Krebs on Security

DECEMBER 23, 2018

A 22-year-old man convicted of cyberstalking and carrying out numerous bomb threats and swatting attacks — including a 2013 swatting incident at my home — was arrested Sunday morning in the Philippines after allegedly helping his best friend dump the body of a housemate into a local river. Suspects Troy Woody Jr. (left) and Mir Islam, were arrested in Manila this week for allegedly dumping the body of Woody’s girlfriend in a local river.

Internet 249

Internet Internet Government Accountability 249

Schneier on Security

DECEMBER 28, 2018

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect. The scheme employed a thousand servers hosted inside data centers to impersonate real human beings who purportedly "viewed" ads that were hosted on bogus pages run by the scammers themselves­ -- who then received a check f

Scams 212

Scams Advertising Hacking Software 212

Troy Hunt

DECEMBER 28, 2018

I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week. As I say in the video, the reaction to my tweet about it was actually overwhelmingly positive, but there was this unhealthy undercurrent of negativity which was really disappointing to see. Several other non-related events following that demonstrated similar online aggressiveness and I don't know if it was a case of too much eggnog or simply people having more d

200

200

The Last Watchdog

DECEMBER 26, 2018

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The re-emergence of SIEMs. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses.

Penetration Testing 173

Penetration Testing Technology Software Antivirus 173

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Adam Shostack

DECEMBER 24, 2018

113

113

Schneier on Security

DECEMBER 24, 2018

Last week, the Scientific Working Group on Digital Evidence published a draft document -- " SWGDE Position on the Use of MD5 and SHA1 Hash Algorithms in Digital and Multimedia Forensics " -- where it accepts the use of MD5 and SHA-1 in digital forensics applications: While SWGDE promotes the adoption of SHA2 and SHA3 by vendors and practitioners, the MD5 and SHA1 algorithms remain acceptable for integrity verification and file identification applications in digital forensics.

201

201

WIRED Threat Level

DECEMBER 27, 2018

In December 1988 a bomb downed a Pan Am jet, leaving 270 dead. It was the first mass killing of Americans by terrorists. As the head of the Justice Department’s criminal division, Robert Mueller oversaw the case. And for him, it was personal.

111

111

Thales Cloud Protection & Licensing

DECEMBER 26, 2018

( Originally posted on Cards International). To reach its tipping point, cashless payment technology has come on a long way since the first magnetic stripe card almost 50 years ago. The development of chip and PIN addressed concerns over security, before the emergence of contactless catered to consumer demands for greater convenience. Today, a new stage in the evolution of payments is growing in popularity.

Mobile 100

Mobile Technology Retail Authentication 100

Schneier on Security

DECEMBER 26, 2018

Good essay: " Advancing Human-Rights-By-Design In The Dual-Use Technology Industry ," by Jonathon Penney, Sarah McKune, Lex Gill, and Ronald J. Deibert: But businesses can do far more than these basic measures. They could adopt a "human-rights-by-design" principle whereby they commit to designing tools, technologies, and services to respect human rights by default, rather than permit abuse or exploitation as part of their business model.

Spyware 198

Spyware Technology Accountability 198

Security Affairs

DECEMBER 23, 2018

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. . A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw could be exploited by an unauthenticated, remote attacker to perform privileged operations using the web management interface.

Firmware 112

Firmware Authentication Software Advertising 112

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

DECEMBER 28, 2018

This year revealed consumers have a lot more to learn about what happens to their information online.

102

102

Thales Cloud Protection & Licensing

DECEMBER 28, 2018

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to give customers more personalized and immediate experiences both in-stores and online. But do these connected experiences actually live up to the hype?

Retail 100

Retail Data breaches Digital transformation Risk 100

Schneier on Security

DECEMBER 28, 2018

Click Here to Kill Everybody is finally available on Audible.com. I have ten download codes. Not having anything better to do with them, here they are: HADQSSFC98WCQ. LDLMC6AJLBDJY. YWSY8CXYMQNJ6. JWM7SGNUXX7DB. UPKAJ6MHB2LEF. M85YN36UR926H. 9ULE4NFAH2SLF. GU7A79GSDCXAT. 9K8Q4RX6DKL84. M92GB246XY7JN. Congratulations to the first ten people to try to use them.

196

196

Security Affairs

DECEMBER 27, 2018

A new sample of Shamoon 3 was uploaded on December 23 to the VirusTotal platform from France, it is signed with a Baidu certificate. A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France. This sample attempt to disguise itself as a system optimization tool developed by Chinese technology company Baidu.

Advertising 111

Advertising Malware Hacking Technology 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

DECEMBER 26, 2018

Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.

Hacking 98

Hacking 98

Threatpost

DECEMBER 28, 2018

Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.

Accountability 88

Accountability Hacking 88

Schneier on Security

DECEMBER 24, 2018

Stealing packages from unattended porches is a rapidly rising crime, as more of us order more things by mail. One person hid a glitter bomb and a video recorder in a package, posting the results when thieves opened the box. At least, that's what might have happened. At least some of the video was faked , which puts the whole thing into question. That's okay, though.

192

192

Security Affairs

DECEMBER 26, 2018

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. The campaign targeted organizations in the US and the UK, the attackers have been abusing Google Cloud Storage to deliver payload. The spam campaign uses messages including links that point to archive files such as.zip or.gz.

Financial Services 111

Financial Services Cybercrime Malware Advertising 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

DECEMBER 28, 2018

In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.

Social Engineering 98

Social Engineering Hacking Engineering 98

Threatpost

DECEMBER 28, 2018

Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.

Firmware 85

Firmware Software Malware Hacking 85

Schneier on Security

DECEMBER 27, 2018

The New York Times is reporting on the security measures people are using to protect nativity displays.

173

173

Security Affairs

DECEMBER 28, 2018

The security researcher Bruno Keith from the Phoenhex group published a PoC code for a remote code execution flaw in Microsoft Edge browser ( CVE-2018-8629 ). The vulnerability affects the JavaScript engine Chakra implemented in the Edge web browser, an attacker could exploit it to execute arbitrary code on the target machine with the same privileges as the logged user. “A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Mi

Advertising 111

Advertising Engineering Hacking Accountability 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

DECEMBER 28, 2018

Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.

Encryption 88

Encryption 88

Threatpost

DECEMBER 25, 2018

What are the top cyber trends to watch out for in 2019? Here's what we're hearing.

Cybersecurity 85

Cybersecurity Data breaches IoT Technology 85

WIRED Threat Level

DECEMBER 22, 2018

Amazon sends Echo recordings to the wrong person, Russians tried to get US Treasury dirt on Clinton donors, and more of the week's top security news.

Hacking 81

Hacking 81

Security Affairs

DECEMBER 28, 2018

Personal details of roughly 1,000 North Korean defectors living in South Korea have been leaked in a hacking case. Personal details of nearly 1,000 North Korean defectors were leaked as a result of a cyber attack exposing them to severe threats from Pyongyang. A similar incident has never happened before, the Unification Ministry said that leaked data includes names and addresses of North Korean defectors. “We apologise to defectors from the North.

Hacking 111

Hacking Data breaches Advertising Cyber Attacks 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

DECEMBER 27, 2018

The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.

Cybersecurity 87

Cybersecurity 87

Threatpost

DECEMBER 26, 2018

The top cybersecurity and privacy trends that biggest impact in 2018.

Cybersecurity 82

Cybersecurity Encryption Government Malware 82

WIRED Threat Level

DECEMBER 24, 2018

Move over, ransomware. Cryptojacking is officially the scourge of the internet.

Internet 80

Internet Internet Ransomware 80

Security Affairs

DECEMBER 23, 2018

Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not. Ankit Anubhav, a principal researcher at NewSky Security, discovered a vulnerability in some models of Huawei routers that could be exploited by attackers to determine whether the devices have default credentials or not, without connecting to them.

IoT 111

IoT Internet Internet Passwords 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity