Schneier on Security
JUNE 28, 2019
Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job. I will continue to teach at the Harvard Kennedy School.
Krebs on Security
JUNE 27, 2019
A digital intrusion at PCM Inc. , a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. El Segundo, Calif. based PCM [ NASDAQ:PCMI ] is a provider of technology products, services and solutions to businesses as well as state and federal governments.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JUNE 27, 2019
Something totally new this week - Israel! I spent the week in Tel Aviv at Cyber Week , a massive infosec conference where I shared the keynote stage with an amazing array of speakers including many from three letter acronym departments and even PM Benjamin Netanyahu. It's funny how on the one hand an event like this can be so completely different to the very familiar NDC Oslo scene I was in just last week yet by the same token, I'm up there talking about all the same stuff and doing my usual thi
Adam Shostack
JUNE 26, 2019
Bruce Marshall has put together a comparison of OWASP ASVS v3 and v4 password requirements: OWASP ASVS 3.0 & 4.0 Comparison. This is useful in and of itself, and is also the sort of thing that more standards bodies should do, by default. It’s all too common to have a new standard come out without clear diffs. It’s all too common for new standards to build closely on other standards, without clearly saying what they’ve altered and why.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JUNE 25, 2019
Long news article ( alternate source ) on iPhone privacy, specifically the enormous amount of data your apps are collecting without your knowledge. A lot of this happens in the middle of the night, when you're probably not otherwise using your phone: IPhone apps I discovered tracking me by passing information to third parties just while I was asleep include Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post and IBM's the Weather Channel.
Krebs on Security
JUNE 25, 2019
Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “ Yehuo ” or “ Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile mal
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
JUNE 23, 2019
NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report says that hackers stole roughly 500 MB of data related to Mars missions from NASA’s Jet Propulsion Laboratory in Southern California.
Schneier on Security
JUNE 26, 2019
Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens.
Krebs on Security
JUNE 28, 2019
It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors.
Dark Reading
JUNE 26, 2019
While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
JUNE 25, 2019
Belgium police have identified a member of the Anonymous Belgium collective while investigating an arson case at a local bank. The Anonymous member is a 35-year-old man from Roeselare, Belgium, was arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, back in 2014. According to ZDnet , the hacker has been exposed after dropping USB drive on the ground while throwing the Molotov cocktail.
Schneier on Security
JUNE 28, 2019
The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know.
Krebs on Security
JUNE 25, 2019
Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “ Yehuo ” or “ Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile mal
Thales Cloud Protection & Licensing
JUNE 25, 2019
Originally published in ITProPortal on July 13, 2019. Scarcity in talent means there is a critical deficit in developer security training. Organisations across the globe are suffering a cybersecurity workforce “gap” of around 2.9 million employees today, according to the latest estimates from (ISC)², the world’s leading cybersecurity and IT security professional organisation.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JUNE 23, 2019
Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an attacker with regular user permissions to execute arbitrary code with elevated privileges by planting specially crafted DLL files in specific location
Schneier on Security
JUNE 26, 2019
MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side" encryption scheme, databases utilizing Field Level Encryption will not only require a system login, but will additionally require specific keys to process and decrypt specific chunks of data locally on a user
The Last Watchdog
JUNE 24, 2019
WIRED Threat Level
JUNE 24, 2019
The typical response to the onslaught of falsehood is to say, lol, nothing matters. But when so many of us are reaching this point, it really does matter.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JUNE 26, 2019
Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Akamai researcher Larry Cashdollar discovered a new piece of the Silex malware that is bricking thousands of IoT devices, over 2,000 devices have been bricked in a few hours and the expert is continuing to see new infections.
Schneier on Security
JUNE 27, 2019
The Spanish Soccer League's smartphone app spies on fans in order to find bars that are illegally streaming its games. The app listens with the microphone for the broadcasts, and then uses geolocation to figure out where the phone is. The Spanish data protection agency has ordered the league to stop doing this. Not because it's creepy spying, but because the terms of service -- which no one reads anyway -- weren't clear.
Dark Reading
JUNE 24, 2019
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Threatpost
JUNE 27, 2019
A 14-year-old hacker bricked at least 4,000 Internet of Things devices with a new strain of malware called Silex this week. Threatpost talks to the researcher who discovered the malware.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
JUNE 24, 2019
Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction. Figure 1: Exposed EXIM server in Italy (Reference: ZoomEye ). In the past days, a really important issue has been disclosed to the public: “ Return of the WiZard ” vulnerability (ref. EW N030619 , CVE-2019-10149 ).
Schneier on Security
JUNE 25, 2019
Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative.
Elie
JUNE 25, 2019
Over the last decade, the illegal distribution of child sexual abuse imagery (CSAI) has transformed alongside the rise of online sharing platforms. In this paper, we present the first longitudinal measurement study of CSAI distribution online and the threat it poses to society's ability to combat child sexual abuse. Our results illustrate that CSAI has grown exponentially to nearly 1 million detected events per month exceeding the capabilities of independent clearinghouses and law enforcement to
Threatpost
JUNE 24, 2019
The Department of Homeland Security is warning that U.S. agencies are being targeted by Iranian-backed cyberattacks with destructive wiper malware.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
JUNE 26, 2019
A few days ago, Riviera Beach City agreed to pay $600,000 in ransom, now a Lake City, another city in Florida, agreed to do the same after a ransomware attack. A few days ago, Riviera Beach City agreed to pay $600,000 in ransom , now less than a week later, another city in Florida opted to do the same to recover its data after a ransomware attack. The victim is Lake City, Florida, that during an emergency meeting of the city council held on Monday, voted to pay a ransom demand of 42 bitcoins, wo
Schneier on Security
JUNE 24, 2019
Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good.
Dark Reading
JUNE 25, 2019
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
Thales Cloud Protection & Licensing
JUNE 27, 2019
Originally published in HelpNet Security on June 25, 2019. Many organizations are finding themselves between a rock and a hard place when it comes to the security of their digital transformation strategies. On the one hand, the number of data breaches continue to increase and damages stemming from cybercrime have businesses losing more than $3.86 million on average , per breach, according to the Ponemon Institute.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
272 
Let's personalize your content