Krebs on Security
FEBRUARY 19, 2020
Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.
Schneier on Security
FEBRUARY 21, 2020
For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Adam Levin
FEBRUARY 21, 2020
The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year. The data includes full names, home addresses, phone numbers, email addresses, birthdates, and, in some cases, passport numbers of 10,683,188 hotel guests, including celebrities and prominent public figures such as Justin Bieber and Twitter CEO Jack Dorsey.
Troy Hunt
FEBRUARY 21, 2020
On reflection, I feel this week's update was dominated by having a laugh at an IoT candle ?? And that's fair, too, even though I then went and bought one because hey, this is gonna be great conference talk material! Delivery is going to be much later this year so don't hold your breath, but it could be really, uh, "interesting" once it lands. Stay tuned for that one but until then, here's this week's update: References If you're not pwned, you may be an anomaly (I'd actually like to write this u
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
FEBRUARY 17, 2020
A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.
Schneier on Security
FEBRUARY 17, 2020
This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.". Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
FEBRUARY 17, 2020
When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses. Related :Promise vs. pitfalls of IoT For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well Meanwhile, large enterprises pour tens of
Krebs on Security
FEBRUARY 18, 2020
Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.
Schneier on Security
FEBRUARY 18, 2020
This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, David happened to be checking out how the website's coding was structured when he noticed that the information triggering the server to issue a new voucher was always the same.
Tech Republic Security
FEBRUARY 20, 2020
Learn how to prevent Linux users from executing certain commands and confining them to their home directory by employing rbash.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
FEBRUARY 18, 2020
It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.
WIRED Threat Level
FEBRUARY 21, 2020
The point of Kremlin interference has always been to find democracy’s loose seams, and pull.
Schneier on Security
FEBRUARY 21, 2020
Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. (He didn't become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors.
Tech Republic Security
FEBRUARY 18, 2020
Interest in Kubernetes is increasing, and DevOps is losing steam, based on O'Reilly survey findings.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
FEBRUARY 21, 2020
Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.
Security Affairs
FEBRUARY 16, 2020
The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8 billion for cyber operations in next year’s budget for the Department of Defense, a data that confirms the strategic importance of the fifth domain of the warfare for the US Government.
Schneier on Security
FEBRUARY 20, 2020
There's a Kickstarter for an actual candle , with real fire, that you can control over the Internet. What could possibly go wrong?
Tech Republic Security
FEBRUARY 21, 2020
Based on years of pilot projects and proofs-of-concept, the Industrial Internet Consortium has detailed the best-practices organizations can use to ensure successful deployments.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Adam Levin
FEBRUARY 17, 2020
The California Consumer Privacy Act ( CCPA ) became law on January 1, 2020, and as was the case on the effective date of the General Data Protection Regulation (GDPR), the European Union’s similarly sweeping privacy legislation, it is being met with a general panic. How dare that deadline actually pass without our data practices magically being up to snuff?
Security Affairs
FEBRUARY 18, 2020
Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the in
Daniel Miessler
FEBRUARY 15, 2020
—. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.
Tech Republic Security
FEBRUARY 21, 2020
While the concerns are legitimate, Barracuda also wants IT professionals to know that practical solutions exist.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Thales Cloud Protection & Licensing
FEBRUARY 17, 2020
In the past decade, businesses started evaluating the pros and cons of moving to the cloud in order to meet the increased demand for the cost and IT efficiency benefits of cloud computing and Software as a Service (SaaS). Many businesses subsequently adopted a Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or SaaS model, thus positioning the cloud as the foundation for digital transformation.
Security Affairs
FEBRUARY 16, 2020
Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign. During the last quarter of 2019, experts from security firm ClearSky uncovered a hacking campaign tracked as Fox Kitten Campaign that is being conducted in the last three years.
Threatpost
FEBRUARY 19, 2020
A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.
Tech Republic Security
FEBRUARY 18, 2020
Consumers and employees are finally becoming more sensitive to the privacy of their data. As technology leaders it's worth getting ahead of this trend.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
FEBRUARY 20, 2020
CEOs today are prepared with better questions than 'Are we secure,' and chief information security officers had better be ready to answer.
Security Affairs
FEBRUARY 19, 2020
A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to WordFence, the ThemeREX Addons zero-day is currently installed on at least 44,000 websites.
Threatpost
FEBRUARY 18, 2020
A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more.
Tech Republic Security
FEBRUARY 19, 2020
One site registered in Russia offers a coronavirus cure for $300.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
363 
Let's personalize your content