Sat.Feb 15, 2020 - Fri.Feb 21, 2020

article thumbnail

Hackers Were Inside Citrix for Five Months

Krebs on Security

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

VPN 360
article thumbnail

Inrupt, Tim Berners-Lee's Solid, and Me

Schneier on Security

For decades, I have been talking about the importance of individual privacy. For almost as long, I have been using the metaphor of digital feudalism to describe how large companies have become central control points for our data. And for maybe half a decade, I have been talking about the world-sized robot that is the Internet of Things, and how digital security is now a matter of public safety.

IoT 342
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MGM Data Breach Affects Over 10 Million Customers

Adam Levin

The personal information of over 10.6 million customers of MGM Resorts has been published online. MGM Resorts confirmed the leaked data as being the result of a data breach that occurred last year. The data includes full names, home addresses, phone numbers, email addresses, birthdates, and, in some cases, passport numbers of 10,683,188 hotel guests, including celebrities and prominent public figures such as Justin Bieber and Twitter CEO Jack Dorsey.

article thumbnail

Weekly Update 179

Troy Hunt

On reflection, I feel this week's update was dominated by having a laugh at an IoT candle ?? And that's fair, too, even though I then went and bought one because hey, this is gonna be great conference talk material! Delivery is going to be much later this year so don't hold your breath, but it could be really, uh, "interesting" once it lands. Stay tuned for that one but until then, here's this week's update: References If you're not pwned, you may be an anomaly (I'd actually like to write this u

IoT 259
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

Scams 339
article thumbnail

Voatz Internet Voting App Is Insecure

Schneier on Security

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.". Abstract: In the 2018 midterm elections, West Virginia became the first state in the U.S. to allow select voters to cast their ballot on a mobile phone via a proprietary app called "Voatz.

Internet 267

More Trending

article thumbnail

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses. Related :Promise vs. pitfalls of IoT For small- and mid-sized businesses, firewalls, antivirus suites and access management systems represent the entry stakes for participating in today’s digital economy. Security-mature SMBs go the next step and embrace incidence response and disaster recovery planning, as well Meanwhile, large enterprises pour tens of

article thumbnail

Encoding Stolen Credit Card Data on Barcodes

Krebs on Security

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards. The scammers then pay for merchandise by instructing a cashier to scan the barcode and enter the expiration date and card security code.

297
297
article thumbnail

Hacking McDonald's for Free Food

Schneier on Security

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month. One day, David happened to be checking out how the website's coding was structured when he noticed that the information triggering the server to issue a new voucher was always the same.

Hacking 262
article thumbnail

How to use Restricted Shell to limit user access to a Linux system

Tech Republic Security

Learn how to prevent Linux users from executing certain commands and confining them to their home directory by employing rbash.

216
216
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

It was just a few short years ago that the tech sector, led by Google, Mozilla and Microsoft, commenced a big push to increase the use of HTTPS – and its underlying TLS authentication and encryption protocol. Related: Why Google’s HTTPS push is a good thing At the time, just 50 % of Internet traffic used encryption. Today the volume of encrypted network traffic is well over 80% , trending strongly toward 100%, according to Google.

article thumbnail

Russia Doesn't Want Bernie Sanders. It Wants Chaos

WIRED Threat Level

The point of Kremlin interference has always been to find democracy’s loose seams, and pull.

145
145
article thumbnail

Policy vs Technology

Schneier on Security

Sometime around 1993 or 1994, during the first Crypto Wars, I was part of a group of cryptography experts that went to Washington to advocate for strong encryption. Matt Blaze and Ron Rivest were with me; I don't remember who else. We met with then Massachusetts Representative Ed Markey. (He didn't become a senator until 2013.) Back then, he and Vermont Senator Patrick Leahy were the most knowledgeable on this issue and our biggest supporters against government backdoors.

article thumbnail

Python, microservices, and more tech trends for 2020, according to O'Reilly

Tech Republic Security

Interest in Kubernetes is increasing, and DevOps is losing steam, based on O'Reilly survey findings.

216
216
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

MY TAKE: PKI, digital certificates now ready to take on the task of securing digital transformation

The Last Watchdog

Just five years ago, the Public Key Infrastructure, or PKI , was seriously fraying at the edges and appeared to be tilting toward obsolescence. Things have since taken a turn for the better. Related: Why PKI is well-suited to secure the Internet of Things PKI is the authentication and encryption framework on which the Internet is built. The buckling of PKI a few years back was a very serious matter, especially since there was nothing waiting in the wings to replace PKI.

article thumbnail

Hackers are actively exploiting a Zero-Day in WordPress ThemeREX Plugin to create Admin Accounts

Security Affairs

A new flaw was discovered in a WordPress plugin, this time experts found a zero-day vulnerability in the ThemeREX Addons to create admin accounts. Security experts from WordFence have discovered a zero-day vulnerability in the ThemeREX Addons that was actively exploited by hackers in the wild to create user accounts with admin permissions. According to WordFence, the ThemeREX Addons zero-day is currently installed on at least 44,000 websites.

article thumbnail

Internet of Things Candle

Schneier on Security

There's a Kickstarter for an actual candle , with real fire, that you can control over the Internet. What could possibly go wrong?

Internet 251
article thumbnail

5 best practices for IIoT project success

Tech Republic Security

Based on years of pilot projects and proofs-of-concept, the Industrial Internet Consortium has detailed the best-practices organizations can use to ensure successful deployments.

Internet 204
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The New Privacy Regulation That’s Sink-or-Swim for Small Business

Adam Levin

The California Consumer Privacy Act ( CCPA ) became law on January 1, 2020, and as was the case on the effective date of the General Data Protection Regulation (GDPR), the European Union’s similarly sweeping privacy legislation, it is being met with a general panic. How dare that deadline actually pass without our data practices magically being up to snuff?

article thumbnail

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Security Affairs

The US administration requested $9.8 billion for cyber in next year’s budget for the Department of Defense, the amount is the same as last year. The US administration requested $9.8 billion for cyber operations in next year’s budget for the Department of Defense, a data that confirms the strategic importance of the fifth domain of the warfare for the US Government.

article thumbnail

My Conversation With General Earl Matthews on Election Security

Daniel Miessler

—. If you get value from this content, you can support it directly by becoming a member. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content.

article thumbnail

Coronavirus domain names are the latest hacker trick

Tech Republic Security

One site registered in Russia offers a coronavirus cure for $300.

204
204
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

RSAC 2020: Trust in the Cloud. What Should You Do with Your Encryption Keys?

Thales Cloud Protection & Licensing

In the past decade, businesses started evaluating the pros and cons of moving to the cloud in order to meet the increased demand for the cost and IT efficiency benefits of cloud computing and Software as a Service (SaaS). Many businesses subsequently adopted a Platform as a Service (PaaS), Infrastructure as a Service (IaaS) or SaaS model, thus positioning the cloud as the foundation for digital transformation.

article thumbnail

Unsigned Firmware running on peripherals could expose Windows, Linux systems to hack

Security Affairs

Peripheral devices with unsigned firmware can expose Windows and Linux machines to hack, warn experts from firmware security firm Eclypsium. Experts at firmware security firm Eclypsium have discovered that many peripheral device manufacturers have not implemented security checks to prevent the installation of firmware from an untrusted source. An attacker could exploit the lack of checks to execute malicious firmware and perform malicious actions on both Windows and Linux systems, such as the in

Firmware 145
article thumbnail

The US Blames Russia's GRU for Sweeping Cyberattacks in Georgia

WIRED Threat Level

By calling out Russia for digital assaults on its neighboring country, the US hopes to head off similar efforts at home.

Hacking 121
article thumbnail

Finally, the world is getting concerned about data privacy

Tech Republic Security

Consumers and employees are finally becoming more sensitive to the privacy of their data. As technology leaders it's worth getting ahead of this trend.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

SMS Attack Spreads Emotet, Steals Bank Credentials

Threatpost

A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.

Banking 117
article thumbnail

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

Exclusive: Pakistan and India to armaments. Researchers from Cybaze-Yoroi ZLab gathered intelligence on the return of Operation Transparent Tribe is back 4 years later. Introduction. The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan.

Malware 145
article thumbnail

The 'Robo Revenge' App Makes It Easy to Sue Robocallers

WIRED Threat Level

Mac malware, a Bitcoin mixer, and more of the week's top security news.

Malware 117
article thumbnail

70% of IT leaders say security concerns restrict adoption of public cloud

Tech Republic Security

While the concerns are legitimate, Barracuda also wants IT professionals to know that practical solutions exist.

200
200
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!