Sat.Jun 01, 2019 - Fri.Jun 07, 2019

article thumbnail

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Krebs on Security

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments Web site exposed personal, financial and medical data on nearly 12 million Quest patients.

Insurance 272
article thumbnail

iOS Shortcut for Recording the Police

Schneier on Security

" Hey Siri; I'm getting pulled over " can be a shortcut: Once the shortcut is installed and configured , you just have to say, for example, "Hey Siri, I'm getting pulled over." Then the program pauses music you may be playing, turns down the brightness on the iPhone, and turns on "do not disturb" mode. It also sends a quick text to a predetermined contact to tell them you've been pulled over, and it starts recording using the iPhone's front-facing camera.

250
250
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

There’s oil in the state of Maryland – “cyber oil.” With the largest concentration of cybersecurity expertise –– the “oil” — in the world, Maryland is fast changing from the Old Line State into “Cybersecurity Valley.” Related: Port Covington cyber hub project gets underway That’s because Maryland is home to more than 40 government agencies with extensive cyber programs, including the National Security Agency, National Institute of Standards and Technology, Defense Information Systems

article thumbnail

Weekly Update 142

Troy Hunt

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting: It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really great guy. Congrats Troy, so well deserved ????

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “ Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “ Eternal Blue ,” a hacking tool developed by the U.S.

article thumbnail

Chinese Military Wants to Develop Custom OS

Schneier on Security

Citing security concerns, the Chinese military wants to replace Windows with its own custom operating system : Thanks to the Snowden, Shadow Brokers, and Vault7 leaks, Beijing officials are well aware of the US' hefty arsenal of hacking tools, available for anything from smart TVs to Linux servers, and from routers to common desktop operating systems, such as Windows and Mac.

Hacking 231

More Trending

article thumbnail

When security goes off the rails

Adam Shostack

New at Dark Reading, my When Security Goes Off the Rails , Cyber can learn a lot from the highly regulated world of rail travel. The most important lesson: the value of impartial analysis. (As I watch the competing stories, “ Baltimore City leaders blame NSA for ransomware attack. ,” and “ N.S.A. Denies Its Cyberweapon Was Used in Baltimore Attack, Congressman Says ,” I’d like to see an investigations capability that can give us facts.).

article thumbnail

Fort Worth IT Professionals Fired for Reporting Cybersecurity Issues: What We Know

Security Affairs

In October 2017, the city of Fort Worth, Texas became the target of a phishing scam. Their accounts payable department received an email that appeared to be from Imperial Construction, a company that was doing business with the city at the time. The sender of the email, later identified as Gbenga A. Fadipe, requested a change of account. The scam email prompted the department to change an electronic deposit from Plains Capital Bank to a different account with Chase Bank.

article thumbnail

The Cost of Cybercrime

Schneier on Security

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone replacing the PC and laptop as the consumer terminal of choice, with Android replacing Windows, and with many services moving to the cloud.The use of social networks has become extremely widespread.

article thumbnail

Quest Diagnostics Highlights Vendor Vulnerability

Adam Levin

Quest Diagnostics, a leading American clinical laboratory company, announced today that 11.9 million patients may have been compromised in a vendor-related incident. A statement released by Quest revealed that an “unauthorized user” had gained access to a system used by American Medical Collection Agency (AMCA), a billing vendor subcontracted by a Quest contractor called Optum360.

Big data 125
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How a Google Cloud Catch-22 Broke the Internet

WIRED Threat Level

A Google Cloud outage that knocked huge portions of the internet offline also blocked access to the tools Google needed to fix it.

Internet 111
article thumbnail

6 Security Scams Set to Sweep This Summer

Dark Reading

Experts share the cybersecurity threats to watch for and advice to stay protected.

Scams 111
article thumbnail

Security and Human Behavior (SHB) 2019

Schneier on Security

Today is the second day of the twelfth Workshop on Security and Human Behavior , which I am hosting at Harvard University. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, criminologists, neuroscientists, designers, lawyers, philoso

210
210
article thumbnail

What Game of Thrones Can Teach You About Data Breaches

Adam Levin

HBO’s hit series Game of Thrones is now history, but it will live on in the hearts, minds and social media interactions of its followers for some time to come. Before now the only thing GoT fans wanted besides a juicy spoiler was to know who would take the Iron Throne. How it all ended was something hackers spent significant time and effort trying to find out.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Apple's 'Find My' Feature Uses Some Clever Cryptography

WIRED Threat Level

Apple says an elaborate rotating key scheme will soon let you track down your stolen laptop, but not let anyone track you. Not even Apple.

