Sat.Sep 22, 2018 - Fri.Sep 28, 2018

article thumbnail

Mmm. Pi-hole.

Troy Hunt

I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads that are forced down our throats at what seems like every turn. On the other hand, I appreciate the need for publishers to earn a living so that I can consume their hard-earned work for free. Somewhere in the middle is a responsible approach, for example the sponsorship banner you see at the top of this blog.

DNS 272
article thumbnail

Facebook Security Bug Affects 90M Users

Krebs on Security

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people. “This allowed t

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Counting People Through a Wall with WiFi

Schneier on Security

Interesting research : In the team's experiments, one WiFi transmitter and one WiFi receiver are behind walls, outside a room in which a number of people are present. The room can get very crowded with as many as 20 people zigzagging each other. The transmitter sends a wireless signal whose received signal strength (RSSI) is measured by the receiver.

Wireless 237
article thumbnail

Q&A: Reddit breach shows use of ‘SMS 2FA’ won’t stop privileged access pillaging

The Last Watchdog

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 106

Troy Hunt

Home again! Another NDC is down and I talk a little about how the talks were rated and about PubConf (make sure you get to one of these one day!) I've got another couple of weeks at home before any more travel and I'll talk more about the next things as they draw closer. This week, I'm on my new iPhone (which is very similar to my old iPhone), I'm talking about Uber getting fined, Cloudflare introducing some very cool new things, Firefox Monitor launching on top of the HIBP APIs and my newfound

IoT 194
article thumbnail

Secret Service Warns of Surge in ATM ‘Wiretapping’ Attacks

Krebs on Security

The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM. According to a non-public alert distributed to banks this week and shared with KrebsOnSecurity by a financial industry source, the Secret Service has received multiple reports about a complex form

Banking 256

More Trending

article thumbnail

Space Elevator Test

Adam Shostack

So cool! STARS-Me (or Space Tethered Autonomous Robotic Satellite – Mini elevator), built by engineers at Shizuoka University in Japan, is comprised of two 10-centimeter cubic satellites connected by a 10-meter-long tether. A small robot representing an elevator car, about 3 centimeters across and 6 centimeters tall, will move up and down the cable using a motor as the experiment floats in space.

article thumbnail

The Facebook Security Meltdown Exposes Way More Sites Than Facebook

WIRED Threat Level

The social networking giant confirmed Friday that sites you use Facebook to login to could have been accessed as a result of its massive breach.

112
112
article thumbnail

Beware of Hurricane Florence Relief Scams

Krebs on Security

If you’re thinking of donating money to help victims of Hurricane Florence , please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “flor

Scams 234
article thumbnail

New Variants of Cold-Boot Attack

Schneier on Security

If someone has physical access to your shut-down computer, they can probably break the hard-drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not : To carry out the attack, the F-Secure researchers first sought a way to defeat the the industry-standard cold boot mitigation. The protection works by creating a simple check between an operating system and a computer's firmware, the fundamental code that coordinates hardware and software for things like initiating

Firmware 227
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Facebook hacked – 50 Million Users’ Data exposed in the security breach

Security Affairs

Facebook hacked – Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of 50 Million Users. Facebook hacked, this is news that is rapidly spreading across the Internet. A few hours ago, Facebook announced that an attack on its computer network exposed the personal information of roughly 50 million users.

Hacking 111
article thumbnail

Facebook's Massive Security Breach: Everything We Know

WIRED Threat Level

Up to 50 million Facebook users were affected—and possibly 40 million more—when hackers compromised the social network's systems.

111
111
article thumbnail

Facebook Hacked, 50 Million Users Affected

Dark Reading

A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.

Hacking 107
article thumbnail

Yet Another IoT Cybersecurity Document

Schneier on Security

This one is from NIST: " Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks." It's still in draft. Remember, there are many others.

IoT 212
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

CVE-2018-1718 -Google Project Zero reports a new Linux Kernel flaw

Security Affairs

Google Project Zero disclosed details for a high severity Linux kernel a use-after-free vulnerability tracked as CVE-2018-1718. The vulnerability is a use-after-free tracked as CVE-2018-17182, it was discovered by Google Project Zero’s Jann Horn. The vulnerability was introduced in August 2014 with the release of version 3.16 of the Linux kernel. The issue could be exploited by an attacker trigger a DoS condition or to execute arbitrary code with root privileges on the vulnerable system.

article thumbnail

Russia’s Elite Fancy Bear Hackers Have a Clever New Trick

WIRED Threat Level

For the first time, a so-called UEFI rootkit has been spotted in the wild. And it appears to come from Russia.

111
111
article thumbnail

7 Most Prevalent Phishing Subject Lines

Dark Reading

The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.

Phishing 103
article thumbnail

Major Tech Companies Finally Endorse Federal Privacy Regulation

Schneier on Security

The major tech companies, scared that states like California might impose actual privacy regulations , have now decided that they can better lobby the federal government for much weaker national legislation that will preempt any stricter state measures. I'm sure they'll still do all they can to weaken the California law, but they know they'll do better at the national level.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Russian Sednit APT used the first UEFI rootkit of ever in attacks in the wild

Security Affairs

Security experts from ESET have spotted the first UEFI rootkit of ever, the code tracked as LoJax was used in attacks in the wild. Security researchers from ESET have discovered a new piece of a sophisticated malware used by the Russia-linked Sednit group (aka Fancy Bear , APT28 , Pawn Storm , Sofacy Group , and STRONTIUM ) in targeted attacks aimed at government entities in the Balkans as well as in Central and Eastern Europe.

Firmware 111
article thumbnail

Mobile Websites Can Tap Into Your Phone's Sensors Without Asking

WIRED Threat Level

Apps need your explicit permission to access your smartphone's motion and light sensors. Mobile websites? Not so much.

Mobile 111
article thumbnail

Facebook Breach: 50 Million Users Affected

Adam Levin

Facebook has had a hard year, and it just got worse. The company announced that it was compromised, and 50 million users were affected. The company discovered the breach on Tuesday, and reported it three days later. While 50 million users may seem like relatively minor news given the total number of Facebook users out there, it’s roughly the equivalent of the entire population of the west coast of the United States. .

article thumbnail

Critical Linux Kernel Flaw Gives Root Access to Attackers

Dark Reading

All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.

91
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Hide and Seek (HNS) IoT Botnet targets Android devices with ADB option enabled

Security Affairs

The latest samples of the HNS bot were designed to target Android devices having the wireless debugging feature ADB enabled. The Hide and Seek (HNS) IoT botnet was first spotted early this year, since its discovery the authors continuously evolved its code. The IoT botnet appeared in the threat landscape in January, when it was first discovered on January 10th by malware researchers from Bitdefender, then it disappeared for a few days, and appeared again a few weeks later infecting in a few

IoT 111
article thumbnail

A Small Google Chrome Change Stirs a Big Privacy Controversy

WIRED Threat Level

The latest update to Google's browser has riled privacy advocates by appearing to log people in without their explicit permission.

110
110
article thumbnail

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

Threatpost

Researchers said the vulnerability "is very easy to exploit.".

88
article thumbnail

In Quiet Change, Google Now Automatically Logging Users Into Chrome

Dark Reading

The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.

91
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Uber agrees to pay $148 million in massive 2016 data breach settlement

Security Affairs

Uber agrees to $148 million settlement with US States and the District of Columbia over the massive 2016 data breach that exposed personal data of 57 million of its users. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and accessed the personal data (names, email addresses and cellphone numbers) of 57 million of its users, the disconcerting revelation was that the company covered up the hack for more than a year.

article thumbnail

Voting Machines Are Still Absurdly At Risk

WIRED Threat Level

A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use.

Risk 109
article thumbnail

ThreatList: Hackers Turn to Python as Attack Coding Language of Choice

Threatpost

More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.

Hacking 87
article thumbnail

6 Dark Web Pricing Trends

Dark Reading

For cybercriminals, the Dark Web grows more profitable every day.

89
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!