Krebs on Security

FEBRUARY 10, 2020

The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.

Hacking 267

Hacking Identity Theft Government Phishing 267

Schneier on Security

FEBRUARY 11, 2020

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. They were owned by the CIA: But what none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.

Encryption 361

Encryption Government Accountability 361

Troy Hunt

FEBRUARY 11, 2020

I don't know exactly why the recent uptick, but lately I've had a bunch of people ask me if I've tried the Brave web browser. Why they'd ask me that is much more obvious: Brave is a privacy-focused browser that nukes ads and trackers. It also has some cool built-in stuff like the ability to create a new private browsing window in Tor rather than just your classic incognito window that might ditch all your cookies and browsing history but still connect to the internet directly from your own IP ad

Internet 255

Internet Internet 255

Adam Levin

FEBRUARY 10, 2020

As if cybersecurity weren’t already a red-letter issue, the United States and, most likely, its allies–in other words, the global economic community–are in Iran’s cyber sites, a major player in cyber warfare and politically divisive disinformation campaigns. The “slap” as Ayatollah Ali Khamenei described it was a ballistic missile attack on a target that had three hours to get out of harm’s way.

Passwords 245

Passwords Phishing Password Management Accountability 245

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

FEBRUARY 14, 2020

In May 2013, the U.S. Justice Department seized Liberty Reserve , alleging the virtual currency service acted as a $6 billion financial hub for the cybercrime world. Prompted by assurances that the government would one day afford Liberty Reserve users a chance to reclaim any funds seized as part of the takedown, KrebsOnSecurity filed a claim shortly thereafter to see if and when this process might take place.

Identity Theft 240

Identity Theft Government Scams Cybercrime 240

Schneier on Security

FEBRUARY 14, 2020

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months. Once in place, they run through a lengthy series of steps and checks to cryptographically sign the digital key pairs used to secure the internet's root z

Internet 340

Internet Internet Engineering DNS 340

Troy Hunt

FEBRUARY 13, 2020

This week I'm at Microsoft Ignite "The Tour" in Sydney with Lars Klint. I've spent most of the last couple of days doing the "hallway track" (basically just wandering around and saying "hi" to people) and doing a bunch of meetings with folks here on cyber things. I didn't mention it in the video, but there was also the Azure User Group Wednesday night and a panel here at Ignite last night so definitely keeping busy.

209

209

Tech Republic Security

FEBRUARY 10, 2020

If you don't follow these Kubernetes deployments security best practices from Portshift, your containers, their underlying technologies, and your data could be at risk.

Technology 198

Technology Risk 198

Schneier on Security

FEBRUARY 12, 2020

Motherboard has a long article on apps -- Edison, Slice, and Cleanfox -- that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from "personal inboxes," the document adds. A spokesperson for J.P. Morgan Research, the part of the company that created the document, told Motherboard that the research "is intended for institutional clients.

Marketing 321

Marketing Surveillance 321

Daniel Miessler

FEBRUARY 10, 2020

[advanced_iframe src=”[link] width=”100%”]. —. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

Information Security 130

Information Security 130

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

FEBRUARY 9, 2020

Iran comes under cyber-attack again, a massive offensive brought down a large portion of the Iranian access to the Internet. Iran infrastructures are under attack, a massive cyberattack brought down a large portion of the Iranian access to the Internet, according to the experts the national connectivity fell to 75%. The N etBlocks internet observatory, which tracks disruptions and shutdowns, observed yesterday (February 8, 2019) a massive outage of the country’s connectivity to the Interne

DDOS 145

DDOS Internet Internet Telecommunications 145

Tech Republic Security

FEBRUARY 11, 2020

As an alternative to an on-site DNS server, this cloud-hosted DNS service lets you block, filter, and analyze activity across your network and devices.

DNS 186

DNS 186

Schneier on Security

FEBRUARY 10, 2020

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser. Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking. Some details : ITP detects and blocks tracking on the web. When you visit a few websites that happen to load the same third-party resource, ITP detects the domain hosting the resource as a potential tracker and from then on sanitizes web requests to that dom

Engineering 288

Engineering Architecture Surveillance 288

WIRED Threat Level

FEBRUARY 14, 2020

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream.

Encryption 145

Encryption 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 13, 2020

Microsoft is recommending administrators to disable the SMBv1 network communication protocol on Exchange servers to prevent malware attacks. Microsoft is urging administrators to disable the SMBv1 protocol on Exchange servers as a countermeasure against malware threats like TrickBot and Emotet. “To make sure that your Exchange organization is better protected against the latest threats (for example Emotet, TrickBot or WannaCry to name a few) we recommend disabling SMBv1 if it’s enabled on

Authentication 145

Authentication Malware Advertising Hacking 145

Tech Republic Security

FEBRUARY 13, 2020

The Identity Theft Resource Center warns that businesses of all sizes should be vigilant about data security. The COO offers advice about passwords, cloud security, and patch management.

Password Management 167

Password Management Passwords Identity Theft Data breaches 167

Schneier on Security

FEBRUARY 13, 2020

The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one.

302

302

Threatpost

FEBRUARY 14, 2020

Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info.

Encryption 118

Encryption Mobile Hacking 118

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

FEBRUARY 8, 2020

Group-IB experts detected a database containing over 460,000 payment card records uploaded to Joker’s Stash cardshops , most of records were from the Indian banks. Group-IB , a Singapore-based cybersecurity company that specializes in preventing cyberattacks , has detected a database containing over 460,000 payment card records uploaded to one of the most popular darknet cardshops ( Joker’s Stash ) on February 5.

Banking 145

Banking Marketing eCommerce Advertising 145

Tech Republic Security

FEBRUARY 13, 2020

CEOs are generally from a finance/business track, rather than a technology one--why their traditional agenda and practices must change.

Technology 191

Technology 191

Schneier on Security

FEBRUARY 14, 2020

This is a current list of where and when I am scheduled to speak: I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm giving a keynote on "Hacking Society.". I'm speaking at SecIT by Heise in Hannover, Germany on March 26, 2020.

Hacking 232

Hacking Risk 232

Thales Cloud Protection & Licensing

FEBRUARY 11, 2020

The shift toward cloud-native applications is changing the building blocks of IT. Development and maintenance of infrastructure and applications in-house just isn’t an option anymore in many cases. Cloud-native application development and the use of containers and orchestration frameworks like Kubernetes offer undeniable advantages in performance, portability and scale.

Authentication 101

Authentication Encryption Risk Software 101

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

FEBRUARY 13, 2020

Huawei can secretly tap into communications through the networking equipment, states a U.S. official , while White House urge allies to ban the Chinese giant. This week The Wall Street Journal reported that U.S. officials say Huawei can covertly access telecom networks where its equipment is installed. “U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persua

Manufacturing 145

Manufacturing Advertising Surveillance Architecture 145

Tech Republic Security

FEBRUARY 14, 2020

Researchers say hackers can alter, stop, or expose how an individual user has voted through the Voatz app.

210

210

Threatpost

FEBRUARY 10, 2020

The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks - and their devices - via brute force loops.

Hacking 119

Hacking Malware Passwords Ransomware 119

WIRED Threat Level

FEBRUARY 11, 2020

Equifax. Anthem. Marriott. OPM. The data that China has amassed about US citizens will power its intelligence activities for a generation.

Hacking 116

Hacking 116

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

FEBRUARY 13, 2020

The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. Abbiamo fatto visita a @UnivRoma3 , nella speranza che oltre alla sicurezza, possa migliorare anche il futuro dei nostri giovani!

Hacking 145

Hacking Data breaches Advertising Education 145

Tech Republic Security

FEBRUARY 11, 2020

Security and compliance are key factors to consider when outsourcing your data center, according to a report from data center provider US Signal.

177

177

Thales Cloud Protection & Licensing

FEBRUARY 12, 2020

The shift toward cloud-native applications is changing the building blocks of IT. Development and maintenance of infrastructure and applications in-house just isn’t an option anymore in many cases. Cloud-native application development and the use of containers and orchestration frameworks like Kubernetes offer undeniable advantages in performance, portability and scale.

Authentication 91

Authentication Encryption Risk Software 91

Threatpost

FEBRUARY 13, 2020

A new Data Protection Agency would overhaul federal regulation efforts around data privacy - but experts are skeptical that the U.S. government can get it right.

Data privacy 101

Data privacy Government 101

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity