Sat.Sep 21, 2019 - Fri.Sep 27, 2019

article thumbnail

MyPayrollHR CEO Arrested, Admits to $70M Fraud

Krebs on Security

Earlier this month, employees at more than 1,000 companies saw one or two paycheck’s worth of funds deducted from their bank accounts after the CEO of their cloud payroll provider absconded with $35 million in payroll and tax deposits from customers. On Monday, the CEO was arrested and allegedly confessed that the diversion was the last desperate gasp of a financial shell game that earned him $70 million over several years.

Banking 267
article thumbnail

Russians Hack FBI Comms System

Schneier on Security

Yahoo News reported that the Russians have successfully targeted an FBI communications system: American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet.

Hacking 225
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

SHARED INTEL: Here’s one way to better leverage actionable intel from the profusion of threat feeds

The Last Watchdog

Keeping track of badness on the Internet has become a thriving cottage industry unto itself. Related: ‘Cyber Pearl Harbor’ is upon us There are dozens technology giants, cybersecurity vendors, government agencies and industry consortiums that identify and blacklist IP addresses and web page URLs that are obviously being used maliciously; and hundreds more independent white hat hackers are doing much the same.

Firewall 193
article thumbnail

Court Rules in Favor of Mining LinkedIn User Data

Adam Levin

A federal appellate court ruled that mining and aggregating user data publicly posted to social media sites is allowable by law. In an opinion released earlier this month, the 9th Circuit U.S.Court of Appeals upheld an injunction against employment-centric social network LinkedIn from blocking access to hiQ, a data mining company that sells aggregated user information. .

Passwords 158
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Weekly Update 157

Troy Hunt

Hungary! And that's about as much intro as I'm going to do on that because this is going out super later and I'm writing this at the end of a very long day. Only other thing I'll mention is the audio - the Instamic failed to record again so it's now going firmly into the e-waste bin. Anyway, on a more positive note, enjoy the beautiful sights of the Hungarian parliament before you jump into this week's update: Budapest!

Banking 142
article thumbnail

On Chinese "Spy Trains"

Schneier on Security

The trade war with China has reached a new industry: subway cars. Congress is considering legislation that would prevent the world's largest train maker, the Chinese-owned CRRC Corporation, from competing on new contracts in the United States. Part of the reasoning behind this legislation is economic, and stems from worries about Chinese industries undercutting the competition and dominating key global industries.

More Trending

article thumbnail

Financial impact of ransomware attacks increasing despite overall decrease in attacks

Tech Republic Security

Vulnerabilities originally discovered by US government security services have been used by cybercriminals against municipalities, costing taxpayers an estimated $11.5 billion in 2019.

article thumbnail

It’s Google’s World. Your Business Is Just Living in It

Adam Levin

Fifty attorneys general announced earlier this month that Google is the target of an antitrust probe. Any business owner who has happened to find themselves stuck in the company’s orbit–that would be any company with a digital presence–won’t hesitate to tell you such a move is long overdue. Case in point: I just did a Google search for Basecamp, an online project management tool.

article thumbnail

France Outlines Its Approach to Cyberwar

Schneier on Security

In a document published earlier this month (in French), France described the legal framework in which it will conduct cyberwar operations. Lukasz Olejnik explains what it means , and it's worth reading.

article thumbnail

NEW TECH: How ‘cryptographic splitting’ bakes-in security at a ‘protect-the-data-itself’ level

The Last Watchdog

How can it be that marquee enterprises like Capital One, Marriott, Facebook, Yahoo, HBO, Equifax, Uber and countless others continue to lose sensitive information in massive data breaches? Related: Breakdown of Capital One breach The simple answer is that any organization that sustains a massive data breach clearly did not do quite enough to protect the data itself.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to control your privacy in Android 10

Tech Republic Security

With the newest Android version, Google has tried to improve and simplify the process of managing your privacy. Learn how to use the privacy controls and options in Android 10.

144
144
article thumbnail

Iran denies successful cyber attacks hit infrastructures of its oil sector

Security Affairs

In the last hours, some western media reported destructive cyber attacks against infrastructures in the Iranian oil sector, but Iran denied it. Last week drone attacks have hit two major oil facilities run by the state-owned company Aramco in Saudi Arabia, one of them is the Abqaiq site. Western Governments and Saudi Arabia blamed Iran for the attacks.

article thumbnail

Ineffective Package Tracking Facilitates Fraud

Schneier on Security

This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode -- and not to the address - it's possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable.

202
202
article thumbnail

NEW TECH: The march begins to make mobile app security more robust than legacy PC security

The Last Watchdog

Is mobile technology on a course to become more secure than traditional computing? Seven or eight years ago, that was a far-fetched notion. Today, the answer to that question is, “Yes, it must, and soon.” Related: Securing the Internet of Things I’ve been writing about organizations struggling to solve the productivity vs. security dilemma that’s part and parcel of the BYOD craze for some time now.

Mobile 147
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hackers targeting commercial routers to inject credit card stealing code in shopping sites

Tech Republic Security

Magecart 5 is targeting Layer 7 routers used in airports, casinos, hotels, and resorts, and others, to steal credit card data on popular US and Chinese shopping sites.

141
141
article thumbnail

Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

Security Affairs

A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets , it works on iPhone models from 4S to 8 and X. The security expert Axi0mX has released a new jailbreak, dubbed Checkm8 , that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released between 2011 and 2017, including iPhone models from 4S to 8 and X.

article thumbnail

Superhero Movies and Security Lessons

Schneier on Security

A paper I co-wrote was just published in Security Journal : " Superheroes on screen: real life lessons for security debates ": Abstract: Superhero films and episodic shows have existed since the early days of those media, but since 9/11, they have become one of the most popular and most lucrative forms of popular culture. These fantastic tales are not simple amusements but nuanced explorations of fundamental security questions.

Media 186
article thumbnail

Unsupervised Learning: No. 195

Daniel Miessler

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How to defend your organization against browser-hijacking malware and ransomware

Tech Republic Security

Network attacks more than doubled this past quarter versus the prior quarter, according to a new report from security provider WatchGuard.

Malware 144
article thumbnail

A new Fancy Bear backdoor used to target political targets

Security Affairs

Security experts at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group aimed at political targets. Security researchers at ESET have uncovered a new campaign carried out by Russia-linked Fancy Bear APT group (i.e. APT28 , Sednit , Sofacy , Zebrocy , and Strontium ) aimed at political targets. In the recent attacks, the hackers used a new set of malicious payloads, including a backdoor written in a new language.

article thumbnail

Identity-based Cryptography

Thales Cloud Protection & Licensing

Public key infrastructure (PKI) requires key distribution and has been long criticised for its usability issues [13,14,15]. In an experiment [15] conducted for analysing the usability of Mailvelop, a modern PGP tool rated 4.4 out of 5 stars on Chrome web store, 9 out of 10 pairs of participants failed to complete the assigned task of exchanging encrypted emails, i.e. 90% failure rate.

article thumbnail

The State of Malware Analysis: Advice from the Trenches

Lenny Zeltser

What malware analysis approaches work well? Which don’t? How are the tools and methodologies evolving? The following discussion–captured as an MP3 audio file –offers friendly advice from 5 malware analysts. These are some of the practitioners who teach the reverse-engineering malware course (FOR610) at SANS Institute: Jim Clausing : Security Architect at AT&T and Internet Storm Center Handler (Panelist) Evan Dygert : Senior Security Engineer for Blue Cross Blue Shield Assoc

Malware 93
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Why employees still fall for phishing emails

Tech Republic Security

Nearly half of office workers said they had their data compromised. Here's why they keep falling for phishing scams.

Phishing 155
article thumbnail

North Korea-linked malware ATMDtrack infected ATMs in India

Security Affairs

Kaspersky experts spotted a new piece of ATM malware, dubbed ATMDtrack, that was developed and used by North Korea-linked hackers. Kaspersky researchers discovered a new piece of ATM malware, tracked as ATMDtrack, that was developed and used by North Korea-linked hackers. Threat actors deployed the malware on ATM systems to steal payment card details of the back customers.

Malware 102
article thumbnail

7 Ways VPNs Can Turn from Ally to Threat

Dark Reading

VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.

VPN 93
article thumbnail

Retailers Face Many Challenges, Data Security Doesn’t Have to be One of the Them

Thales Cloud Protection & Licensing

Business is booming and data is flowing. Retailers and shoppers are leveraging and enjoying many benefits data sharing brings: loyalty programs, personalized experiences, easier product location and ordering, online shopping, mobile access and the list goes on. With a few clicks, even hard-to-find products make their way to a customer’s doorstep within hours.

Retail 89
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How to enable a randomized MAC address in Android 10

Tech Republic Security

Don't let your Android's MAC address give away your location--use a Randomized MAC address instead.

164
164
article thumbnail

Campbell County Memorial Hospital in Wyoming hit by ransomware attack

Security Affairs

Campbell County Memorial Hospital in Gilette, Wyoming is facing service disruptions after a ransomware attack hit its computer systems on Friday. On Friday, the Campbell County Memorial Hospital in Gilette, Wyoming, suffered a ransomware attack that is still causing service disruptions. “Campbell County Health has been the victim of a ransomware attack.

article thumbnail

Iranian Government Hackers Target US Veterans

Dark Reading

'Tortoiseshell' discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors.

article thumbnail

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

WIRED Threat Level

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch.

Hacking 108
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!