Schneier on Security

AUGUST 1, 2019

This article points out that Facebook's planned content moderation scheme will result in an encryption backdoor into WhatsApp: In Facebook's vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user's device, scanning each cleartext message before it is sent and each encrypted message after it is dec

Encryption 139

Encryption Manufacturing Mobile Government 139

Krebs on Security

AUGUST 2, 2019

On Monday, a former Amazon employee was arrested and charged with stealing more than 100 million consumer applications for credit from Capital One. Since then, many have speculated the breach was perhaps the result of a previously unknown “zero-day” flaw, or an “insider” attack in which the accused took advantage of access surreptitiously obtained from her former employer.

Hacking 243

Hacking Firewall Data breaches Software 243

Troy Hunt

AUGUST 2, 2019

Over the last year and a bit I've been working to make more data in HIBP freely available to governments around the world that want to monitor their own exposure in data breaches. Like the rest of us, governments regularly rely on services that fall victim to attacks resulting in data being disclosed and just like the commercial organisations monitoring domains on HIBP, understanding that exposure is important.

Government 228

Government Data breaches 228

The Last Watchdog

AUGUST 1, 2019

Company officials at Capital One Financial Corp ought to have a crystal clear idea of what to expect next — after admitting to have allowed a gargantuan data breach. Capital One’s mea culpa coincided with the FBI’s early morning raid of a Seattle residence to arrest Paige Thompson. Authorities charged the 33-year-old former Amazon software engineer with masterminding the hack.

Data privacy 198

Data privacy Data breaches Internet Internet 198

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

AUGUST 2, 2019

Yesterday, I blogged about a Facebook plan to backdoor WhatsApp by adding client-side scanning and filtering. It seems that I was wrong, and there are no such plans. The only source for that post was a Forbes essay by Kalev Leetaru, which links to a previous Forbes essay by him, which links to a video presentation from a Facebook developers conference.

Encryption 270

Encryption Engineering Authentication 270

Krebs on Security

JULY 29, 2019

Marcus Hutchins , the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry worm.

Banking 204

Banking Malware Government Education 204

Adam Levin

JULY 30, 2019

Consumer audio recorded by Apple’s Siri platform has been shared with external contractors. A whistleblower working as a contractor revealed that the company’s digital voice assistant software records audio collected by consumer devices–including iPhones, Apple Watches, and HomePods–and shares it with external contractors. The recordings contained potentially sensitive information.

IoT 146

IoT Software 146

Schneier on Security

JULY 31, 2019

In this piece of research, attackers successfully attack a driverless car system -- Renault Captur's "Level 0" autopilot (Level 0 systems advise human drivers but do not directly operate cars) -- by following them with drones that project images of fake road signs in 100ms bursts. The time is too short for human perception, but long enough to fool the autopilot's sensors.

246

246

Thales Cloud Protection & Licensing

AUGUST 2, 2019

The British parliament has been unable to agree the exit package from the European Union. With the possibility of a “no deal” departure looming, EU leaders have granted a six-month extension to Brexit day. But the uncertainty that still lingers with regards to Britain’s future, creates various opportunities which cyber criminals could try to exploit.

Cybersecurity 117

Cybersecurity Data breaches Government Encryption 117

Adam Shostack

JULY 30, 2019

Alexandre Sieira has some very interesting and actionable advice from looking at the Capital One Breach in “ Learning from the July 2019 Capital One Breach.” Alex starts by saying “The first thing I want to make clear is that I sympathize with the Capital One security and operations teams at this difficult time. Capital One is a well-known innovator in cloud security, has very competent people dedicated to this and has even developed and high quality open source solutions such

Software 160

Software Engineering 160

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

AUGUST 2, 2019

Expert Luca Bongiorni was looking for new targets to test WHID Elite’s Radio Hacking capabilities and found an interesting one: Electrocuting C**k Ring. Last week I was looking for new targets to test WHID Elite’s Radio Hacking capabilities and suddenly I found an interesting one: an Electrocuting C**k Ring. Yes, you read it correctly (What you cannot find on Amazon…).

Engineering 111

Engineering Firmware Advertising InfoSec 111

Schneier on Security

AUGUST 2, 2019

There's a really interesting video of protesters in Hong Kong using some sort of laser to disable security cameras. I know nothing more about the technologies involved.

Technology 245

Technology 245

WIRED Threat Level

JULY 29, 2019

VxWorks is designed as a secure, "real-time" operating system for continuously functioning devices, like medical equipment, elevator controllers, or satellite modems.

111

111

Dark Reading

AUGUST 2, 2019

OK, perhaps that's self-evident, so how come it far too often still takes an incident to trigger planning?

106

106

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

JULY 28, 2019

Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0. Playing a specially-crafted video on devices with the Android’s native video player application could allow attackers to compromise them due to a dangerous critical remote code execution flaw.

Hacking 111

Hacking Media Advertising Manufacturing 111

Schneier on Security

AUGUST 2, 2019

Rebecca Wexler has an interesting op-ed about an inadvertent harm that privacy laws can cause: while law enforcement can often access third-party data to aid in prosecution, the accused don't have the same level of access to aid in their defense: The proposed privacy laws would make this situation worse. Lawmakers may not have set out to make the criminal process even more unfair, but the unjust result is not surprising.

237

237

WIRED Threat Level

JULY 29, 2019

It occupies a spot next to 'Black Mirror' and Big Brother in popular imagination, but China’s social credit project is far more complicated than a single, all-powerful numerical score.

111

111

Thales Cloud Protection & Licensing

JULY 31, 2019

Digital payments growth. According to 451 Research, digital payment channels are expected to grow from $2.8 trillion in 2018 to $5.8 trillion in 2022. That’s seven times the rate of in-store growth. Within digital payments, mobile payment transactions are expected to overtake e-commerce transactions in 2019 and represent 55% of transactions by 2022.

Mobile 102

Mobile Authentication Technology Marketing 102

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JULY 28, 2019

According to a report published by cyber security firm Sixgill data for over 23 million payment card were on offer in underground forums in the first half of 2019. . A report published by cybersecurity firm Sixgill revealed that data for over 23 million payment card were offered for sale in the cybercrime underground. The report, titled “ Underground financial fraud report “, provides interesting details about the sale of stolen financial data in the Dark Web. .

eCommerce 111

eCommerce Marketing Advertising Retail 111

Schneier on Security

JULY 29, 2019

Eli Sugarman of the Hewlettt Foundation laments about the sorry state of cybersecurity imagery: The state of cybersecurity imagery is, in a word, abysmal. A simple Google Image search for the term proves the point: It's all white men in hoodies hovering menacingly over keyboards, green "Matrix"-style 1s and 0s, glowing locks and server racks, or some random combination of those elements -- sometimes the hoodie-clad men even wear burglar masks.

Cybersecurity 224

Cybersecurity Surveillance Encryption Government 224

WIRED Threat Level

JULY 31, 2019

The Guardian Firewall app gives iOS users a reprieve from the scourge of online trackers.

Firewall 111

Firewall 111

Threatpost

JULY 30, 2019

Remote exploitation can be achieved with no user interaction.

Mobile 96

Mobile 96

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JULY 28, 2019

Experts at Trustwave observed threat actors using a rare technique to compromise fully patched websites. Security experts at Trustwave observed threat actors using a rare steganography technique, attackers are hiding PHP scripts in Exchangeable Image Format (EXIF) headers of JPEG images that are uploaded on the website. The Exchangeable image file format is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras (including smartphones), scanners and ot

Hacking 111

Hacking Advertising Information Security 111

Schneier on Security

JULY 30, 2019

Back in January, two senior GCHQ officials proposed a specific backdoor for communications systems. It was universally derided as unworkable -- by me , as well. Now Jon Callas of the ACLU explains why.

Encryption 224

Encryption 224

WIRED Threat Level

AUGUST 2, 2019

Amazon-owned Ring has cozied up to law enforcement, and critics say it's using police departments to help market its surveillance cameras.

Surveillance 111

Surveillance Marketing 111

Dark Reading

JULY 31, 2019

Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.

93

93

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JULY 27, 2019

Attackers deployed a Magecart credit card skimmer script into fake Google domains used to trick visitors into making online transactions. Experts at Sucuri discovered threat actors using fake Google domains hosting a Magento skimmer script used to steal payment data when unaware visitors make transactions. The campaign was uncovered when the owner of a website discovered that its domain was blacklisted by McAfee’s SiteAdvisor service.

Advertising 111

Advertising Hacking Accountability Information Security 111

Threatpost

JULY 31, 2019

In addition, Google’s latest Chrome version implements 43 new security fixes.

81

81

WIRED Threat Level

JULY 29, 2019

In a criminal complaint, the FBI detailed how a hacker allegedly stole data from 100 million people—and how she got caught.

Hacking 108

Hacking 108

Dark Reading

AUGUST 2, 2019

An email phishing attack, thought to be from a nation-state actor, claims that engineers have failed licensing exams.

Phishing 91

Phishing Engineering 91

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity