Krebs on Security

JANUARY 3, 2019

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legi

Scams 279

Scams Phishing Cyber Risk Engineering 279

Troy Hunt

DECEMBER 30, 2018

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices. This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post.

Technology 278

Technology Education Marketing Insurance 278

Schneier on Security

DECEMBER 31, 2018

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's " I Hunt Sysadmins " presentation, published by the Intercept.

Hacking 201

Hacking 201

Adam Levin

JANUARY 3, 2019

A cyberattack disrupted several major newspapers printed by Tribune Publishing shortly before New Year’s Day. Print versions of the Chicago Tribute, Los Angeles Times, San Diego Union Tribune, West Coast editions of the New York Times and Wall Street Journal and others were the suspected targets of Ryuk, a ransomware program that propagates through computer networks in order to take them offline.

Hacking 191

Hacking Ransomware Malware Technology 191

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

DECEMBER 29, 2018

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts , but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 comments.

Mobile 247

Mobile Scams Phishing Data breaches 247

Troy Hunt

JANUARY 4, 2019

And then it was 2019. Funny how quickly it gets away from you, someone just posted on my 2018 retrospective blog post this week and asked why I didn't include my congressional testimony and if I'm honest, it took me a bit to think about why as well (it was in 2017). But we're here now so it's back to business as usual blog wise. This week is dominated by the personal finance lessons blog post.

InfoSec 148

InfoSec 148

Adam Levin

JANUARY 2, 2019

2019 will be the year consumers start thinking more about cyber hygiene , and the year Congress becomes more proactive in the areas of privacy and cybersecurity. While the year ahead will not bring about a sea change, slowly the tide will turn and more people will start looking for and implementing cyber solutions. This presents myriad business opportunities.

Cybersecurity 157

Cybersecurity Identity Theft Passwords Password Management 157

Krebs on Security

JANUARY 2, 2019

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

Ransomware 237

Ransomware Malware Backups Accountability 237

Adam Shostack

JANUARY 2, 2019

For the last few years, I’ve been delivering in-person threat modeling training. I’ve trained groups ranging from 2 to 100 people at a time, and I’ve done classes as short as a few hours and as long as a week. That training is hands on and intense, and I’m very proud that my NPS customer satisfaction ratings tend to come in around 60-70, up there with Apple and Nordstroms.

133

133

Schneier on Security

JANUARY 3, 2019

Nice interview with the EFF's director of cybersecurity, Eva Gaperon.

Cybersecurity 168

Cybersecurity 168

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

DECEMBER 31, 2018

Unless you live in a boot at the bottom of Loon Lake, you know that everything you do online is tracked. When you load a web page, an array of scripts, cookies, and code starts chugging away behind the scenes gleaning information about who you are, where you are, how you got to the site, what you’re clicking on, and where you go next. At least now most websites disclose what they’re up to and ask for your consent – compliments of the new EU General Data Privacy Regulation.

Advertising 114

Advertising Marketing Data privacy Technology 114

Security Affairs

JANUARY 2, 2019

Developers that include the GNU’s wget utility in their applications have to use the new version that was released on Boxing Day. GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.

Passwords 111

Passwords Advertising Internet Internet 111

eSecurity Planet

JANUARY 3, 2019

With a need for 3 million IT security pros, cybersecurity remains a hot market. Here are the skills most in demand and the best places to find a job.

Marketing 106

Marketing Cybersecurity 106

PerezBox Security

JANUARY 3, 2019

The last few posts have been about deploying and configuring OSSEC as an important tool in your security suite. In this article I will provide you a script I wrote. Read More. The post Installing OSSEC on Linux Distributions appeared first on PerezBox.

Technology 91

Technology Information Security 91

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JANUARY 1, 2019

Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever.

109

109

Security Affairs

DECEMBER 31, 2018

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project. Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers. The European Commission recognized the importance of bug bounty programs and decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Software 110

Software Advertising Media 110

Dark Reading

JANUARY 3, 2019

In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.

82

82

Threatpost

JANUARY 3, 2019

Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.

Password Management 94

Password Management Data breaches Passwords 94

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JANUARY 3, 2019

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.

96

96

Security Affairs

DECEMBER 31, 2018

Security expert SandboxEscaper published a proof-of-concept (PoC) code for a new Windows zero-day, it is the fourth she released this year. The proof-of-concept (PoC) code published by SandboxEscaper overwrites ‘ pci.sys’ with information about software and hardware problems, collected through the Windows Error Reporting (WER) event-based feedback infrastructure.

Advertising 110

Advertising Software Hacking 110

Dark Reading

JANUARY 4, 2019

Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.

Cybersecurity 80

Cybersecurity 80

Thales Cloud Protection & Licensing

JANUARY 3, 2019

It’s 2019 and data is everywhere – and what you can do with what is at your fingertips is truly transformative. It changes the way you look at your business, improves your productivity and simplifies your life whether by helping you get home at night, buying groceries or deciding what to watch on any number of devices. Personally, and for business, the possibilities are endless and increasing by the minute.

CISO 72

CISO Big data Digital transformation Encryption 72

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

JANUARY 2, 2019

As the bug bounty programs begin to roll out in January, security experts worry that the programs miss the mark on truly securing open source projects.

Software 73

Software Government 73

Security Affairs

DECEMBER 30, 2018

New thunderclouds on Facebook, the social network giant is accused of tracking non-users via Android apps. According to a report presented by Privacy International yesterday at 35C3 hacking conference held in Germany, the list of Android apps that send tracking and personal information back to Facebook includes dozens of apps including Kayak , Yelp, and Shazam , “Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools.

Advertising 110

Advertising Software Hacking Accountability 110

Dark Reading

JANUARY 4, 2019

New information on the Starwood breach shows that the overall breach was somewhat smaller than originally announced, but the news for passport holders is worse.

83

83

Spinone

DECEMBER 30, 2018

If your Google account has been inactive for more than 30 days then Google may have deleted it from the server. This means that the account is likely irretrievable and you should read this article. Now, in a perfect world, you will have set up your Google account with an attached mobile phone number or an alternative email address. This Google account recovery phone number or Google recovery email will really help matters since, in this perfect world, where hindsight is not needed, you will then

Accountability 66

Accountability Passwords Backups Mobile 66

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

JANUARY 3, 2019

The same hacking duo behind the recent "PewDiePie" printer hacks are back - this time with publicly exposed Chromecast, Google Home and smart TV systems as their targets.

Hacking 68

Hacking IoT 68

Security Affairs

JANUARY 2, 2019

The latest attack of 2018 against cryptocurrency wallets and organizations in the cryptocurrency industry hit the popular Electrum wallets. Hackers hit Electrum Bitcoin wallet and stole over 200 bitcoin, more than $750,000. The attack started on December 21th , 2018, and hackers leveraged a critical vulnerability that was addressed in early 2018. The vulnerability could be exploited by attackers to use rogue Electrum servers to generate and display popups to the unaware users.

Cryptocurrency 110

Cryptocurrency Advertising Hacking Authentication 110

Dark Reading

JANUARY 2, 2019

New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.

Hacking 87

Hacking 87

WIRED Threat Level

JANUARY 4, 2019

Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives.

Hacking 75

Hacking 75

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity