Schneier on Security

NOVEMBER 1, 2018

This is not surprising : This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easier to exploit than the older ones. Our voting machines, billed as "next generation," and still in use today, are worse than they were before­ -- dispersed, disorganized, and susceptible to manipulation.

Hacking 250

Hacking 250

Krebs on Security

NOVEMBER 1, 2018

A year after offering free credit monitoring to all Americans on account of its massive data breach that exposed the personal information of nearly 148 million people, Equifax now says it has chosen to extend the offer by turning to a credit monitoring service offered by a top competitor — Experian. And to do that, it will soon be sharing with Experian contact information that affected consumers gave to Equifax in order to sign up for the service.

Identity Theft 250

Identity Theft Marketing Data breaches Accountability 250

Adam Levin

OCTOBER 31, 2018

The U.S. Justice Department announced charges against ten Chinese intelligence agents for hacking into computer systems belonging to U.S. and international companies to steal aerospace technology and data. The indictment , revealed earlier this week accuses agents working for the Jiangsu Province Ministry of State Security (JSSD) of conspiring “to steal sensitive commercial technological, aviation, and aerospace data by hacking into computers in the United States and abroad.”.

Government 213

Government Hacking Engineering Technology 213

The Last Watchdog

OCTOBER 29, 2018

The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.”. The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology.

Data privacy 164

Data privacy Data breaches Insurance Information Security 164

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

OCTOBER 29, 2018

This seems bad: The F25 software was found to contain a capture replay vulnerability -- basically an attacker would be able to eavesdrop on radio transmissions between the crane and the controller, and then send their own spoofed commands over the air to seize control of the crane. "These devices use fixed codes that are reproducible by sniffing and re-transmission," US-CERT explained.

Internet 230

Internet Internet Software 230

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works. A number of financial institutions are now offering cardless ATM transactions that allow customers to withdraw cash using nothing more than their mobile phones.

Phishing 243

Phishing Banking Scams Accountability 243

Troy Hunt

NOVEMBER 2, 2018

On my first attempt at recording this, I decided the framing was crooked after a couple of minutes so I started again. On my second attempt, the PC BSOD'd after 42 mins and I thought I'd lost all the audio. I hadn't, so on the third attempt I completed the last of it. Then I waited nearly an hour for it to render before realising there was unedited material at the beginning so I had to re-render the whole thing again.

Data breaches 157

Data breaches Passwords Accountability 157

Schneier on Security

OCTOBER 29, 2018

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge. We don't know anything more, but this is the most comprehensive rebuttal of the story I have read.

225

225

Adam Shostack

NOVEMBER 1, 2018

There’s an interesting article in the CBC, where journalists took a set of flights, swabbed surfaces, and worked with a microbiologist to culture their samples. What they found will shock you! Well, airplanes are filthy. Not really shocking. What was surprising to me was that the dirtiest of the surfaces they tested was the headrest. (They did not test the armrests.

113

113

Adam Levin

OCTOBER 29, 2018

Hong Kong-based Cathay Pacific discovered a data breach that compromised the information of more than 9 million passengers, the company announced last week. It is the biggest breach to date of an airline. In the same release, Cathay announced that the “types of personal data accessed were the names of passengers, their nationalities, dates of birth, telephone numbers, email, physical addresses, passport numbers, identity card numbers, frequent flyer programme membership numbers, customer service

Data breaches 116

Data breaches Healthcare Hacking Cybersecurity 116

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

NOVEMBER 1, 2018

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary. One recent validation comes from two long established, and much larger cybersecurity vendors – Check Point and Palo Alto Networks – that have recently begun integrating Silverfort’s innovative MFA solution into their respective malware detection and

Authentication 113

Authentication Digital transformation IoT Risk 113

Schneier on Security

NOVEMBER 2, 2018

Interesting policy paper by Third Way: " To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors ": In this paper, we argue that the United States currently lacks a comprehensive overarching strategic approach to identify, stop and punish cyberattackers. We show that: There is a burgeoning cybercrime wave: A rising and often unseen crime wave is mushrooming in America.

Cybercrime 210

Cybercrime Cybersecurity Hacking 210

Adam Shostack

OCTOBER 29, 2018

Ron Woerner had me on as a guest in his business of security podcast series. It was fun to tease out some of the business justifications for threat modeling, and the podcast is now live at itunes. You can learn more about the series at Business of Security Podcast Series.

113

113

Security Affairs

NOVEMBER 1, 2018

0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to targeting Apache Hadoop and build the FICORA Botnet. In direct response to the publication of Radware’s analysis of the new discovery of the DemonBot malware strain effecting Hadoop clusters earlier the week, October 25th, 2018, 0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to build his newest model; the FICORA Botnet. 0x20k, who is also credited as the autho

Malware 111

Malware Advertising Media Passwords 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

OCTOBER 31, 2018

A series of high-profile cases involving alleged Chinese recruits shows how the country identifies and develops potential spies stateside.

110

110

Schneier on Security

OCTOBER 31, 2018

The conventional story is that Iran targeted Saudi Arabia with Triton in 2017. New research from FireEye indicates that it might have been Russia. I don't know. FireEye likes to attribute all sorts of things to Russia, but the evidence here look pretty good.

Malware 210

Malware 210

Thales Cloud Protection & Licensing

OCTOBER 31, 2018

The unexplained and seemingly paranormal are actually a year-round phenomenon in IT Security. This year has been no exception. The shrieks and screams coming from CISOs and their staffs over malware has led to zombie-like stares. Because the never-ending battle against the evil forces of the dark web continues with regard to ransomware and its ghoulish close cousins – leakware and scareware.

Ransomware 91

Ransomware Encryption Malware CISO 91

Security Affairs

NOVEMBER 1, 2018

Iran’s strategic network was hit by a new destructive and sophisticated version of the Stuxnet cyber weapon, the Hadashot TV reports. According to the Hadashot TV, Iran’s strategic network was hit by a destructive malware-based attack hours after Israel revealed the Mossad had thwarted an Iranian murder plot in Denmark, and days after Iran’s President Hassan Rouhani’s phone was tapped.

Advertising 111

Advertising Government Malware Hacking 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

NOVEMBER 1, 2018

In October, cybersecurity vendors released a number of research reports highlighting the biggest risks in the threat landscape.

Risk 105

Risk Cybersecurity 105

Schneier on Security

OCTOBER 31, 2018

Jim Harper at CATO has a good survey of state ID systems in the US.

201

201

Thales Cloud Protection & Licensing

NOVEMBER 2, 2018

In part one of my Money 20/20 2018 blog, I touched on digital identity solutions and blockchain. Below, I expand on open banking, secure remote commerce, and share my overall take on what the conference indicates for the industry at large. Open banking: the glass is half full for a select few. On Monday afternoon I managed to catch an enlightening panel discussion about open banking and what has been achieved so far.

Banking 79

Banking Technology Data breaches 79

Security Affairs

OCTOBER 28, 2018

Researchers at Cymulate security firm devised a new stealthy technique to deliver malware leveraging videos embedded into weaponized Microsoft Office Documents. The technique could be used to execute JavaScript code when a user clicks on a weaponized YouTube video thumbnail embedded in a Weaponized Office document. Experts pointed out that no message is displayed by Microsoft Office to request the victim’s consent. “Cymulate’s research team has discovered a way to abuse the Online Vi

Malware 111

Malware Internet Internet Advertising 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

OCTOBER 27, 2018

It may never be clear why Robert Bowers chose to carry out a violent attack. But his social media activity mirrors an increase in anti-Semitism on the internet.

Media 89

Media Internet Internet 89

Dark Reading

NOVEMBER 1, 2018

Facebook, Equifax, Cambridge Analytica. Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.

Data breaches 83

Data breaches 83

Threatpost

NOVEMBER 1, 2018

Weighing the impact of GDPR and how the historic legislation has shaped privacy protection measures in the U.S., so far.

Insurance 102

Insurance Accountability Government 102

Security Affairs

OCTOBER 30, 2018

A few hours after Apple released iOS 12.1 the iPhone bug hunter Jose Rodriguez has found a new passcode bypass issue that could be exploited to see all contacts’ private information on a locked iPhone. “Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS mobile operating system, iOS 12.1, released by Apple today.” reads a post published by THN.

Mobile 111

Mobile Advertising Hacking 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Thales Cloud Protection & Licensing

OCTOBER 29, 2018

Peter Carlisle, Thales eSecurity’s VP of Sales, EMEA, recently shared his thoughts on the Cathay Pacific data breach. According to the airline, hackers were able to access the personal data of up to 9.4 million passengers. Leaked data includes passengers’ names, dates of birth, phone numbers, email addresses and passport numbers. The Cathay Pacific hack comes on the heels of last month’s British Airways data hack.

Data breaches 73

Data breaches Encryption Hacking Risk 73

Dark Reading

OCTOBER 30, 2018

A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.

Hacking 98

Hacking Risk 98

Threatpost

OCTOBER 31, 2018

The Kraken ransomware author has released a second version of the malicious code, along with a unique affiliate program on the Dark Web. According to research into Kraken v.2 the new version is being promoted in a ransomware-as-a-service (RaaS) model to underground forum customers, via a video demoing its capabilities. Those interested can complete a […].

Ransomware 77

Ransomware Malware 77

Security Affairs

OCTOBER 27, 2018

Security researchers at FortiGuard Labs have discovered a new DDoS-for-hire service called “ 0x-booter” built with leaked code that implements an easy to use interface. “ 0x-booter ” first appeared on October 17, 2018, a post published on Facebook advertises over 500 Gbps of power and 20,000 bots. “During our regular monitoring, the FortiGuard Labs team recently discovered a new platform offering DDoS-for-hire service called “0x-booter. ”” reads the analysis published by Fort

DDOS 110

DDOS IoT Advertising Hacking 110

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity