Krebs on Security

MARCH 21, 2019

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have abused access to this data. Facebook is probing the causes of a series of security failures in which employees built applications that logged unencrypted password data for Facebook users and stored it

Passwords 56

Passwords Engineering Accountability Advertising 56

Schneier on Security

MARCH 20, 2019

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage : "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software.". That didn't just mean people couldn't get cars they reserved. Sometimes is meant they couldn't get the cars they were already driving to work: Andrew Jones of Roxbury was stuck on hold with customer service for at least a half-hour while he and

Telecommunications 274

Telecommunications Software 274

The Last Watchdog

MARCH 21, 2019

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

Surveillance 230

Surveillance Telecommunications VPN Government 230

Adam Levin

MARCH 19, 2019

A health company’s unprotected server exposed over six million health records in the last 12 months. Meditlab, an electronic medical record company, left a server for electronic faxes completely unprotected since bringing it online in March 2018. This meant that any information transmitted between medical offices, including records, doctor’s notes, prescriptions, and patient names, addresses, health insurance information and Social Security numbers were accessible to outside parties.

Insurance 193

Insurance Government Engineering Cybersecurity 193

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MARCH 17, 2019

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Accountability 264

Accountability Passwords Mobile Banking 264

Schneier on Security

MARCH 21, 2019

The Daily Beast is reporting that First Look Media -- home of The Intercept and Glenn Greenwald -- is shutting down access to the Snowden archives. The Intercept was the home for Greenwald's subset of Snowden's NSA documents since 2014, after he parted ways with the Guardian the year before. I don't know the details of how the archive was stored, but it was offline and well secured -- and it was available to journalists for research purposes.

Media 251

Media 251

Adam Levin

MARCH 18, 2019

Employment fraud is currently the most prevalent scam targeting consumers, according to Better Business Bureau report. The scams primarily target job-seekers with promises of great job opportunities and high pay. One victim in Montana was approached by what appeared to be a courier service offering him more than $70,000 per year to purchase and ship consumer electronics.

Scams 167

Scams Banking Accountability Cybersecurity 167

Troy Hunt

MARCH 17, 2019

Well that was a hell of a week of travel. Seriously, the Denver situation was just an absolute mess but when looking at the video from the day I was meant to fly in, maybe being stuck in LA wasn't such a bad thing after all: As of 1:30 p.m., all runways are closed, but the terminal & concourses are open. Airlines have cancelled flights for early afternoon/evening.

Data breaches 154

Data breaches Passwords 154

Schneier on Security

MARCH 20, 2019

Andrew Odlyzko's new essay is worth reading -- " Cybersecurity is not very important ": Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure. Yet the world is doing remarkably well overall, and has not suffered any of the oft-threatened giant digital catastrophes.

Cybersecurity 246

Cybersecurity 246

The Last Watchdog

MARCH 19, 2019

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

Big data 157

Big data Internet Internet IoT 157

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Levin

MARCH 21, 2019

The U.S. Department of Homeland Security issued an emergency directive in January 2019 giving government agencies ten days to verify that they weren’t compromised by DNS hijacking. A few days later, the Internet Corporation for Assigned Names and Numbers ( ICANN ), the organization responsible for governing large parts of the internet, issued a bleak warning urging businesses to do the same, and to enact stronger security measures.

DNS 141

DNS Government Internet Internet 141

Adam Shostack

MARCH 22, 2019

“ Cybersecurity is not very important ” is a new paper by the very smart Andrew Odlyzko. I do not agree with everything he says, but it’s worth reading and pondering if and why you disagree with it. I think I agree with it more than I disagree.

Cybersecurity 113

Cybersecurity 113

Schneier on Security

MARCH 22, 2019

GCHQ has put simulators for the Enigma, Typex, and Bombe on the Internet. News article.

Internet 225

Internet Internet Encryption 225

The Last Watchdog

MARCH 18, 2019

The conundrum companies face with the Bring Your Own Device phenomenon really has not changed much since iPhones and Androids first captured our hearts, minds and souls a decade ago. Related: Malvertising threat lurks in all browsers. People demand the latest, greatest mobile devices, both to be productive and to stay connected to their personal lives.

Mobile 31

Mobile Risk Technology Passwords 31

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

MARCH 22, 2019

Special counsel Robert Mueller finished his investigation into the 2016 presidential election Friday.

111

111

Security Affairs

MARCH 21, 2019

News problems for Facebook that admitted to have stored the passwords of hundreds of millions of users in plain text. Facebook revealed to have stored the passwords of hundreds of millions of users in plain text, including passwords of Facebook Lite, Facebook, and Instagram users. “As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems.” reads the announcement published by Face

Passwords 22

Passwords Advertising Accountability Password Management 22

Schneier on Security

MARCH 18, 2019

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed : they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the required entropy. This really isn't a security problem; the serial numbers are to protect against attacks that involve weak hash functions, and we don't allow those weak hash functions anymore.

Software 199

Software Authentication Encryption 199

The Last Watchdog

MARCH 20, 2019

Y2Q. Years-to-quantum. We’re 10 to 15 years from the arrival of quantum computers capable of solving complex problems far beyond the capacity of classical computers to solve. PQC. Post-quantum-cryptography. Right now, the race is on to revamp classical encryption in preparation for the coming of quantum computers. Our smart homes, smart workplaces and smart transportation systems must be able to withstand the threat of quantum computers.

Encryption 153

Encryption Cybersecurity Digital transformation IoT 153

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

MARCH 22, 2019

The Homeland Security Department inspector general released a damning report about FEMA's inability to safeguard the personal info of the people it helped.

Hacking 111

Hacking 111

Security Affairs

MARCH 21, 2019

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

Authentication 112

Authentication Advertising Engineering Firewall 112

Schneier on Security

MARCH 19, 2019

Good article on the Triton malware which targets industrial control systems.

Malware 188

Malware Cybersecurity 188

The Last Watchdog

MARCH 19, 2019

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times. Related: Shrinking to human attack vector. Gaining access to your property can provide criminals with the ability not only to steal physical items from your premises, but also to potentially infect computers

Surveillance 124

Surveillance Penetration Testing Malware Hacking 124

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

MARCH 21, 2019

Facebook has disclosed that it stored hundreds of millions of user passwords in plaintext, where employees could search them.

Passwords 112

Passwords 112

Security Affairs

MARCH 20, 2019

Security experts at Check Point uncovered a sophisticated malware campaign spreading the SimBad malicious code through the official Google Play Store. Researchers at Check Point have uncovered a sophisticated malware campaign spreading the SimBad agent through the official Google Play Store. According to experts, more than 150 million users were already impacted.

Malware 111

Malware Advertising Phishing Scams 111

Threatpost

MARCH 21, 2019

On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.

Hacking 101

Hacking 101

The Last Watchdog

MARCH 22, 2019

Malvertising is rearing its ugly head – yet again. Malicious online ads have surged and retreated in cycles since the earliest days of the Internet. Remember when infectious banner ads and viral toolbars cluttered early browsers? Related: Web application exposures redouble. Historically, with each iteration of malicious ads, the online advertising industry, led by Google, has fought back, and kept this scourge at a publicly acceptable level.

Advertising 113

Advertising Retail Antivirus eCommerce 113

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

MARCH 16, 2019

Fraudulent and ineffective antivirus apps persist on the Google Play Store, and it's unclear whether they'll ever totally go away.

Antivirus 111

Antivirus 111

Security Affairs

MARCH 20, 2019

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers. Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges. The flaws are caused by the lack of necessary checks when handling specific requests.

Advertising 111

Advertising Risk Hacking 111

Adam Shostack

MARCH 19, 2019

RSA has posted a video of my talk, “Threat Modeling in 2019”

100

100

Dark Reading

MARCH 19, 2019

Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.

Software 94

Software 94

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity