Sat.Feb 15, 2020 - Fri.Feb 21, 2020

article thumbnail

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

VPN 359
article thumbnail

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety.

IoT 335
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year. The data includes full names, home addresses, phone numbers, email addresses, birthdates, and, in some cases, passport numbers of 10,683,188 hotel guests, including celebrities and prominent public figures such as Justin Bieber and Twitter CEO Jack Dorsey.

article thumbnail

Weekly Update 179

Troy Hunt

On reflection, I feel this week's update was dominated by having a laugh at an IoT candle ?? And that's fair, too, even though I then went and bought one because hey, this is gonna be great conference talk material! Delivery is going to be much later this year so don't hold your breath, but it could be really, uh, "interesting" once it lands. Stay tuned for that one but until then, here's this week's update: References If you're not pwned, you may be an anomaly (I'd actually like to write this u

IoT 256
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

Scams 337
article thumbnail

Voatz Internet Voting App Is Insecure

Schneier on Security

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.". Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz.

Internet 340

More Trending

article thumbnail

5 best practices for IIoT project success

Tech Republic Security

Based on years of pilot projects and proofs-of-concept, the Industrial Internet Consortium has detailed the best-practices organizations can use to ensure successful deployments.

Internet 194
article thumbnail

Encoding Stolen Credit Card Data on Barcodes

Krebs on Security

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.

291
291
article thumbnail

Hacking McDonald's for Free Food

Schneier on Security

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, David happened to be checking out how the website's coding was structured when he noticed that the information triggering the server to issue a new voucher was always the same.

Hacking 333
article thumbnail

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cloud misconfigurations cost companies nearly $5 trillion

Tech Republic Security

A DivvyCloud report finds 196 data breaches exposed more than 33 billion records due to environments without appropriate security.

article thumbnail

The New Privacy Regulation That’s Sink-or-Swim for Small Business

Adam Levin

The California Consumer Privacy Act ( CCPA ) became law on January 1, 2020, and as was the case on the effective date of the General Data Protection Regulation (GDPR), the European Union’s similarly sweeping privacy legislation, it is being met with a general panic. How dare that deadline actually pass without our data practices magically being up to snuff?

article thumbnail

Policy vs Technology

Schneier on Security

Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. (He didn't become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors.

article thumbnail

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

How to use Restricted Shell to limit user access to a Linux system

Tech Republic Security

Learn how to prevent Linux users from executing certain commands and confining them to their home directory by employing rbash.

212
212
article thumbnail

My Conversation With General Earl Matthews on Election Security

Daniel Miessler

—. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

article thumbnail

Internet of Things Candle

Schneier on Security

There's a Kickstarter for an actual candle , with real fire, that you can control over the Internet. What could possibly go wrong?

Internet 314
article thumbnail

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

Security Affairs

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to WordFence, the ThemeREX Addons zero-day is currently installed on at least 44,000 websites.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Verizon bails on RSA: How the coronavirus is disrupting tech conferences worldwide

Tech Republic Security

Verizon is the latest to withdraw from the RSA conference in San Francisco as tech trade shows around the globe are impacted by the Novel Coronavirus (COVID-19). Here's what you need to know.

177
177
article thumbnail

RSAC 2020: Trust in the Cloud. What Should You Do with Your Encryption Keys?

Thales Cloud Protection & Licensing

In the past decade, businesses started evaluating the pros and cons of moving to the cloud in order to meet the increased demand for the cost and IT efficiency benefits of cloud computing and Software as a Service (SaaS). Many businesses subsequently adopted a Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or SaaS model, thus positioning the cloud as the foundation for digital transformation.

article thumbnail

Lenovo, HP, Dell Peripherals Face Unpatched Firmware Bugs

Threatpost

A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.

Firmware 114
article thumbnail

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Security Affairs

The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8 billion for cyber operations in next year’s budget for the Department of Defense, a data that confirms the strategic importance of the fifth domain of the warfare for the US Government.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Finally, the world is getting concerned about data privacy

Tech Republic Security

Consumers and employees are finally becoming more sensitive to the privacy of their data. As technology leaders it's worth getting ahead of this trend.

article thumbnail

Russia Doesn't Want Bernie Sanders. It Wants Chaos

WIRED Threat Level

The point of Kremlin interference has always been to find democracy’s loose seams, and pull.

145
145
article thumbnail

Haken Malware Family Infests Google Play Store

Threatpost

Eight apps - mostly camera utilities and children's games - were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.

Malware 111
article thumbnail

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak

Security Affairs

Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak. Bad news for cybersecurity passionates and experts, organizers of Black Hat Asia and DEF CON China security conferences announced last week that they have put the events on hold due to the Coronavirus outbreak.

Hacking 143
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Python, microservices, and more tech trends for 2020, according to O'Reilly

Tech Republic Security

Interest in Kubernetes is increasing, and DevOps is losing steam, based on O'Reilly survey findings.

211
211
article thumbnail

10 Tough Questions CEOs Are Asking CISOs

Dark Reading

CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.

CISO 114
article thumbnail

SMS Attack Spreads Emotet, Steals Bank Credentials

Threatpost

A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.

Banking 117
article thumbnail

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the in

Firmware 143
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.