Sat.Aug 10, 2019 - Fri.Aug 16, 2019

article thumbnail

Software Vulnerabilities in the Boeing 787

Schneier on Security

Boeing left its software unprotected, and researchers have analyzed it for vulnerabilities: At the Black Hat security conference today in Las Vegas, Santamarta, a researcher for security firm IOActive, plans to present his findings, including the details of multiple serious security flaws in the code for a component of the 787 known as a Crew Information Service/Maintenance System.

Software 252
article thumbnail

Extended Validation Certificates are (Really, Really) Dead

Troy Hunt

251
251
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SEC Investigating Data Leak at First American Financial Corp.

Krebs on Security

The U.S. Securities and Exchange Commissio n (SEC) is investigating a security failure on the Web site of real estate title insurance giant First American Financial Corp. that exposed more than 885 million personal and financial records tied to mortgage deals going back to 2003, KrebsOnSecurity has learned. First American Financial Corp. In May, KrebsOnSecurity broke the news that the Web site for Santa Ana, Calif.

Insurance 241
article thumbnail

Woman Charged in Capital One Breach May Have Hacked Over 30 Companies

Adam Levin

Hacker Paige Thomson, main suspect in the recent Capital One data breach, may also be responsible for hacking as many as 30 other companies and organizations. . Prosecutors from the Seattle U.S. Attorney’s Office announced the discovery of data from more than 30 targeted entities in the bedroom of Paige Thompson, who was arrested in connection with the Capital One data breach.

Hacking 182
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Attorney General Barr and Encryption

Schneier on Security

Last month, Attorney General William Barr gave a major speech on encryption policy­what is commonly known as "going dark." Speaking at Fordham University in New York, he admitted that adding backdoors decreases security but that it is worth it. Some hold this view dogmatically, claiming that it is technologically impossible to provide lawful access without weakening security against unlawful access.

article thumbnail

Weekly Update 151

Troy Hunt

Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed me of my voice but hey, I got a flying cow! Scott and I both spent BSides, Black Hat and DEF CON doing "hallway con" or in other words, wandering around just meeting people. The personal engagement you get from these ad hoc meetups really can't be beat and I appreciate everyone who took the time to come over and say hi.

CISO 163

More Trending

article thumbnail

NEW TECH: Trend Micro inserts ‘X’ factor into ‘EDR’ – endpoint detection and response

The Last Watchdog

With all the talk of escalating cyber warfare , the spread of counterfeit smartphones and new forms of self-replicating malware , I came away from Black Hat USA 2019 (my 15 th ) marveling, once more, at the panache of modern cyber criminals. Related: Lessons learned from Capital One breach Yet, I also had the chance to speak one-on-one with dozens of security vendors who are innovating like crazy to improve security.

Antivirus 147
article thumbnail

Exploiting GDPR to Get Private Information

Schneier on Security

A researcher abused the GDPR to get information on his fiancee: It is one of the first tests of its kind to exploit the EU's General Data Protection Regulation (GDPR) , which came into force in May 2018. The law shortened the time organisations had to respond to data requests, added new types of information they have to provide, and increased the potential penalty for non-compliance.

Education 236
article thumbnail

Weekly Update 152

Troy Hunt

I made it out of Vegas! That was a rather intense 8 days and if I'm honest, returning to the relative tranquillity of Oslo has been lovely (not to mention the massive uptick in coffee quality). But just as the US to Europe jet lag passes, it's time to head back to Aus for a bit and go through the whole cycle again. And just on that, I've found that diet makes a hell of a difference in coping with this sort of thing: The number one most effective way I’ve found for coping with jet lag, stress, cr

CISO 156
article thumbnail

Patch Tuesday, August 2019 Edition

Krebs on Security

Most Microsoft Windows (ab)users probably welcome the monthly ritual of applying security updates about as much as they look forward to going to the dentist: It always seems like you were there just yesterday, and you never quite know how it’s all going to turn out. Fortunately, this month’s patch batch from Redmond is mercifully light, at least compared to last month.

Backups 212
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

GUEST ESSAY: Why the next round of cyber attacks could put many SMBs out of business

The Last Watchdog

In the last year, the news media has been full of stories about vicious cyber breaches on municipal governments. From Atlanta to Baltimore to school districts in Louisiana, cyber criminals have launched a wave of ransomware attacks on governments across the country. Related: SMBs struggle to mitigate cyber attacks As city governments struggle to recover access to their data, hackers are already turning their sites on their next targets: small and medium-sized businesses (SMBs).

article thumbnail

Evaluating the NSA's Telephony Metadata Program

Schneier on Security

Interesting analysis: " Examining the Anomalies, Explaining the Value: Should the USA FREEDOM Act's Metadata Program be Extended? " by Susan Landau and Asaf Lubin. Abstract: The telephony metadata program which was authorized under Section 215 of the PATRIOT Act, remains one of the most controversial programs launched by the U.S. Intelligence Community (IC) in the wake of the 9/11 attacks.

article thumbnail

How to Get Rich and Be Super Creepy

Adam Levin

If you missed the news about Russian-owned FaceApp going viral, you’ve probably been vacationing on the coast of a dust pond on the dark side of the moon. It highlights the general lack of privacy laws out there, and may herald the start of meaningful legislation. FaceApp allows users to tap into the power of artificial intelligence to see what they might look like with a perfect Hollywood smile, different hair, no hair, facial hair, or, alternately, as a much older version of themsel

article thumbnail

Payments and Security: Putting security where your money is

Thales Cloud Protection & Licensing

Originally published in Payments Journal on July 31, 2019. There’s a very tough question on the table that no one can afford to ignore: If more than half of global IT and security executives say they actively fear the exposure of payment card data and other personal identifiable information, why are 70% of them not deploying measures such as encryption to maintain security?

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Toolbox: After a Conference

Adam Shostack

Wow. Blackhat, Defcon, I didn’t make any of the other conferences going on in Vegas. And coming back it seems like there’s a sea of things to follow up on. A little bit of organization is helping me manage better this year, and so I thought I’d share what’s in my post-conference toolbox. I’m also sharing because I don’t think my workflow is optimal, and would love to learn how you’re working through this in 2019, with its profusion of ways to stay in touch.

113
113
article thumbnail

Side-Channel Attack against Electronic Locks

Schneier on Security

Several high-security electronic locks are vulnerable to side-channel attacks involving power monitoring.

Hacking 223
article thumbnail

How a 'NULL' License Plate Landed One Hacker in Ticket Hell

WIRED Threat Level

Security researcher Joseph Tartaro thought NULL would make a fun license plate. He's never been more wrong.

112
112
article thumbnail

FBI is searching for contractors to monitor social media

Security Affairs

The FBI is searching for contractors to monitor social media for potential threats, the announcement raises concerns for user privacy. The abuse of social media passwords for malicious purpose is quite common, for this reason, the FBI is searching for contractors to monitor them. However, monitoring activity could threaten user privacy and set up possible conflicts with social media giants, such as Facebook, over privacy. “The Federal Bureau of Investigation (FBI) intends to award a firm f

Media 111
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

More Than 20 Data Breaches Reported Per Day in First Half of 2019

Dark Reading

But incidents involving SSNs, addresses, birth dates were smaller than in previous years.

article thumbnail

Bypassing Apple FaceID's Liveness Detection Feature

Schneier on Security

Apple's FaceID has a liveness detection feature, which prevents someone from unlocking a victim's phone by putting it in front of his face while he's sleeping. That feature has been hacked : Researchers on Wednesday during Black Hat USA 2019 demonstrated an attack that allowed them to bypass a victim's FaceID and log into their phone simply by putting a pair of modified glasses on their face.

Hacking 221
article thumbnail

Hackers Can Turn Everyday Speakers Into Acoustic Cyberweapons

WIRED Threat Level

A security researcher has demonstrated how to force everyday commercial speakers to emit harmful sounds.

Hacking 111
article thumbnail

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$

Security Affairs

USBSamurai — A Remotely Controlled Malicious USB HID Injecting Cable for less than 10$. than 10$. The Video is self-explanatory. ( Wanna know how to make it? Read the article below.) . All started with this Tweet last April, when I wanted a damn cheap USB implant capable of injecting keystrokes. It had to be: Remotely Controllable Fast in Typing Tiny as f k Cheaper than a bottle of Vodka.

InfoSec 111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Training At Embedded Systems Security Days

Adam Shostack

I’m excited to be teaming up with Alpha Strike and Limes Security to deliver training in Vienna November 6-8. Details are available at Embedded Systems Security Days.

article thumbnail

Gamers Beware: Zero-Day in Steam Client Affects All Windows Users

Threatpost

An elevation-of-privilege bug allows attackers to run any program on a target machine with high privileges.

96
article thumbnail

Hackers Could Decrypt Your GSM Phone Calls

WIRED Threat Level

Researchers have discovered a flaw in the GSM standard used by AT&T and T-Mobile that would allow hackers to listen in.

Mobile 111
article thumbnail

Google hacker discloses 20-year-old Windows flaw still unpatched

Security Affairs

Tavis Ormandy, white hat hacker at Google’s Project Zero Team, disclosed technical details of a 20-year-old Windows vulnerability that is still unpatched. The popular cyber security expert Tavis Ormandy, white hat hacker at Google’s Project Zero Team disclosed technical details of 20-year-old vulnerability that is still unpatched. The vulnerability, rated as high-severity, affects all versions of Microsoft Windows from Windows XP.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Rethinking the Value of Premium SSL Certificates

PerezBox Security

95
article thumbnail

FBI Plans to Monitor Social Media May Spark Privacy Issues

Dark Reading

A new initiative to pull data from social media platforms may clash with policies prohibiting the use of information for mass surveillance.

Media 94
article thumbnail

A Remote-Start App Exposed Thousands of Cars to Hackers

WIRED Threat Level

The bugs could have let an industrious hacker locate cars, unlock them, and start them up from anywhere with an internet connection.

Internet 111
article thumbnail

Boffins hacked Siemens Simatic S7, most secure controllers in the industry

Security Affairs

A group of Israeli researchers demonstrated that it is possible to take over the Simatic S7 controller one of the most secure controllers in the industry. A team of Israeli researchers demonstrated that it is possible to take control of the Simatic S7 controller without the knowledge of the operators. The team was composed of researchers from the Cyber ??

Hacking 112
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!