Sat.Oct 05, 2019 - Fri.Oct 11, 2019

article thumbnail

Speakers Censored at AISA Conference in Melbourne

Schneier on Security

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake , former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Suelette Dreyfus , lecturer at the University of Melbourne, was scheduled to give a talk on her work -- funded by the EU government -- on anonymous whistleblowing technologies like Dropbox and how they reduce corruption in countr

article thumbnail

FBI Warns of Cyber Attacks on Multi-Factor Authentication

Adam Levin

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.” The report went on to describe several scenarios where hackers bypassed MFA protections, accessing target networks and stored data.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: CASBs help companies meet ‘shared responsibility’ for complex, rising cloud risks

The Last Watchdog

Cloud Access Security Brokers – aka “caz-bees” — have come a long way in a short time. CASBs, a term coined by tech industry consultancy Gartner, first cropped about seven years ago to help organizations enforce security and governance policies as they commenced, in earnest, their march into the cloud. Related: Implications of huge Capital One breach CASBs supplied a comprehensive set of tools to monitor and manage the multitude of fresh cyber risks spinning out of the rise in in corporate

Risk 200
article thumbnail

Patch Tuesday Lowdown, October 2019 Edition

Krebs on Security

On Tuesday Microsoft issued software updates to fix almost five dozen security problems in Windows and software designed to run on top of it. By most accounts, it’s a relatively light patch batch this month. Here’s a look at the highlights. Happily, only about 15 percent of the bugs patched this week earned Microsoft’s most dire “critical” rating.

Backups 38
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Illegal Data Center Hidden in Former NATO Bunker

Schneier on Security

Interesting : German investigators said Friday they have shut down a data processing center installed in a former NATO bunker that hosted sites dealing in drugs and other illegal activities. Seven people were arrested. [.]. Thirteen people aged 20 to 59 are under investigation in all, including three German and seven Dutch citizens, Brauer said. Authorities arrested seven of them, citing the danger of flight and collusion.

article thumbnail

Quick Threat Model Links October 2019

Adam Shostack

Trail of Bits released a threat model for Kubernetes. There’s some context from Aaron Small, who made the project happen. Continuum has a blog and a spreadsheet on threat modeling lambdas (as a category, not specific to Amazon Lambda), and also a post on threat modeling with CAPEC. Ntrepid has released a blog posts on “Threat Modeling for Managed Attribution” ( part 1 , part 2 , part 3 ) The W3C has updated the questionnaire it uses for web feature development, including questi

189
189

More Trending

article thumbnail

SHARED INTEL: What it takes to preserve business continuity, recover quickly from a cyber disaster

The Last Watchdog

To pay or not to pay? That’s the dilemma hundreds of organizations caught in the continuing surge of crippling ransomware attacks have faced. Related: How ransomware became such a scourge The FBI discourages it, as you might have guessed. What’s more, the U.S. Conference of Mayors this summer even passed a resolution declaring paying hackers for a decryption key anathema.

article thumbnail

Wi-Fi Hotspot Tracking

Schneier on Security

Free Wi-Fi hotspots can track your location , even if you don't connect to them. This is because your phone or computer broadcasts a unique MAC address. What distinguishes location-based marketing hotspot providers like Zenreach and Euclid is that the personal information you enter in the captive portal­ -- like your email address, phone number, or social media profile­ -- can be linked to your laptop or smartphone's Media Access Control (MAC) address.

Mobile 226
article thumbnail

Own Your Cloud Security

Thales Cloud Protection & Licensing

It’s hard to believe it’s mid-October. Along with autumn, comes National Cybersecurity Awareness Month (NCSAM). The NCSAM 2019 focuses on personal accountability. Driven through mass public engagement, the ‘Own IT. Secure. IT. Protect IT.’ theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers.

article thumbnail

Robocalls annually scam one in 10 Americans, to a loss of $9.5 billion

Tech Republic Security

Computerized auto dialers deliver pre-recorded phone calls with 60 billion expected in 2019 alone. Here's how to handle robocalls.

Scams 167
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

NEW TECH: Human operatives maintain personas, prowl the Dark Net for intel to help companies

The Last Watchdog

It seems like any discussion of cybersecurity these days invariably circles back to automation. Our growing fixation with leveraging artificial intelligence to extract profits from Big Data – for both constructive and criminal ends—is the order of the day. Related: Why Cyber Pearl Harbor is upon us Vigilante is a cybersecurity startup that cuts against that grain.

article thumbnail

New Unpatchable iPhone Exploit Allows Jailbreaking

Schneier on Security

A new iOS exploit allows jailbreaking of pretty much all version of the iPhone. This is a huge deal for Apple, but at least it doesn't allow someone to remotely hack people's phones. Some details : I wanted to learn how Checkm8 will shape the iPhone experience­ -- particularly as it relates to security­ -- so I spoke at length with axi0mX on Friday.

Malware 226
article thumbnail

Top cybersecurity certifications to consider for your IT career

Security Affairs

With the right cybersecurity certifications, you can attain your goals seamlessly and in a fast way and speed up your career. Cyber attacks are making headlines almost every day in today’s era. The attacks have increased both in number and complexity. Because of this natural demand, it is now crucial for companies and specialized firms to reinforce and invest in professionals to face a problem that technology can’t solve.

article thumbnail

How MIT researchers use machine learning to detect IP hijackings before it occurs

Tech Republic Security

The goal is to predict incidents in advance by tracing it back to the actual hijackers.

166
166
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Planting Tiny Spy Chips in Hardware Can Cost as Little as $200

WIRED Threat Level

A new proof-of-concept hardware implant shows how easy it may be to hide malicious chips inside IT equipment.

Hacking 111
article thumbnail

New Reductor Nation-State Malware Compromises TLS

Schneier on Security

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it's calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, "marking" infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates.

Malware 222
article thumbnail

Researchers released a free decryptor for the Nemty Ransomware

Security Affairs

Good news for the victims of the Nemty Ransomware , security researchers have released a free decryptor that could be used to recover files. I have great news for the victims of the recently discovered Nemty Ransomware , security researchers have released a free decryptor tool that could be used to recover files. In mid-August, the Nemty ransomware appeared in the threat landscape, the name of the ransomware comes after the extension it adds to the encrypted file names.

article thumbnail

SafeBreach catches vulnerability in controversial HP Touchpoint Analytics software

Tech Republic Security

After being notified on July 4, HP waited four months before releasing a security advisory.

Software 144
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

7 Cybersecurity Threats That Can Sneak Up on You

WIRED Threat Level

From rogue USB sticks to Chrome extensions gone wild, here is a quick guide to some basic risks you should look out for.

article thumbnail

I Have a New Book: We Have Root

Schneier on Security

I just published my third collection of essays: We Have Root. This book covers essays from 2013 to 2017. (The first two are Schneier on Security and Carry On.). There is nothing in this book is that is not available for free on my website; but if you'd like these essays in an easy-to-carry paperback book format, you can order a signed copy here. External vendor links, including for ebook versions, here.

220
220
article thumbnail

D-Link router models affected by remote code execution issue that will not be fixed

Security Affairs

Researchers at Fortinet’s FortiGuard Labs have publicly disclosed a critical remote code execution vulnerability affecting some models of D-Link routers. Security experts at Fortinet’s FortiGuard Labs disclosed a remote code execution vulnerability tracked as CVE-2019-16920. The vulnerability is an unauthenticated command injection issue that was discovered on September 2019.

article thumbnail

Cyberattacks are increasing, but AV and intrusion detection software are asleep at the wheel

Tech Republic Security

Over three quarters of US businesses have faced cyberattacks in the past 12 months, with 86% of US firms experiencing attacks feeling let down by their antivirus.

Antivirus 141
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Never Trust a Platform to Put Privacy Ahead of Profit

WIRED Threat Level

111
111
article thumbnail

Details on Uzbekistan Government Malware: SandCat

Schneier on Security

Kaspersky has uncovered an Uzbeki hacking operation, mostly due to incompetence on the part of the government hackers. The group's lax operational security includes using the name of a military group with ties to the SSS to register a domain used in its attack infrastructure; installing Kaspersky's antivirus software on machines it uses to write new malware, allowing Kaspersky to detect and grab malicious code still in development before it's deployed; and embedding a screenshot of one of its de

article thumbnail

UK NCSC agency warns of APTs exploiting Enterprise VPN vulnerabilities

Security Affairs

The UK’s National Cyber Security Centre (NCSC) warns of attacks exploiting recently disclosed VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure. According to the UK’s National Cyber Security Centre (NCSC), advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild.

VPN 111
article thumbnail

How to enable SSH session recording in CentOS 8

Tech Republic Security

Learn how to enable SSH session recording in CentOS 8.

140
140
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

A Bug in Popular Android Phones Gives Hackers Full Control

WIRED Threat Level

FCC comment bots, a "bulletproof" hosting takedown, and more of the week's top security news.

111
111
article thumbnail

Edward Snowden's Memoirs

Schneier on Security

Ed Snowden has published a book of his memoirs: Permanent Record. I have not read it yet, but I want to point you all towards two pieces of writing about the book. The first is an excellent review of the book and Snowden in general by SF writer and essayist Jonathan Lethem, who helped make a short film about Snowden in 2014. The second is an essay looking back at the Snowden revelations and what they mean.

article thumbnail

Hacker is auctioning a database containing details of 92 million Brazilians

Security Affairs

A database containing details of 92 million Brazilians was auctioned by a threat actor on underground forums along with a search service focused on Brazilians. Someone is auctioning on several restricted underground forums a database containing personal information of 92 million Brazilian citizens. The threat actor, registered as X4Crow, is also advertising a search service that allows retrieving detailed information on Brazilian citizens.

article thumbnail

Financial industry spending millions to deal with breaches in 2019

Tech Republic Security

A new study says financial services organizations experienced an average of 10 attacks a year and spent an average of $1.3 million to restore services after each DNS attack.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!