Sat.Mar 09, 2019 - Fri.Mar 15, 2019

article thumbnail

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse. “Cookie walls don't comply with GDPR, says Dutch DPA”: [link] — Troy Hunt (@troyhunt) March 8, 2019.

Banking 246
article thumbnail

DARPA Is Developing an Open-Source Voting System

Schneier on Security

This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking. The first-of-its-kind system will be designed by an Oregon-based firm called Galois, a longtime government contractor with experience in designing secure and verifiable systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Insert Skimmer + Camera Cover PIN Stealer

Krebs on Security

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs. These little video bandits can be hidden 100 different ways, but they’re frequently disguised as ATM security features — such as an extra PIN pad privacy cover, or an all-in-one skimmer over the green flashing card acceptance slot at the ATM.

Banking 231
article thumbnail

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month. “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords.

Hacking 202
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely. In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services.

Internet 189
article thumbnail

Critical Flaw in Swiss Internet Voting System

Schneier on Security

Researchers have found a critical flaw in the Swiss Internet voting system. I was going to write an essay about how this demonstrates that Internet voting is a stupid idea and should never be attempted -- and that this system in particular should never be deployed, even if the found flaw is fixed -- but Cory Doctorow beat me to it : The belief that companies can be trusted with this power defies all logic, but it persists.

Internet 242

More Trending

article thumbnail

IoT Cybersecurity Bill Proposed to Congress

Adam Levin

Congress proposed a bill to improve the security of internet-enabled devices called the Internet of Things (IoT) Cybersecurity Improvement Act of 2019. The bipartisan legislation is aimed at establishing standards for any internet-connected device acquired by or used by an employee of the federal government. IoT devices have long been a weak point in the cybersecurity of agencies and organizations and have also been a favorite target for hackers, despite their continuous market growth.

IoT 167
article thumbnail

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

article thumbnail

Judging Facebook's Privacy Shift

Schneier on Security

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions. And on Wednesday, Mark Zuckerberg wrote that the company will pivot to focus on private conversations over the public sharing that has long defined the platform, even while conceding that "frankly we don't currently have a strong reputation for building privacy protective services.".

article thumbnail

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on. Malware or bad guys can remotely exploit roughly one-quarter of the flaws fixed in today’s patch batch without any help from users.

Internet 197
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Happy Pi Day!

Adam Shostack

There’s only a few times to use a pie chart, but to help you celebrate, there’s how to keep track of your intake:

113
113
article thumbnail

NEW TECH: CyberGRX seeks to streamline morass of third-party cyber risk assessments

The Last Watchdog

When Target fired both its CEO and CIO in 2014, it was a wake-up call for senior management. The firings came as a result of a massive data breach which routed through an HVAC contractor’s compromised account. C-suite execs across the land suddenly realized something similar could happen to them. So they began inundating their third-party suppliers with “bespoke assessments” – customized cyber risk audits that were time consuming and redundant.

article thumbnail

On Surveillance in the Workplace

Schneier on Security

Data & Society just published a report entitled " Workplace Monitoring & Surveillance ": This explainer highlights four broad trends in employee monitoring and surveillance technologies: Prediction and flagging tools that aim to predict characteristics or behaviors of employees or that are designed to identify or deter perceived rule-breaking or fraud.

article thumbnail

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

One of the zero-day flaws ( CVE-2019-0797 ) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups. This week, Microsoft released Patch Tuesday security updates for March 2019 that address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

A Seat At The Table (AppSecCali)

Adam Shostack

The fine folks at AppSecCali have posted videos , including my talks, A Seat At The Table, and Game On! Adding Privacy to Threat Modeling – Adam Shostack & Mark Vinkovits.

article thumbnail

MY TAKE: Microsoft’s Active Directory lurks as a hackers’ gateway in enterprise networks

The Last Watchdog

Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side. Related: The case for ‘zero-trust’ authentication. Employees are given credentials that allow them authorized access to corporate networks and databases.

article thumbnail

Russia Is Testing Online Voting

Schneier on Security

This is a bad idea : A second innovation will allow "electronic absentee voting" within voters' home precincts. In other words, Russia is set to introduce its first online voting system. The system will be tested in a Moscow neighborhood that will elect a single member to the capital's city council in September. The details of how the experiment will work are not yet known; the State Duma's proposal on Internet voting does not include logistical specifics.

article thumbnail

Severe RCE vulnerability affected popular StackStorm Automation Software

Security Affairs

The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm. According to the expert, the flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks, to perform some operations on large-scale ser

Software 112
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Facebook’s Privacy Constitution

Adam Shostack

Bruce Schneier and I wrote an article on Facebook’s privacy changes: “ A New Privacy Constitution for Facebook.

113
113
article thumbnail

New Film Shows How Bellingcat Cracks the Web's Toughest Cases

WIRED Threat Level

*Truth in a Post Truth World* takes a closer look at a team of remarkably resourceful investigative journalists.

111
111
article thumbnail

I Was Cited in a Court Decision

Schneier on Security

An article I co-wrote -- my first law journal article -- was cited by the Massachusetts Supreme Judicial Court -- the state supreme court -- in a case on compelled decryption. Here's the first, in footnote 1: We understand the word "password" to be synonymous with other terms that cell phone users may be familiar with, such as Personal Identification Number or "passcode.

article thumbnail

Mysterious open database included ‘BreedReady’ status for 1.8 Million Women

Security Affairs

Expert found an open database in China containing the personal information of more than 1.8 million women, including a strange “BreedReady” status. Another data leak made the headlines, this time a database containing a creepy set of details collected on more than 1.8 million women in China was left unprotected online. The huge trove of data included personal info (i.e. name, age, and date of birth, phone numbers, addresses) along with a “BreedReady” status.

Education 111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Top 10 Takeaways from RSA Conference 2019

eSecurity Planet

After five days of sessions, events and demos, what were the key cybersecurity themes that emerged at RSA Conference 2019?

article thumbnail

How Hackers Pulled Off a $20 Million Mexican Bank Heist

WIRED Threat Level

Welcome to the world of fake accounts, phantom funds, and money mules.

Banking 111
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I'm teaching a live online class called " Spotlight on Cloud: The Future of Internet Security with Bruce Schneier " on O'Reilly's learning platform, Thursday, April 4, at 10:00 AM PT/1:00 PM ET. The list is maintained on this page.

Internet 153
article thumbnail

It is the first time in the history that civic groups hold a protest against a national CERT

Security Affairs

Demonstration in front of the National CERT of Philippines for failing to act on cyber attacks targeting regime critical media and civil society organizations. On March 12, the World Day Against Cyber-Censorship, media and civil society organizations in Philippines held a demonstration in front of NCERT (National Computer Emergency Response Team) to protest against the negligence of the NCERT to support the investigation of the three months’ long Distributed Denial of Service attacks against reg

Media 111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

763M Email Addresses Exposed in Latest Database Misconfiguration Episode

Dark Reading

MongoDB once again used by database admin who opens unencrypted database to the whole world.

102
102
article thumbnail

Firefox Send Is an Easy Way to Share Large Files Securely

WIRED Threat Level

Mozilla has made public an encrypted file-sharing service with a self-destruct twist.

article thumbnail

Adam Levin Discusses Misuse of Federal Databases on CBS This Morning

Adam Levin

Adam Levin was on a recent episode of CBS This Morning to discuss a police officer accused of using federal databases to prowl for women. “It’s a violation of privacy. It’s a violation of professional ethics. It’s a violation of the codes of conduct of every police department I can think of,” said Levin. See the segment here.

100
100
article thumbnail

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack. The flaws could be exploited by attackers to disable the alarm, as well as track and unlock the vehicles using it, or to start and stop the engine even when the car was moving. The experts also demonstrated that it is possible to snoop on drivers’ conversations through a microphone that is built into one of the car alarm systems, ̶

Hacking 112
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!