Sat.Dec 29, 2018 - Fri.Jan 04, 2019

article thumbnail

Apple Phone Phishing Scams Getting Better

Krebs on Security

A new phone-based phishing scam that spoofs Apple Inc. is likely to fool quite a few people. It starts with an automated call that display’s Apple’s logo, address and real phone number, warning about a data breach at the company. The scary part is that if the recipient is an iPhone user who then requests a call back from Apple’s legitimate customer support Web page, the fake call gets indexed in the iPhone’s “recent calls” list as a previous call from the legi

Scams 279
article thumbnail

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

Patience. Frugality. Sacrifice. When you boil it down, what do those three things have in common? Those are choices. Money is not peace of mind. Money’s not happiness. Money is, at its essence, that measure of a man’s choices. This is part of the opening monologue of the Ozark series and when I first heard it, I immediately stopped the show and dropped it into this blog post.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

China's APT10

Schneier on Security

Wired has an excellent article on China's APT10 hacking group. Specifically, on how they hacked managed service providers in order to get to their customers' networks. I am reminded of the NSA's " I Hunt Sysadmins " presentation, published by the Intercept.

Hacking 201
article thumbnail

Suspected Hack Disrupts Major Newspapers

Adam Levin

A cyberattack disrupted several major newspapers printed by Tribune Publishing shortly before New Year’s Day. Print versions of the Chicago Tribute, Los Angeles Times, San Diego Union Tribune, West Coast editions of the New York Times and Wall Street Journal and others were the suspected targets of Ryuk, a ransomware program that propagates through computer networks in order to take them offline.

Hacking 191
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Happy 9th Birthday, KrebsOnSecurity!

Krebs on Security

Hard to believe we’ve gone another revolution around the Sun: Today marks the 9th anniversary of KrebsOnSecurity.com! This past year featured some 150 blog posts , but as usual the biggest contribution to this site came from the amazing community of readers here who have generously contributed their knowledge, wit and wisdom in more than 10,000 comments.

Mobile 252
article thumbnail

Weekly Update 120

Troy Hunt

And then it was 2019. Funny how quickly it gets away from you, someone just posted on my 2018 retrospective blog post this week and asked why I didn't include my congressional testimony and if I'm honest, it took me a bit to think about why as well (it was in 2017). But we're here now so it's back to business as usual blog wise. This week is dominated by the personal finance lessons blog post.

InfoSec 168

More Trending

article thumbnail

Will 2019 Be the Year Cybersecurity Goes Mainstream?

Adam Levin

2019 will be the year consumers start thinking more about cyber hygiene , and the year Congress becomes more proactive in the areas of privacy and cybersecurity. While the year ahead will not bring about a sea change, slowly the tide will turn and more people will start looking for and implementing cyber solutions. This presents myriad business opportunities.

article thumbnail

Cloud Hosting Provider DataResolution.net Battling Christmas Eve Ransomware Attack

Krebs on Security

Cloud hosting provider Dataresolution.net is struggling to bring its systems back online after suffering a ransomware infestation on Christmas Eve, KrebsOnSecurity has learned. The company says its systems were hit by the Ryuk ransomware, the same malware strain that crippled printing and delivery operations for multiple major U.S. newspapers over the weekend.

article thumbnail

Scaling Threat Modeling Training

Adam Shostack

For the last few years, I’ve been delivering in-person threat modeling training. I’ve trained groups ranging from 2 to 100 people at a time, and I’ve done classes as short as a few hours and as long as a week. That training is hands on and intense, and I’m very proud that my NPS customer satisfaction ratings tend to come in around 60-70, up there with Apple and Nordstroms.

133
133
article thumbnail

Long-Range Familial Searching Forensics

Schneier on Security

Good article on using long-range familial searching -- basically, DNA matching of distant relatives -- as a police forensics tool.

181
181
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Is Your Company Doing Market Research for Your Advertiser?

Adam Levin

Unless you live in a boot at the bottom of Loon Lake, you know that everything you do online is tracked. When you load a web page, an array of scripts, cookies, and code starts chugging away behind the scenes gleaning information about who you are, where you are, how you got to the site, what you’re clicking on, and where you go next. At least now most websites disclose what they’re up to and ask for your consent – compliments of the new EU General Data Privacy Regulation.

article thumbnail

wget utility potential leaked password via extended filesystem attributes

Security Affairs

Developers that include the GNU’s wget utility in their applications have to use the new version that was released on Boxing Day. GNU Wget is a free software package for retrieving files using HTTP, HTTPS, FTP and FTPS the most widely-used Internet protocols. It is a non-interactive commandline tool, so it may easily be called from scripts, cron jobs, terminals without X-Windows support, etc.

Passwords 111
article thumbnail

Tor Is Easier Than Ever. Time to Give It a Try

WIRED Threat Level

Been curious about Tor but worried it's too complicated to use? Good news: The anonymity service is more accessible than ever.

108
108
article thumbnail

How Facebook Tracks Non-Users via Android Apps

Threatpost

Facebook tracks Android users via apps, even if they aren’t Facebook users.

96
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Installing OSSEC on Linux Distributions

PerezBox Security

The last few posts have been about deploying and configuring OSSEC as an important tool in your security suite. In this article I will provide you a script I wrote. Read More. The post Installing OSSEC on Linux Distributions appeared first on PerezBox.

article thumbnail

Hackers leak data on hundreds of German Politicians, including Chancellor Merkel

Security Affairs

German politicians were impacted by a massive data leak that exposed their personal data online, German Chancellor Angela Merkel was affected too. Data belonging to hundreds of German politicians, including Chancellor Angela Merkel, were exposed online due to a massive leak that is the biggest data dump of its kind in the country. According to Bloomberg News, the exposed data includes email addresses, mobile phone numbers, invoices, copies of identity documents and personal chat transcripts.

article thumbnail

The Elite Intel Team Still Fighting Meltdown and Spectre

WIRED Threat Level

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout.

97
article thumbnail

Dual Data Leaks of Blur, Town of Salem Impact Millions

Threatpost

Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Emotet Malware Gets More Aggressive

Dark Reading

Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.

Malware 87
article thumbnail

Hackers stole $750,000 worth Bitcoin from Electrum wallets

Security Affairs

The latest attack of 2018 against cryptocurrency wallets and organizations in the cryptocurrency industry hit the popular Electrum wallets. Hackers hit Electrum Bitcoin wallet and stole over 200 bitcoin, more than $750,000. The attack started on December 21th , 2018, and hackers leveraged a critical vulnerability that was addressed in early 2018. The vulnerability could be exploited by attackers to use rogue Electrum servers to generate and display popups to the unaware users.

article thumbnail

2019 IT Security Employment Outlook: The Hottest Skills and Markets

eSecurity Planet

With a need for 3 million IT security pros, cybersecurity remains a hot market. Here are the skills most in demand and the best places to find a job.

article thumbnail

2019 Malware Trends to Watch

Threatpost

Here are 10 top malware trends to watch for in the New Year.

Malware 87
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak

Dark Reading

New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.

Hacking 87
article thumbnail

SandboxEscaper released PoC code for a new Windows zero-day

Security Affairs

Security expert SandboxEscaper published a proof-of-concept (PoC) code for a new Windows zero-day, it is the fourth she released this year. The proof-of-concept (PoC) code published by SandboxEscaper overwrites ‘ pci.sys’ with information about software and hardware problems, collected through the Windows Error Reporting (WER) event-based feedback infrastructure.

article thumbnail

The Worst Hacks of 2018: Marriott, Atlanta, Quora, and More

WIRED Threat Level

From the Marriott and Facebook meltdowns to state-sponsored assaults, 2018 was an eventful year for cybercrime.

article thumbnail

Malware Attack Crippled Production of Major U.S. Newspapers

Threatpost

Reports have linked the attack to the Ryuk ransomware.

Malware 78
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

25 Years Later: Looking Back at the First Great (Cyber) Bank Heist

Dark Reading

The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?

Banking 85
article thumbnail

EU launches bug bounty programs for 15 software

Security Affairs

The European Commission decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project. Bug bounty programs are very important for the security of software and hardware, major tech firms launched their own programs to discover flaws before hackers. The European Commission recognized the importance of bug bounty programs and decided to launch its bug bounty initiative, the Free and Open Source Software Audit (FOSSA) project.

Software 111
article thumbnail

A Major Hacking Spree Gets Personal for German Politicians

WIRED Threat Level

Hundreds of German politicians who have had their private digital lives exposed online are victims of a hacking campaign with unclear motives.

Hacking 80
article thumbnail

‘Snowden Refugee’ Has No Regrets for Helping Whistleblower

Threatpost

Woman who helped hide Edward Snowden faces uncertain future and says she has no regrets.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!