Schneier on Security

MARCH 20, 2019

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage : "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software.". That didn't just mean people couldn't get cars they reserved. Sometimes is meant they couldn't get the cars they were already driving to work: Andrew Jones of Roxbury was stuck on hold with customer service for at least a half-hour while he and

Telecommunications 267

Telecommunications Software 267

Krebs on Security

MARCH 17, 2019

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Accountability 262

Accountability Passwords Mobile Banking 262

The Last Watchdog

MARCH 21, 2019

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

Surveillance 230

Surveillance Telecommunications VPN Government 230

Adam Levin

MARCH 19, 2019

A health company’s unprotected server exposed over six million health records in the last 12 months. Meditlab, an electronic medical record company, left a server for electronic faxes completely unprotected since bringing it online in March 2018. This meant that any information transmitted between medical offices, including records, doctor’s notes, prescriptions, and patient names, addresses, health insurance information and Social Security numbers were accessible to outside parties.

Insurance 193

Insurance Government Engineering Cybersecurity 193

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MARCH 21, 2019

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. I don't know the details of how the archive was stored, but it was offline and well secured -- and it was available to journalists for research purposes.

Media 244

Media 244

Troy Hunt

MARCH 17, 2019

Well that was a hell of a week of travel. Seriously, the Denver situation was just an absolute mess but when looking at the video from the day I was meant to fly in, maybe being stuck in LA wasn't such a bad thing after all: As of 1:30 p.m., all runways are closed, but the terminal & concourses are open. Airlines have cancelled flights for early afternoon/evening.

Data breaches 138

Data breaches Passwords 138

Adam Levin

MARCH 18, 2019

Employment fraud is currently the most prevalent scam targeting consumers, according to Better Business Bureau report. The scams primarily target job-seekers with promises of great job opportunities and high pay. One victim in Montana was approached by what appeared to be a courier service offering him more than $70,000 per year to purchase and ship consumer electronics.

Scams 167

Scams Banking Accountability Cybersecurity 167

Schneier on Security

MARCH 20, 2019

Andrew Odlyzko's new essay is worth reading -- " Cybersecurity is not very important ": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure. Yet the world is doing remarkably well overall, and has not suffered any of the oft-threatened giant digital catastrophes.

Cybersecurity 239

Cybersecurity 239

Adam Shostack

MARCH 22, 2019

“ Cybersecurity is not very important ” is a new paper by the very smart Andrew Odlyzko. I do not agree with everything he says, but it’s worth reading and pondering if and why you disagree with it. I think I agree with it more than I disagree.

Cybersecurity 113

Cybersecurity 113

The Last Watchdog

MARCH 19, 2019

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Big data 157

Big data Internet Internet IoT 157

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

MARCH 21, 2019

The U.S. Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. A few days later, the Internet Corporation for Assigned Names and Numbers ( ICANN ), the organization responsible for governing large parts of the internet, issued a bleak warning urging businesses to do the same, and to enact stronger security measures.

DNS 141

DNS Government Internet Internet 141

Schneier on Security

MARCH 18, 2019

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed : they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the required entropy. This really isn't a security problem; the serial numbers are to protect against attacks that involve weak hash functions, and we don't allow those weak hash functions anymore.

Software 197

Software Authentication Encryption 197

Adam Shostack

MARCH 18, 2019

I’ve signed on to Access Now’s letter to the Indian Ministry of Electronics and Information Technology, asking the Government of India to withdraw the draft amendments proposed to the Information Technology (Intermediary Guidelines) Rules. As they say in their press release : Today’s letter, signed by an international coalition of 31 organizations and individuals, explains how the proposed amendments threaten fundamental rights and the space for a free internet, while not addressing

Technology 100

Technology Internet Internet Government 100

The Last Watchdog

MARCH 20, 2019

Y2Q. Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. PQC. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Encryption 153

Encryption Cybersecurity Digital transformation IoT 153

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

MARCH 21, 2019

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

Authentication 111

Authentication Advertising Engineering Firewall 111

Schneier on Security

MARCH 22, 2019

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article.

Internet 220

Internet Internet Encryption 220

WIRED Threat Level

MARCH 22, 2019

The Homeland Security Department inspector general released a damning report about FEMA's inability to safeguard the personal info of the people it helped.

Hacking 106

Hacking 106

The Last Watchdog

MARCH 19, 2019

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times. Related: Shrinking to human attack vector. Gaining access to your property can provide criminals with the ability not only to steal physical items from your premises, but also to potentially infect computers

Surveillance 124

Surveillance Penetration Testing Malware Hacking 124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

MARCH 17, 2019

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Experts at Proofpoint conducted an interesting study of massive attacks against accounts of major cloud services, The experts noticed that attackers leverage legacy protocols and credential dumps to increase the e

Accountability 112

Accountability Phishing Authentication Passwords 112

Schneier on Security

MARCH 19, 2019

Good article on the Triton malware which targets industrial control systems.

Malware 181

Malware Cybersecurity 181

WIRED Threat Level

MARCH 21, 2019

Facebook has disclosed that it stored hundreds of millions of user passwords in plaintext, where employees could search them.

Passwords 111

Passwords 111

The Last Watchdog

MARCH 22, 2019

Malvertising is rearing its ugly head – yet again. Malicious online ads have surged and retreated in cycles since the earliest days of the Internet. Remember when infectious banner ads and viral toolbars cluttered early browsers? Related: Web application exposures redouble. Historically, with each iteration of malicious ads, the online advertising industry, led by Google, has fought back, and kept this scourge at a publicly acceptable level.

Advertising 113

Advertising Retail Antivirus eCommerce 113

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

MARCH 20, 2019

Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store. According to experts, more than 150 million users were already impacted.

Malware 111

Malware Advertising Phishing Scams 111

Dark Reading

MARCH 19, 2019

Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.

Scams 92

Scams Mobile 92

Adam Shostack

MARCH 19, 2019

RSA has posted a video of my talk, “Threat Modeling in 2019”

100

100

Threatpost

MARCH 21, 2019

The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.

Passwords 91

Passwords Media 91

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

MARCH 21, 2019

LockerGoga is the most active ransomware, experts warns it focuses on targeting companies and bypass AV signature-based detection. LockerGoga ransomware is a crypto-malware that loads the malicious file on the system from an infected email attachment. This threat is very critical these days, and it is the most active ransomware that focuses on targeting companies.

Ransomware 110

Ransomware Encryption Malware Antivirus 110

WIRED Threat Level

MARCH 16, 2019

Fraudulent and ineffective antivirus apps persist on the Google Play Store, and it's unclear whether they'll ever totally go away.

Antivirus 98

Antivirus 98

Dark Reading

MARCH 18, 2019

The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.

IoT 80

IoT Government Technology 80

Thales Cloud Protection & Licensing

MARCH 22, 2019

World Water Day is a UN initiative celebrated every March 22. It honors water and focuses on those deprived of it. The occasion is a persuasive aide-memoire to the human world to deal with the global water crisis. Population growth has increased the demand for water, and water management organizations are driven to conserve and manage this essential resource.

Digital transformation 75

Digital transformation Cybersecurity Cyber Attacks Technology 75

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity