Troy Hunt
SEPTEMBER 26, 2018
I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog.
Krebs on Security
SEPTEMBER 27, 2018
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
SEPTEMBER 27, 2018
Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver.
The Last Watchdog
SEPTEMBER 24, 2018
The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Troy Hunt
SEPTEMBER 27, 2018
Home again! Another NDC is down and I talk a little about how the talks were rated and about PubConf (make sure you get to one of these one day!) I've got another couple of weeks at home before any more travel and I'll talk more about the next things as they draw closer. This week, I'm on my new iPhone (which is very similar to my old iPhone), I'm talking about Uber getting fined, Cloudflare introducing some very cool new things, Firefox Monitor launching on top of the HIBP APIs and my newfound
Krebs on Security
SEPTEMBER 28, 2018
Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed t
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Shostack
SEPTEMBER 25, 2018
So cool! STARS-Me (or Space Tethered Autonomous Robotic Satellite – Mini elevator), built by engineers at Shizuoka University in Japan, is comprised of two 10-centimeter cubic satellites connected by a 10-meter-long tether. A small robot representing an elevator car, about 3 centimeters across and 6 centimeters tall, will move up and down the cable using a motor as the experiment floats in space.
Security Affairs
SEPTEMBER 28, 2018
Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.
Krebs on Security
SEPTEMBER 24, 2018
If you’re thinking of donating money to help victims of Hurricane Florence , please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “flor
Schneier on Security
SEPTEMBER 24, 2018
If someone has physical access to your shut-down computer, they can probably break the hard-drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not : To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation. The protection works by creating a simple check between an operating system and a computer's firmware, the fundamental code that coordinates hardware and software for things like initiating
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
SEPTEMBER 28, 2018
The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.
Security Affairs
SEPTEMBER 28, 2018
Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited by an attacker trigger a DoS condition or to execute arbitrary code with root privileges on the vulnerable system.
Dark Reading
SEPTEMBER 28, 2018
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
Schneier on Security
SEPTEMBER 27, 2018
This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
SEPTEMBER 28, 2018
Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.
Security Affairs
SEPTEMBER 27, 2018
Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.
Dark Reading
SEPTEMBER 28, 2018
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Schneier on Security
SEPTEMBER 28, 2018
The major tech companies, scared that states like California might impose actual privacy regulations , have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I'm sure they'll still do all they can to weaken the California law, but they know they'll do better at the national level.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Levin
SEPTEMBER 28, 2018
Facebook has had a hard year, and it just got worse. The company announced that it was compromised, and 50 million users were affected. The company discovered the breach on Tuesday, and reported it three days later. While 50 million users may seem like relatively minor news given the total number of Facebook users out there, it’s roughly the equivalent of the entire population of the west coast of the United States. .
Security Affairs
SEPTEMBER 26, 2018
The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and appeared again a few weeks later infecting in a few
eSecurity Planet
SEPTEMBER 27, 2018
Vendors and industry associations put out a steady stream of research reports. What do 10 recent reports say about the state of IT security?
Dark Reading
SEPTEMBER 26, 2018
All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Threatpost
SEPTEMBER 27, 2018
Researchers said the vulnerability "is very easy to exploit.".
Security Affairs
SEPTEMBER 26, 2018
Uber agrees to $148 million settlement with US States and the District of Columbia over the massive 2016 data breach that exposed personal data of 57 million of its users. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.
eSecurity Planet
SEPTEMBER 24, 2018
SIEM tools monitor network logs to detect security threats and prevent breaches. Our guide offers everything you need to know about SIEM systems.
Dark Reading
SEPTEMBER 24, 2018
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Threatpost
SEPTEMBER 27, 2018
More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.
Security Affairs
SEPTEMBER 23, 2018
The Port of Barcelona was hit by a cyber attack, fortunately, maritime operations had not affected. On September 20, 2018 morning, the Port of Barcelona was hit by a cyber attack that forced the operators of the infrastructure to launch the procedure to respond to the emergency. At the time of writing, there are no technical details about the cyber attack, the attackers hit several servers at the infrastructure, but maritime operations had not affected.
Thales Cloud Protection & Licensing
SEPTEMBER 27, 2018
Companies in every sector have embraced digital transformation, backed by IoT initiatives, as the silver bullet to gain a competitive edge. IoT projects have the potential to streamline operations, create new revenue streams, and improve customer service through collection and analysis of data from a variety of IoT devices. But if organizations aren’t able to trust their devices or the data they produce, is there really a point to collecting this data in the first place?
Dark Reading
SEPTEMBER 24, 2018
For cybercriminals, the Dark Web grows more profitable every day.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
277 
Let's personalize your content