Sat.Mar 02, 2019 - Fri.Mar 08, 2019

article thumbnail

MyEquifax.com Bypasses Credit Freeze PIN

Krebs on Security

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal , it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

article thumbnail

Cybersecurity for the Public Interest

Schneier on Security

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost every cryptographer and computer security expert, repeatedly explaining that there's no way to provide this capability without also weakening the security of every user of those devices and communications systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT s

Hacking 212
article thumbnail

Weekly Update 128

Troy Hunt

I'm not intentionally pushing these out later than usual, but events have just been such over the last few weeks that it's worked out that way. This one really is a short one though as there hasn't been a lot of newsworthy stuff going on this week, other than the new Instamics I picked up which are rather cool. The audio recording did work well (I mentioned in the video I wasn't sure if it was functioning correctly), and it's pretty damn good quality for what it is.

Firmware 189
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Did Amazon Just Jump the Shark on Consumer Privacy?

Adam Levin

The sitcom “Happy Days” was pretty much doomed when the Fonz, wearing swim trunks and a leather jacket, stepped into that waterski and jumped a shark. That episode now epitomizes the over-reach that sends television shows on a downhill trajectory. The Internet of Things ( IoT ) found a still better foothold in consumer households with Amazon’s recent acquisition of eero, a wifi mesh router company.

IoT 107
article thumbnail

The Latest in Creepy Spyware

Schneier on Security

The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret : On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The on-device microphone was never intended to be a secret and should have been listed in the tech specs," the spokesperson said. "That was an error on our part.".

Spyware 208

More Trending

article thumbnail

Weekly Update 129

Troy Hunt

Heaps of stuff going on this week with all sorts of different bits and pieces. I bought a massive new stash of HIBP stickers (1ok oughta last. a few weeks?), I'll be giving them out at a heap of upcoming events, I was on the Darknet Diaries podcast (which is epic!) plus there's more insights into the ShareThis data breach and the ginormous verifications.io incident.

article thumbnail

Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild

Security Affairs

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

article thumbnail

Digital Signatures in PDFs Are Broken

Schneier on Security

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software. Details are here. News article.

Software 201
article thumbnail

The Evolving World of DNS Security

PerezBox Security

I was recently at an event listening to representatives of ICANN and CloudFlare speak on security with DNS and it occurred to me that very few of us really understand. Read More. The post The Evolving World of DNS Security appeared first on PerezBox.

DNS 101
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

An Email Marketing Company Left 809 Million Records Exposed Online

WIRED Threat Level

A exposed database belonging to Verifications.io contained both personal and business information, including 763 million unique email addresses.

Marketing 101
article thumbnail

More than billion records exposed online by email validation biz Verifications.io

Security Affairs

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io. A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records. The archive includes 808,539,849 records containing: emailrecords = 798,171,891 records emailWithPhone = 4,150,600 records businessLeads = 6,217,358 records.

article thumbnail

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption.

Insurance 200
article thumbnail

RSA Conference 2019: Ultrasound Hacked in Two Clicks

Threatpost

In a proof-of-concept hack, researchers penetrated an ultrasound and were able to download and manipulate patient files, then execute ransomware.

Hacking 98
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Top 10 Sessions to Catch at RSA Conference 2019

eSecurity Planet

Here are our picks for the top RSA conference sessions that could help you improve cybersecurity within your own organization.

article thumbnail

FBI informed software giant Citrix of a security breach

Security Affairs

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network. The American multinational software company Citrix is the last victim of a security breach, according to the company an international cyber criminal gang gained access to its internal network, Hackers were able to steal business documents, but its products or services were impacted by the attack.

Software 111
article thumbnail

Videos and Links from the Public-Interest Technology Track at the RSA Conference

Schneier on Security

Yesterday at the RSA Conference, I gave a keynote talk about the role of public-interest technologists in cybersecurity. (Video here ). I also hosted a one-day mini-track on the topic. We had six panels, and they were all great. If you missed it live, we have videos: How Public Interest Technologists are Changing the World : Matt Mitchell, Tactical Tech; Bruce Schneier, Fellow and Lecturer, Harvard Kennedy School; and J.

article thumbnail

The NSA Makes Ghidra, a Powerful Cybersecurity Tool, Open Source

WIRED Threat Level

No one's better at hacking than the NSA. And now one if its powerful tools is available to everyone for free.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

International Women’s Day: Supporting gender diversity in cybersecurity, putting the skills gap into the history books

Thales Cloud Protection & Licensing

Last year was the first time companies in Great Britain had to disclose their gender pay gap figures. Whilst efforts have been made to reduce this gap and make a positive step forward in gender equality, four in ten private companies are reporting a wider gender pay gap in 2019 than they did last year. The cybersecurity industry in particular – which is already tackling a major skills deficit – is one of the industries hardest hit by a lack of diversity.

article thumbnail

Evading AV with JavaScript Obfuscation

Security Affairs

A few days ago, Cybaze-Yoroi ZLAB researchers spotted a suspicious JavaScript file that implemented several techniques to evade detection of all AV solutions. Introduction. A few days ago, Cybaze -Yoroi ZLAB researchers spotted a suspicious JavaScript file needing further attention: it leveraged several techniques in order to evade all AV detection and no one of the fifty-eight antivirus solution hosted on the notorious VirusTotal platform detected it.

Malware 111
article thumbnail

Detecting Shoplifting Behavior

Schneier on Security

This system claims to detect suspicious behavior that indicates shoplifting: Vaak , a Japanese startup, has developed artificial intelligence software that hunts for potential shoplifters, using footage from security cameras for fidgeting, restlessness and other potentially suspicious body language. The article has no detail or analysis, so we don't know how well it works.

article thumbnail

Cybercriminals Target Young Gamers

Dark Reading

Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.

95
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Air Force Wants to Give You Its Credit Card

WIRED Threat Level

Will Roper, acquisition executive for the US Air Force, talks to WIRED's editor-in-chief about making the military more adaptive, the role of AI, and what he worries about every day.

78
article thumbnail

NSA released Ghidra, its multi-platform reverse engineering framework

Security Affairs

The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

article thumbnail

Letterlocking

Schneier on Security

Really good article on the now-lost art of letterlocking.

192
192
article thumbnail

It's Time to Rethink Your Vendor Questionnaire

Dark Reading

To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.

97
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Silliness: Song Parody in Infosec Style

Architect Security

What can I say? Sometimes I come up with ridiculous things: "Auditor Man" NOTE: Sung to the tune of “Particle Man” Original song by They Might Be Giants Lyrics adapted by @aprilwright Auditor man, Auditor man Scope of the entire universe man He finds something, might be false Auditor man What will he […].

InfoSec 75
article thumbnail

The Wireshark Foundation released Wireshark 3.0.0

Security Affairs

The Wireshark Foundation released Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The Wireshark Foundation announced the release of Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The new version addresses several bugs and introduces tens of new features, it also improved existing features.

article thumbnail

10 Vendors Making Product Announcements at RSA Conference 2019

eSecurity Planet

Product announcements at the 2019 RSA Conference spanned email security, container security, threat detection, SIEM, EDR and cloud security.

article thumbnail

Citrix Hacked by 'International Cybercriminals'

Dark Reading

FBI informed Citrix this week of a data breach that appears to have begun with a 'password spraying' attack to steal weak credentials to access the company's network.

Hacking 82
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.