers Ahead. As Game of Thrones fans sift through emotional ashes left behind after the final fiery episode, conjecture and lamentation over what happened and why has dominated pop culture conversations. Debate among ardent fans will likely continue well into the future, but a couple of things are certain: even though the Iron Throne is now toast, there are many takeaways the cybersecurity industry can draw from based on this eight-year dynastic series.

Cybersecurity 97

Cybersecurity Digital transformation Threat Reports Data breaches 97

Schneier on Security

JUNE 5, 2019

Really interesting first-hand experience from Maciej Ceg?owski.

Risk 206

Risk 206

WIRED Threat Level

JUNE 5, 2019

Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple.

110

110

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JUNE 7, 2019

A new botnet tracked as GoldBrute is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. A new botnet tracked as GoldBrute has appeared in the threat landscape, it is scanning the web for Windows machines with Remote Desktop Protocol (RDP) connection enabled. The botnet is currently targeting over 1.5 million unique endpoints online, it is used to brute-force RDP connections or to carry out credential stuffing attacks. “This botnet is currently brut

Passwords 106

Passwords Advertising Internet Internet 106

Dark Reading

JUNE 4, 2019

Employers can solve the skills gap by first recognizing that there isn't an archetypal "cybersecurity job" in the same way that there isn't an archetypal "automotive job." Here's how.

Cybersecurity 85

Cybersecurity 85

eSecurity Planet

JUNE 4, 2019

User and entity behavior analytics uses machine learning to protect against insider threats and external attacks. We analyze the top UEBA products.

92

92

WIRED Threat Level

JUNE 7, 2019

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it.

Internet 105

Internet Internet 105

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JUNE 2, 2019

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and private businesses.

Malware 111

Malware Advertising Software Hacking 111

Dark Reading

JUNE 5, 2019

LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.

Healthcare 83

Healthcare Accountability 83

eSecurity Planet

JUNE 3, 2019

Email users continue to be one of the easiest marks for cybercriminals, according to the latest cybersecurity research.

Cybersecurity 101

Cybersecurity 101

WIRED Threat Level

JUNE 2, 2019

Today's cybersecurity superstars share a common thread—one that leads back to early hacking group Cult of the Dead Cow.

Hacking 109

Hacking Cybersecurity 109

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

JUNE 1, 2019

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that use of Shodan to find other vulnerable installs and compromise them.

Hacking 110

Hacking Cryptocurrency Advertising Accountability 110

Dark Reading

JUNE 3, 2019

Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.

Accountability 82

Accountability Ransomware 82

Threatpost

JUNE 3, 2019

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.

Hacking 98

Hacking 98

WIRED Threat Level

JUNE 2, 2019

A researcher found the 20-year-old flaw by drawing on tricks from a childhood spent tinkering with his parents’ Mac Performa.

Hacking 90

Hacking 90

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity