Krebs on Security
NOVEMBER 26, 2018
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].
Schneier on Security
NOVEMBER 28, 2018
The module "event-steam" was infected with malware by an anonymous someone who became an admin on the project. Cory Doctorow points out that this is a clever new attack vector: Many open source projects attain a level of "maturity" where no one really needs any new features and there aren't a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to s
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
NOVEMBER 26, 2018
Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states.
Adam Levin
NOVEMBER 30, 2018
Marriot announced an enormous breach of the company’s reservations database that may have potentially exposed the personally identifiable information of more than 500 million guests. If you’ve made reservations at the St. Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Adam Shostack
NOVEMBER 29, 2018
The 2018 Gavle Goat is up and tweeting at @gavelebocken. Previously.
Schneier on Security
NOVEMBER 30, 2018
Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Adam Levin
NOVEMBER 27, 2018
Amazon was hit with a data breach just days before Black Friday and Cyber Monday, the biggest shopping time of the year. The major data breach exposed names and email addresses of customers due to a technical error on their website. Amazon emailed their customers Tuesday, November 20, 2018 stating the following: “Our website inadvertently disclosed your email address or name and email address due to a technical error.
Adam Shostack
NOVEMBER 26, 2018
Nonfiction. The Brothers: John Foster Dulles, Allen Dulles, and Their Secret World War is a fascinating biography of the Dulles brothers, and how the world changed through their lives and actions. One ran the State department, the other the CIA. Weapons of Math Destruction by Cathy O’Neil is an interesting overview of problems with machine learning and the ways in which it is often mis-applied.
Schneier on Security
NOVEMBER 29, 2018
The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.
The Last Watchdog
NOVEMBER 30, 2018
Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap. Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
NOVEMBER 29, 2018
Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface. IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies. Back in 2000, every aspiring student wanted to become computer /IT engineer, thanks to “.com” boom that was storming the IT industry back in those days.
WIRED Threat Level
NOVEMBER 27, 2018
Recent developments in the special counsel investigation show indicate that things are about to heat up.
Schneier on Security
NOVEMBER 30, 2018
Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC ). Bloomberg has stood by its story -- and is still standing by it. I don't think it's real. Yes, it's plausible.
The Last Watchdog
NOVEMBER 27, 2018
The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services. PhishMe. This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 27, 2018
Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0.
Dark Reading
NOVEMBER 30, 2018
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Schneier on Security
NOVEMBER 30, 2018
My latest book is doing well. And I've been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer.) My book talk at Google is also available. The Audible version was delayed for reasons that were never adequately explained to me, but it's finally out.
WIRED Threat Level
NOVEMBER 28, 2018
Researchers warn that utilities hackers don't need to cause blackouts to do damage.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
NOVEMBER 24, 2018
According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.
Dark Reading
NOVEMBER 29, 2018
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
eSecurity Planet
NOVEMBER 28, 2018
We examine 11 important cybersecurity research reports released in November -- and the controls organizations should consider.
Threatpost
NOVEMBER 29, 2018
The donut giant first noticed the attack Oct. 31.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
NOVEMBER 27, 2018
A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its constituency.
Dark Reading
NOVEMBER 26, 2018
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Thales Cloud Protection & Licensing
NOVEMBER 26, 2018
Six months on from the legal implementation of the General Data Protection Regulation (GDPR), a third of consumers have admitted they still aren’t confident that the companies they interact with comply with the regulation. Furthermore, 16% of organisations across the UK and Germany confessed to not having been ready in time for the legislation, according to our research into consumer and business perceptions of the GDPR, six months after its roll-out.
Threatpost
NOVEMBER 24, 2018
The credentials could be used to glean a variety of intel on the victims.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
NOVEMBER 24, 2018
US Government is inviting its allies to exclude Huawei equipment from critical infrastructure and 5G architectures, reports the Wall Street Journal. The Wall Street Journal reported that the US Government is urging its allies to exclude Huawei from critical infrastructure and 5G architectures. The United States is highlighting the risks for national security in case of adoption of Huawei equipment and is inviting internet providers and telco operators in allied countries to ban Huawei.
Dark Reading
NOVEMBER 27, 2018
Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
PerezBox Security
NOVEMBER 29, 2018
It’s been a long time since I have had to enable 2FA on Twitter and found the process completely infuriating. Twitter’s 2FA configuration uses SMS as the default option, this. Read More. The post How to enable 2FA on Twitter with Authy, Google Authenticator or another Mobile Application appeared first on PerezBox.
Threatpost
NOVEMBER 29, 2018
Hackers can spoof messages, hijack screen controls and kick others out of meetings.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
279 
Let's personalize your content