Sat.Sep 07, 2019 - Fri.Sep 13, 2019

article thumbnail

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies. The ongoing debacle, which allegedly involves malfeasance on the part of the payroll company’s CEO, resulted in countless people having money drained from their bank accounts and has left nearly $35 million worth of payroll and tax payments in legal limbo.

Banking 279
article thumbnail

When Biology Becomes Software

Schneier on Security

All of life is based on the coordinated action of genetic parts (genes and their controlling sequences) found in the genomes (the complete DNA sequence) of organisms. Genes and genomes are based on code-- just like the digital language of computers. But instead of zeros and ones, four DNA letters A, C, T, G -- encode all of life. (Life is messy, and there are actually all sorts of edge cases, but ignore that for now.

Software 225
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today. Related: How 5G will escalate DDoS attacks Caught in the pull of digital transformation , companies are routing ever more core operations and services through the Internet, or, more precisely, through IP addresses, of one kind or anothe

DDOS 171
article thumbnail

Weekly Update 156

Troy Hunt

Turns out it's actually a sunny day in Oslo today, although it's the last one I'll see here for quite some time before heading off to Denmark then other European things for the remainder of this trip. I'm talking a little about those events ( all listed on my events page ), this week's changes to EV, more data breaches and a somewhat semantic argument about the definition of "theft".

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned. The contractor claims the access being auctioned off was to old test systems that do not have direct connections to its government partner networks.

article thumbnail

Fabricated Voice Used in Financial Fraud

Schneier on Security

This seems to be an identity theft first : Criminals used artificial intelligence-based software to impersonate a chief executive's voice and demand a fraudulent transfer of €220,000 ($243,000) in March in what cybercrime experts described as an unusual case of artificial intelligence being used in hacking. Another news article.

More Trending

article thumbnail

Weekly Update 155

Troy Hunt

From the emerging spring to the impending autumn, I'm back in Oslo at the beginning of another series of European events that'll take me across Norway, Denmark, Hungary and Switzerland. This week's update comes from under the glow of a warm outdoor heater at ridiculous o'clock as my sleep cycle keeps me making early starts. But it's all transient and by this time next month I'll be back to a very warm, very familiar Aussie landscape.

160
160
article thumbnail

Patch Tuesday, September 2019 Edition

Krebs on Security

Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.

Software 173
article thumbnail

More on Law Enforcement Backdoor Demands

Schneier on Security

The Carnegie Endowment for International Peace and Princeton University's Center for Information Technology Policy convened an Encryption Working Group to attempt progress on the "going dark" debate. They have released their report: " Moving the Encryption Policy Conversation Forward. The main contribution seems to be that attempts to backdoor devices like smartphones shouldn't also backdoor communications systems: Conclusion : There will be no single approach for requests for lawful access that

article thumbnail

How I Learned to Stop Worrying and Love Vendor Risk

Adam Levin

Insider risk, supply chain vulnerability and vendor risk all boil down to the same thing: the more people have access to your data, the more vulnerable it is to being leaked or breached. This summer brought an interesting twist to that straight-forward situation: Can data leaked by an employee or a contractor be a good thing? In July, a Belgian contractor who had been hired to transcribe Google Home recordings shared several of them with news outlet VRT.

Risk 158
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Thales Cloud Protection & Licensing

Access management is increasingly the answer to #TrustedAccess. With two decades of cloud computing now under the belt, this question is increasingly more relevant in our hyper-connected world. Massive amounts of data are constantly produced globally, shared and stored by a rapidly growing number of devices in an expanding cloud environment. But the tremendous capabilities and convenience we’ve come to depend on via the cloud often leaves the door open to increasing vulnerabilities.

article thumbnail

Capture the Flag events and eSports

Adam Shostack

Looking at what is popular with smaller niche crowds can give greater insight into the “next thing”. This natural selection of attention can inspire an evolution of methods and practices. Capture the Flag Events (CTFs) and electronic Sports (eSports) are good examples of a relatively new trend. I’ve had the chance to be front row with each in the past years and can say they both have vivid partisans.

article thumbnail

On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance appears to be a weak form of governance at present. Insurers writing cyber insurance focus more on organisational procedures than technical controls, rarely include basic security procedures in contracts,

Insurance 214
article thumbnail

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS. Cybersecurity researchers at AdaptiveMobile Security disclosed a critical vulnerability in SIM cards dubbed SimJacker that could be exploited by remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS.

Hacking 112
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction

WIRED Threat Level

A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage.

Hacking 111
article thumbnail

Course announcement: Tampering in Depth!

Adam Shostack

I’m excited to announce that I’m hitting my STRIDE and Linkedin has released the second course in my in-depth exploration of STRIDE: Tampering. I’m finding it fascinating to dive deep into the threats, organize my knowledge, and in doing so, hopefully help us chunk and remember what we’re learning.

article thumbnail

Smart Watches and Cheating on Tests

Schneier on Security

The Independent Commission on Examination Malpractice in the UK has recommended that all watches be banned from exam rooms, basically because it's becoming very difficult to tell regular watches from smart watches.

210
210
article thumbnail

Poland to establish Cyberspace Defence Force by 2024

Security Affairs

Poland announced it will launch a cyberspace defense force by 2024 composed of around 2,000 soldiers with a deep knowledge in cybersecurity. The Polish Defence Ministry Mariusz Blaszczak has approved the creation of a cyberspace defence force by 2024, it will be composed of around 2,000 soldiers with deep expertise in cybersecurity. The news was reported by AFP, Blaszczak announced that the cyber command unit would start its operations in 2022. “We’re well aware that in today’s

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

An Unprecedented Cyberattack Hit the US Power Grid

WIRED Threat Level

Exposed Facebook phone numbers, an XKCD breach, and more of the week's top security news.

111
111
article thumbnail

Top Cybersecurity Companies

eSecurity Planet

These IT security vendors lead the market through their innovative offerings, range of products and services, customer satisfaction and annual revenue

article thumbnail

NotPetya

Schneier on Security

Wired has a long article on NotPetya.

Malware 201
article thumbnail

Telegram Privacy Fails Again

Security Affairs

Security expert discovered that busing a well-known feature of deleting messages it is possible to threate the users’ privacy. This is not a security vulnerability its a privacy issue. As I understand Telegram a messaging app focuses on privacy which has over 10,00,00,000+ downloads in Playstore. In this case, we are abusing a well-known feature of deleting messages, which allows users to delete messages sent by mistake or genuinely to any recipient.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Windows 10 Privacy Settings You Should Check Right Now

WIRED Threat Level

Whether you're new to Windows 10 or have been using it for years, take a minute to lock down your privacy.

111
111
article thumbnail

How to Ensure Your Digital Security During the Rugby World Cup

Thales Cloud Protection & Licensing

Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup. Sports fans aren’t the only ones who are looking forward to this event. Unfortunately, digital criminals are also closely following the buzz surrounding this tournament. It’s not like bad actors haven’t taken an interest in major sporting events before.

IoT 105
article thumbnail

Unsupervised Learning: No. 193

Daniel Miessler

[advanced_iframe src=”[link] width=”100%” height=”7000px”] No related posts.

article thumbnail

Experts found Joker Spyware in 24 apps in the Google Play store

Security Affairs

Security experts at Google have removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” Google has removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” The spyware is able to steal SMS messages, contact lists and device information along with to sign victims up for premium service subscriptions. “Over the past couple of weeks, we have been observing a new Trojan on Googl

Spyware 111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

281 Alleged Email Scammers Arrested in Massive Global Sweep

WIRED Threat Level

The most sweeping takedown yet of so-called BEC scammers involved arrests in nearly a dozen countries.

108
108
article thumbnail

More Than 99% of Cyberattacks Need Victims' Help

Dark Reading

Research highlights how most criminals exploit human curiosity and trust to click, download, install, open, and send money or information.

98
article thumbnail

Telnet Backdoor Opens More Than 1M IoT Radios to Hijack

Threatpost

Attackers can drop malware, add the device to a botnet or send their own audio streams to compromised devices.

IoT 89
article thumbnail

NetCAT attack allows hackers to steal sensitive data from Intel CPUs

Security Affairs

Experts discovered a flaw dubbed NetCAT (Network Cache ATtack) that affects all Intel server-grade processors and allows to sniff sensitive data over the network. Researchers from VUSec group at Vrije Universiteit Amsterdam have discovered a new vulnerability that can be exploited by a remote attacker to sniff sensitive details by mounting a side-channel attack over the network.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!