111
111
article thumbnail

Expert developed a MetaSploit module for the BlueKeep flaw

Security Affairs

A security expert has developed a Metasploit module to exploit the critical BlueKeep vulnerability and get remote code execution. The security researcher Z??osum0x0 has developed a module for the popular Metasploit penetration testing framework to exploit the critical BlueKeep flaw. The vulnerability , tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft with May 2019 Patch Tuesday updates.

article thumbnail

Lessons Learned Trying to Secure Congressional Campaigns

Schneier on Security

Really interesting first-hand experience from Maciej Ceg?owski.

Risk 209
article thumbnail

Understanding the online safety and privacy challenges faced by South Asian women

Elie

For South Asian women, a major hurdle to their meaningful participation online is their ability to ensure their safety. This post illustrates this challenge by recounting the safety and privacy challenges faced by women across India, Pakistan, and Bangladesh, who talked to us about their online experiences.

107
107
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Much @Stake: The Band of Hackers That Defined an Era

WIRED Threat Level

Today's cybersecurity superstars share a common thread—one that leads back to early hacking group Cult of the Dead Cow.

Hacking 111
article thumbnail

ESET analyzes Turla APT’s usage of weaponized PowerShell

Security Affairs

Turla, the Russia-linked cyberespionage group, is weaponizing PowerShell scripts and is using them in attacks against EU diplomats. Turla (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ), the Russia-linked APT group, is using weaponized PowerShell scripts in attacks aimed at EU diplomats. Turla group has been active since at least 2007 targeting government organizations and private businesses.

Malware 111
article thumbnail

GDPR One Year Anniversary: What We’ve Learned So Far

Thales Cloud Protection & Licensing

On May 25, the European Union celebrated the first anniversary of the enforcement of the General Data Protection Regulation (GDPR) , the most important change in data privacy regulations in the last decade, designed to restructure the way in which personal data is handled across every sector (public or private) and every industry. Now that one year has passed since the GDPR came into effect, we’ve had a lot of questions arising such as how are companies managing the adoption of the new stricter

article thumbnail

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

Threatpost

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Majove, despite mitigations.

Hacking 98
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Election Security Is Still Hurting at Every Level

WIRED Threat Level

With the 2020 election fast approaching, too many problems from 2016 persist.

111
111
article thumbnail

ProtonMail denies that it spies on users for government agencies

Security Affairs

The popular privacy-focused email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement. The popular privacy-focused email service ProtonMail made the headlines because it has been accused of supporting real-time surveillance carried out by law enforcement. On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swi

article thumbnail

Game of Threats: What the Cybersecurity Industry Can Take Away from Game of Thrones

Thales Cloud Protection & Licensing

Warning: Spoilers Ahead. As Game of Thrones fans sift through emotional ashes left behind after the final fiery episode, conjecture and lamentation over what happened and why has dominated pop culture conversations. Debate among ardent fans will likely continue well into the future, but a couple of things are certain: even though the Iron Throne is now toast, there are many takeaways the cybersecurity industry can draw from based on this eight-year dynastic series.

article thumbnail

Adware Hidden in Android Apps Downloaded More Than 440 Million Times

Dark Reading

The heavily obfuscated adware was found in 238 different apps on Google Play.

Adware 97
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Apple Just Patched a Modem Bug That's Been in Macs Since 1999

WIRED Threat Level

A researcher found the 20-year-old flaw by drawing on tricks from a childhood spent tinkering with his parents’ Mac Performa.

Hacking 109
article thumbnail

Cryptojacking campaign uses Shodan to scan for Docker hosts to hack

Security Affairs

A new cryptojacking campaign was spotted by experts at Trend Micro, crooks are using Shodan to scan for Docker hosts with exposed APIs. Threat actors are using the popular Shodan search engine to find Docker hosts and abuse them in a crypojacking campaign. Attackers leverage self-propagating Docker images infected with Monero miners and scripts that use of Shodan to find other vulnerable installs and compromise them.

Hacking 111
article thumbnail

Email Still a Major Attack Vector: Security Research

eSecurity Planet

Email users continue to be one of the easiest marks for cybercriminals, according to the latest cybersecurity research.

article thumbnail

Dark Web Becomes a Haven for Targeted Hits

Dark Reading

Malware on the Dark Web is increasingly being customized to target specific organizations and executives.

Malware 94
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!