Sat.Oct 27, 2018 - Fri.Nov 02, 2018

article thumbnail

Buying Used Voting Machines on eBay

Schneier on Security

This is not surprising : This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were beforeĀ­ -- dispersed, disorganized, and susceptible to manipulation.

Hacking 257
article thumbnail

Equifax Has Chosen Experian. Wait, What?

Krebs on Security

A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Chinese Government Agents Charged with Hacking, IP Theft

Adam Levin

The U.S. Justice Department announced charges against ten Chinese intelligence agents for hacking into computer systems belonging to U.S. and international companies to steal aerospace technology and data. The indictment , revealed earlier this week accuses agents working for the Jiangsu Province Ministry of State Security (JSSD) of conspiring ā€œto steal sensitive commercial technological, aviation, and aerospace data by hacking into computers in the United States and abroad.ā€.

article thumbnail

Weekly Update 111

Troy Hunt

On my first attempt at recording this, I decided the framing was crooked after a couple of minutes so I started again. On my second attempt, the PC BSOD'd after 42 mins and I thought I'd lost all the audio. I hadn't, so on the third attempt I completed the last of it. Then I waited nearly an hour for it to render before realising there was unedited material at the beginning so I had to re-render the whole thing again.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeperā€™s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Security Vulnerability in Internet-Connected Construction Cranes

Schneier on Security

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices use fixed codes that are reproducible by sniffing and re-transmission," US-CERT explained.

Internet 236
article thumbnail

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones.

Phishing 245

More Trending

article thumbnail

GUEST ESSAY: A guide to implementing best security practices ā€” before the inevitable breach

The Last Watchdog

The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a ā€œmega breach.ā€. The headlines immediately attempted to lay the blame, in large part, on the fact that Equifaxā€™s chief information security officer was a music major and did not have a background in technology.

article thumbnail

More on the Supermicro Spying Story

Schneier on Security

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don't know anything more, but this is the most comprehensive rebuttal of the story I have read.

230
230
article thumbnail

Airline Safety

Adam Shostack

There’s an interesting article in the CBC, where journalists took a set of flights, swabbed surfaces, and worked with a microbiologist to culture their samples. What they found will shock you! Well, airplanes are filthy. Not really shocking. What was surprising to me was that the dirtiest of the surfaces they tested was the headrest. (They did not test the armrests.

113
113
article thumbnail

Data Breach of Chinese Airline Exposes Millions of Passengers

Adam Levin

Hong Kong-based Cathay Pacific discovered a data breach that compromised the information of more than 9 million passengers, the company announced last week. It is the biggest breach to date of an airline. In the same release, Cathay announced that the ā€œtypes of personal data accessed were the names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, youā€™ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NEW TECH: How ā€˜adaptive multi-factor authenticationā€™ is gaining traction via partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary. One recent validation comes from two long established, and much larger cybersecurity vendors ā€“ Check Point and Palo Alto Networks ā€“ that have recently begun integrating Silverfortā€™s innovative MFA solution into their respective malware detection and

article thumbnail

Was the Triton Malware Attack Russian in Origin?

Schneier on Security

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don't know. FireEye likes to attribute all sorts of things to Russia, but the evidence here look pretty good.

Malware 215
article thumbnail

Podcast with Ron Woerner

Adam Shostack

Ron Woerner had me on as a guest in his business of security podcast series. It was fun to tease out some of the business justifications for threat modeling, and the podcast is now live at itunes. You can learn more about the series at Business of Security Podcast Series.

113
113
article thumbnail

0x20k of Ghost Squad Hackers Releases ODay Exploit Targeting Apache Hadoop

Security Affairs

0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to targeting Apache Hadoop and build the FICORA Botnet. In direct response to the publication of Radware’s analysis of the new discovery of the DemonBot malware strain effecting Hadoop clusters earlier the week, October 25th, 2018, 0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to build his newest model; the FICORA Botnet. 0x20k, who is also credited as the autho

Malware 112
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out whatā€™s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

China's Five Steps for Recruiting Spies in the US

WIRED Threat Level

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

111
111
article thumbnail

How to Punish Cybercriminals

Schneier on Security

Interesting policy paper by Third Way: " To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors ": In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that: There is a burgeoning cybercrime wave: A rising and often unseen crime wave is mushrooming in America.

article thumbnail

GDPRā€™s First 150 Days Impact on the U.S.

Threatpost

Weighing the impact of GDPR and how the historic legislation has shaped privacy protection measures in the U.S., so far.

Insurance 102
article thumbnail

Iran hit by a more aggressive and sophisticated Stuxnet version

Security Affairs

Iran’s strategic network was hit by a new destructive and sophisticated version of the Stuxnet cyber weapon, the Hadashot TV reports. According to the Hadashot TV, Iran’s strategic network was hit by a destructive malware-based attack hours after Israel revealed the Mossad had thwarted an Iranian murder plot in Denmark, and days after Iranā€™s President Hassan Rouhani’s phone was tapped.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldnā€™t hand those out too freely. You have stuff thatā€™s worth protectingā€”and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Donā€™t Be Duped by Voting Misinformation Before the Midterms

WIRED Threat Level

How to find accurate voting information for the midterm elections.

111
111
article thumbnail

ID Systems Throughout the 50 States

Schneier on Security

Jim Harper at CATO has a good survey of state ID systems in the US.

204
204
article thumbnail

Girl Scouts Hacked, 2,800 Members Notified

Dark Reading

A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.

Hacking 98
article thumbnail

A few hours after Apple released iOS 12.1, a researcher presented a Passcode Bypass issue

Security Affairs

A few hours after Apple released iOS 12.1 the iPhone bug hunter Jose Rodriguez has found a new passcode bypass issue that could be exploited to see all contacts’ private information on a locked iPhone. “Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS mobile operating system, iOS 12.1, released by Apple today.” reads a post published by THN.

Mobile 111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Signal's "Sealed Sender" Is a Clever New Way to Shield Your Identity

WIRED Threat Level

"Sealed sender" gives the leading encrypted messaging app an important boost, hiding metadata around who sent a given message.

article thumbnail

Ransomware, Leakware, Scarewareā€¦ Oh My!

Thales Cloud Protection & Licensing

The unexplained and seemingly paranormal are actually a year-round phenomenon in IT Security. This year has been no exception. The shrieks and screams coming from CISOs and their staffs over malware has led to zombie-like stares. Because the never-ending battle against the evil forces of the dark web continues with regard to ransomware and its ghoulish close cousins ā€“ leakware and scareware.

article thumbnail

Worst Malware and Threat Actors of 2018

Dark Reading

Two reports call out the most serious malware attacks and attackers of the year (so far).

Malware 91
article thumbnail

Cyber attack exposes sensitive data about a nuclear power plant in France

Security Affairs

A cyber attack on a French firm Ingerop allowed attackers to access confidential documents related to nuclear power plant plans in France. The hacker stole more than 65 gigabytes of documents back in June, the huge trove of documents includes nuclear power plant plants and blueprints for prisons and tram networks. According to the media, some of the stolen data were found on a rented server in Germany. “Thousands of sensitive documents pertaining to nuclear power plants, prisons and tram n

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Privacy Battle to Save Google From Itself

WIRED Threat Level

Interviews with over a dozen current and former Google employees highlight a commitment to privacyā€”and the inherent tensions that creates.

110
110
article thumbnail

What 9 Cybersecurity Research Reports Say About the State of Risk

eSecurity Planet

In October, cybersecurity vendors released a number of research reports highlighting the biggest risks in the threat landscape.

Risk 88
article thumbnail

9 Traits of A Strong Infosec Resume

Dark Reading

Security experts share insights on which skills and experiences are most helpful to job hunters looking for their next gig.

InfoSec 88
article thumbnail

CISCO warnĀ of a zero-day DoS flaw that is being actively exploited in attacks

Security Affairs

Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The flaw could be exploited by a remote attacker to trigger a DoS condition on the vulnerable device. “A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adapti

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!