Sat.Jun 22, 2019 - Fri.Jun 28, 2019

article thumbnail

I'm Leaving IBM

Schneier on Security

Today is my last day at IBM. If you've been following along, IBM bought my startup Resilient Systems in Spring 2016. Since then, I have been with IBM, holding the nicely ambiguous title of "Special Advisor." As of the end of the month, I will be back on my own. I will continue to write and speak, and do the occasional consulting job. I will continue to teach at the Harvard Kennedy School.

article thumbnail

Breach at Cloud Solution Provider PCM Inc.

Krebs on Security

A digital intrusion at PCM Inc. , a major U.S.-based cloud solution provider, allowed hackers to access email and file sharing systems for some of the company’s clients, KrebsOnSecurity has learned. El Segundo, Calif. based PCM [ NASDAQ:PCMI ] is a provider of technology products, services and solutions to businesses as well as state and federal governments.

Retail 267
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 145

Troy Hunt

Something totally new this week - Israel! I spent the week in Tel Aviv at Cyber Week , a massive infosec conference where I shared the keynote stage with an amazing array of speakers including many from three letter acronym departments and even PM Benjamin Netanyahu. It's funny how on the one hand an event like this can be so completely different to the very familiar NDC Oslo scene I was in just last week yet by the same token, I'm up there talking about all the same stuff and doing my usual thi

InfoSec 181
article thumbnail

BEST PRACTICES: Do you know the last time you were socially engineered?

The Last Watchdog

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

iPhone Apps Surreptitiously Communicated with Unknown Servers

Schneier on Security

Long news article ( alternate source ) on iPhone privacy, specifically the enormous amount of data your apps are collecting without your knowledge. A lot of this happens in the middle of the night, when you're probably not otherwise using your phone: IPhone apps I discovered tracking me by passing information to third parties ­ just while I was asleep ­ include Microsoft OneDrive, Intuit's Mint, Nike, Spotify, The Washington Post and IBM's the Weather Channel.

256
256
article thumbnail

Tracing the Supply Chain Attack on Android

Krebs on Security

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “ Yehuo ” or “ Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile mal

Mobile 257

More Trending

article thumbnail

The Infrastructure Mess Causing Countless Internet Outages

WIRED Threat Level

You may not have heard of the Border Gateway Protocol, but you definitely know when it goes wrong.

Internet 111
article thumbnail

Person in Latex Mask Impersonated French Minister

Schneier on Security

Forget deep fakes. Someone wearing a latex mask fooled people on video calls for a period of two years, successfully scamming 80 million euros from rich French citizens.

Scams 241
article thumbnail

Microsoft to Require Multi-Factor Authentication for Cloud Solution Providers

Krebs on Security

It might be difficult to fathom how this isn’t already mandatory, but Microsoft Corp. says it will soon force all Cloud Solution Providers (CSPs) that help companies manage their Office365 accounts to use multi-factor authentication. The move comes amid a noticeable uptick in phishing and malware attacks targeting CSP employees and contractors.

article thumbnail

Anonymous Belgium hacker identified after dropping USB drive while throwing Molotov cocktail

Security Affairs

Belgium police have identified a member of the Anonymous Belgium collective while investigating an arson case at a local bank. The Anonymous member is a 35-year-old man from Roeselare, Belgium, was arrested after throwing a Molotov cocktail at the Crelan Bank office in Rumbeke, back in 2014. According to ZDnet , the hacker has been exposed after dropping USB drive on the ground while throwing the Molotov cocktail.

DDOS 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How Hackers Turn Microsoft Excel's Own Features Against It

WIRED Threat Level

A pair of recent findings show how hackers can compromise Excel users without any fancy exploits.

Hacking 111
article thumbnail

Election Security

Schneier on Security

Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good.

237
237
article thumbnail

Tracing the Supply Chain Attack on Android

Krebs on Security

Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “ Yehuo ” or “ Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile mal

Mobile 169
article thumbnail

Silex malware bricks thousands of IoT devices in a few hours

Security Affairs

Security experts warn of a new piece of the Silex malware that is bricking thousands of IoT devices, and the situation could rapidly go worse. Akamai researcher Larry Cashdollar discovered a new piece of the Silex malware that is bricking thousands of IoT devices, over 2,000 devices have been bricked in a few hours and the expert is continuing to see new infections.

IoT 111
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

The Internet Has Made Dupes—and Cynics—of Us All

WIRED Threat Level

The typical response to the onslaught of falsehood is to say, lol, nothing matters. But when so many of us are reaching this point, it really does matter.

Internet 111
article thumbnail

Cellebrite Claims It Can Unlock Any iPhone

Schneier on Security

The digital forensics company Cellebrite now claims it can unlock any iPhone. I dithered before blogging this, not wanting to give the company more publicity. But I decided that everyone who wants to know already knows, and that Apple already knows. It's all of us that need to know.

Hacking 234
article thumbnail

Malware Coming to a Mac Near You? Yes, Say Security Firms

Dark Reading

While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.

Malware 111
article thumbnail

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

Security Affairs

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report says that hackers stole roughly 500 MB of data related to Mars missions from NASA’s Jet Propulsion Laboratory in Southern California.

Hacking 112
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

He Cyberstalked Teen Girls for Years—Then They Fought Back

WIRED Threat Level

How a hacker shamed and humiliated high school girls in a small New Hampshire town, and how they helped take him down.

111
111
article thumbnail

MongoDB Offers Field Level Encryption

Schneier on Security

MongoDB now has the ability to encrypt data by field : MongoDB calls the new feature Field Level Encryption. It works kind of like end-to-end encrypted messaging, which scrambles data as it moves across the internet, revealing it only to the sender and the recipient. In such a "client-side" encryption scheme, databases utilizing Field Level Encryption will not only require a system login, but will additionally require specific keys to process and decrypt specific chunks of data locally on a user

article thumbnail

Rethinking the detection of child sexual abuse imagery on the Internet

Elie

In order to scale CSAI protections moving forward, we discuss techniques for automating detection and response by using recent advancements in machine learning.

Internet 110
article thumbnail

Lake City agreed to pay $500,000 in ransom, is the second case in Florida in a week

Security Affairs

A few days ago, Riviera Beach City agreed to pay $600,000 in ransom, now a Lake City, another city in Florida, agreed to do the same after a ransomware attack. A few days ago, Riviera Beach City agreed to pay $600,000 in ransom , now less than a week later, another city in Florida opted to do the same to recover its data after a ransomware attack. The victim is Lake City, Florida, that during an emergency meeting of the city council held on Monday, voted to pay a ransom demand of 42 bitcoins, wo

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Hackers Are Poking at a MacOS Gatekeeper Flaw Apple Left Unfixed

WIRED Threat Level

The clock's ticking to fix a Gatekeeper bug that would let hackers slip malware onto your computer undetected.

Malware 111
article thumbnail

Spanish Soccer League App Spies on Fans

Schneier on Security

The Spanish Soccer League's smartphone app spies on fans in order to find bars that are illegally streaming its games. The app listens with the microphone for the broadcasts, and then uses geolocation to figure out where the phone is. The Spanish data protection agency has ordered the league to stop doing this. Not because it's creepy spying, but because the terms of service -- which no one reads anyway -- weren't clear.

Spyware 230
article thumbnail

Iran Targeting U.S. With Destructive Wipers, Warns DHS

Threatpost

The Department of Homeland Security is warning that U.S. agencies are being targeted by Iranian-backed cyberattacks with destructive wiper malware.

Malware 98
article thumbnail

Hundreds of million computers potentially exposed to hack due to a flaw in PC-Doctor component

Security Affairs

Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an attacker with regular user permissions to execute arbitrary code with elevated privileges by planting specially crafted DLL files in specific location

Hacking 111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Hackers Used Two Firefox Zero Days to Hit a Crypto Exchange

WIRED Threat Level

A ransomware haul, a border security leak, and more of the week's top security news.

article thumbnail

Florida City Pays Ransomware

Schneier on Security

Learning from the huge expenses Atlanta and Baltimore incurred by refusing to pay ransomware, the Florida City of Riveria Beach decided to pay up. The ransom amount of almost $600,000 is a lot, but much cheaper than the alternative.

article thumbnail

The cyber skills gap & the diversity debate

Thales Cloud Protection & Licensing

Originally published in ITProPortal on July 13, 2019. Scarcity in talent means there is a critical deficit in developer security training. Organisations across the globe are suffering a cybersecurity workforce “gap” of around 2.9 million employees today, according to the latest estimates from (ISC)², the world’s leading cybersecurity and IT security professional organisation.

article thumbnail

US-based Cloud Solution Provider PCM Inc. hacked

Security Affairs

Hackers breached the infrastructure of PCM Inc. , one of the major U.S.-based cloud solution provider, and accessed to email and file sharing systems for some of its clients. Hackers breached the infrastructure of PCM Inc., one of the major U. S. -based cloud solution provider. According to the popular investigator Brian Krebs, the attackers gained access to email and file sharing systems for some of the company clients.

Hacking 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!