Sat.Nov 24, 2018 - Fri.Nov 30, 2018

article thumbnail

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “[link].

Phishing 278
article thumbnail

Distributing Malware By Becoming an Admin on an Open-Source Project

Schneier on Security

The module "event-steam" was infected with malware by an anonymous someone who became an admin on the project. Cory Doctorow points out that this is a clever new attack vector: Many open source projects attain a level of "maturity" where no one really needs any new features and there aren't a lot of new bugs being found, and the contributors to these projects dwindle, often to a single maintainer who is generally grateful for developers who take an interest in these older projects and offer to s

Malware 250
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states.

article thumbnail

Marriott Breach: More than 500 Million Guest Affected

Adam Levin

Marriot announced an enormous breach of the company’s reservations database that may have potentially exposed the personally identifiable information of more than 500 million guests. If you’ve made reservations at the St. Regis, Westin, Sheraton, W Hotels or anywhere else that operates on Marriot’s Starwood guest reservation database, it’s time to redouble your cybersecurity and privacy efforts, because this compromise is one of biggest we’ve seen—dwarfed only by the Yahoo breach that affected

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Gavelblocken, 2018

Adam Shostack

The 2018 Gavle Goat is up and tweeting at @gavelebocken. Previously.

113
113
article thumbnail

Three-Rotor Enigma Machine Up for Auction Today

Schneier on Security

Sotheby's is auctioning off a (working, I think) three-rotor Enigma machine today. They're expecting it to sell for about $200K. I have an Enigma, but it's missing the rotors.

233
233

More Trending

article thumbnail

Amazon hit with a Data Breach right before Black Friday

Adam Levin

Amazon was hit with a data breach just days before Black Friday and Cyber Monday, the biggest shopping time of the year. The major data breach exposed names and email addresses of customers due to a technical error on their website. Amazon emailed their customers Tuesday, November 20, 2018 stating the following: “Our website inadvertently disclosed your email address or name and email address due to a technical error.

article thumbnail

Books which are worth your time: Q4

Adam Shostack

Nonfiction. The Brothers: John Foster Dulles, Allen Dulles, and Their Secret World War is a fascinating biography of the Dulles brothers, and how the world changed through their lives and actions. One ran the State department, the other the CIA. Weapons of Math Destruction by Cathy O’Neil is an interesting overview of problems with machine learning and the ways in which it is often mis-applied.

article thumbnail

FBI Takes Down a Massive Advertising Fraud Ring

Schneier on Security

The FBI announced that it dismantled a large Internet advertising fraud network, and arrested eight people: A 13-count indictment was unsealed today in federal court in Brooklyn charging Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko with criminal violations for their involvement in perpetrating widespread digital advertising fraud.

article thumbnail

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

The Last Watchdog

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap. Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years.

IoT 133
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Knock-Knock Docker!! Will you let me in? Open API Abuse in Docker Containers

Security Affairs

Exploring the open API abuse for Docker Containers. Docker is a popular container product which has been adopted widely by the community. Preface. IT industry has seen quite a few transformations in last couple of decades with advent of disruptive technologies. Back in 2000, every aspiring student wanted to become computer /IT engineer, thanks to “.com” boom that was storming the IT industry back in those days.

article thumbnail

Russian Hackers Haven't Stopped Probing the US Power Grid

WIRED Threat Level

Researchers warn that utilities hackers don't need to cause blackouts to do damage.

111
111
article thumbnail

That Bloomberg Supply-Chain-Hack Story

Schneier on Security

Back in October, Bloomberg reported that China has managed to install backdoors into server equipment that ended up in networks belonging to -- among others -- Apple and Amazon. Pretty much everybody has denied it (including the US DHS and the UK NCSC ). Bloomberg has stood by its story -- and is still standing by it. I don't think it's real. Yes, it's plausible.

Hacking 221
article thumbnail

GUEST ESSAY: 5 anti-phishing training tools that can reduce employees’ susceptibility to scams

The Last Watchdog

The vast majority of cyber attacks against organizations pivot off the weakest security link: employees. The good news is that companies today have ready access to a wide variety of tools that can simulate common types of attacks and boost employee awareness. Here’s a guide to five such services. PhishMe. This tool, from Cofense, proactively engages employees via simulated attacks based on real-time threats for various phishing tactics.

Phishing 113
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Experts demonstrate how to exfiltrate data using smart bulbs

Security Affairs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0.

Mobile 112
article thumbnail

Special Counsel Robert Mueller's Endgame May Be in Sight

WIRED Threat Level

Recent developments in the special counsel investigation show indicate that things are about to heat up.

112
112
article thumbnail

Click Here to Kill Everybody News

Schneier on Security

My latest book is doing well. And I've been giving lots of talks and interviews about it. (I can recommend three interviews: the Cyberlaw podcast with Stewart Baker, the Lawfare podcast with Ben Wittes, and Le Show with Henry Shearer.) My book talk at Google is also available. The Audible version was delayed for reasons that were never adequately explained to me, but it's finally out.

196
196
article thumbnail

Holiday Hacks: 6 Cyberthreats to Watch Right Now

Dark Reading

'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.

Hacking 108
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

327 million Marriott guests affected in Starwood Data Breach

Security Affairs

Starwood Data Breach – Hackers accessed the guest reservation system of the Marriot owned Starwood since 2014 and copied and encrypted the information. Marriott International is the last victim of a long string of data breaches, the company announced that hackers compromised guest reservation database at its subsidiary Starwood hotels and stolen personal details of about 500 million guests. “The company has not finished identifying duplicate information in the database, but believes

article thumbnail

The Marriott Hack: How to Protect Yourself

WIRED Threat Level

Up to 500 people's personal information has been stolen in a Marriott hack that lasted four years, one of the biggest breaches yet.

Hacking 108
article thumbnail

Hackers Breach Dunkin’ Donuts Accounts in Credential Stuffing Attack

Threatpost

The donut giant first noticed the attack Oct. 31.

article thumbnail

Dunkin' Donuts Serves Up Data Breach Alert

Dark Reading

Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The SLoad Powershell malspam is expanding to Italy

Security Affairs

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “ Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its constituency.

Spyware 111
article thumbnail

Amazon Exposes Emails, Insurance Company Surveillance, and More Security News This Week

WIRED Threat Level

A USPS data leak, Windows passwords go bye-bye, and more security news this week.

article thumbnail

Spotify Phishers Hijack Music Fans’ Accounts

Threatpost

The credentials could be used to glean a variety of intel on the victims.

article thumbnail

7 Real-Life Dangers That Threaten Cybersecurity

Dark Reading

Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

North Korea-linked group Lazarus targets Latin American banks

Security Affairs

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated.

Banking 111
article thumbnail

 Why a Hacker Exploited Printers to Make PewDiePie Propaganda

WIRED Threat Level

An anonymous hacker has claimed credit for the prank, which is part of an ongoing YouTube subscriber feud.

98
article thumbnail

Critical Zoom Flaw Lets Hackers Hijack Conference Meetings

Threatpost

Hackers can spoof messages, hijack screen controls and kick others out of meetings.

82
article thumbnail

New Hacker Group Behind 'DNSpionage' Attacks in Middle East

Dark Reading

Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.

89
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!