Schneier on Security

APRIL 4, 2019

Researchers have been able to fool Tesla's autopilot in a variety of ways, including convincing it to drive into oncoming traffic. It requires the placement of stickers on the road. Abstract: Keen Security Lab has maintained the security research work on Tesla vehicle and shared our research results on Black Hat USA 2017 and 2018 in a row. Based on the ROOT privilege of the APE (Tesla Autopilot ECU, software version 18.6.1), we did some further interesting research work on this module.

Software 241

Software Risk 241

Krebs on Security

APRIL 4, 2019

An alleged top boss of a Romanian crime syndicate that U.S. authorities say is responsible for deploying card-skimming devices at Automated Teller Machines (ATMs) throughout North America was arrested in Mexico last week on firearms charges. The arrest comes months after the accused allegedly ordered the execution of a former bodyguard who was trying to help U.S. authorities bring down the group’s lucrative skimming operations.

Wireless 230

Wireless Media Surveillance Accountability 230

The Last Watchdog

APRIL 5, 2019

The Cloud Access Security Broker (CASB) space is maturing to keep pace with digital transformation. Related: CASBs needed now, more than ever. Caz-bees first took shape as a cottage industry circa 2013 to 2014 in response to a cry for help from companies reeling from new Shadow IT exposures : the risk created by early-adopter employees, quite often the CEO, insisting on using the latest smartphone and Software-as-a-Services tools, without any shred of security vetting.

Digital transformation 203

Digital transformation CSO Firewall Risk 203

Adam Levin

APRIL 5, 2019

Multiple sales subsidiaries of Toyota Motor Corp. were breached in an apparent cyberattack that may have leaked the personal information of up to 3.1 million people in the Tokyo area. Toyota announced the possible breach as being the result of “unauthorized access” to a network server containing customer information in late March, but explained that they were unable to confirm if any data was actually lost.

Hacking 182

Hacking Data breaches Cybersecurity 182

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

APRIL 4, 2019

This is a pretty awful story of how Andreas Gal, former Mozilla CTO and US citizen, was detained and threatened at the US border. CBP agents demanded that he unlock his phone and computer. Know your rights when you enter the US. The EFF publishes a handy guide. And if you want to encrypt your computer so that you are unable to unlock it on demand, here's mu guide.

Encryption 240

Encryption 240

Krebs on Security

MARCH 31, 2019

For the second year in a row, denizens of a large German-language online forum have donated more than USD $250,000 to cancer research organizations in protest of a story KrebsOnSecurity published in 2018 that unmasked the creators of Coinhive , a now-defunct cryptocurrency mining service that was massively abused by cybercriminals. Krebs is translated as “cancer” in German.

Cryptocurrency 185

Cryptocurrency Accountability Hacking 185

Troy Hunt

APRIL 5, 2019

Wow, a weekly update back on the normal schedule! I also realised when watching this back how less tired I look compared to the last few weeks. Travel takes its toll so I touched on that a bit in this week's update, along with the usual raft of new data breaches to go into HIBP. Plus there's Facebook's incidents, both the one they're not directly responsible for and the one they are responsible for, but is also both a bit of a non-event and something that's reflective of broader issues in the in

Data breaches 152

Data breaches Passwords Accountability Software 152

Schneier on Security

APRIL 5, 2019

A recent article overhyped the release of EverCrypt , a cryptography library created using formal methods to prove security against specific attacks. The Quantum magazine article sets off a series of "snake-oil" alarm bells. The author's Github README is more measured and accurate, and illustrates what a cool project this really is. But it's not "hacker-proof cryptographic code.".

Encryption 238

Encryption Hacking 238

Adam Shostack

APRIL 5, 2019

Cyber. Making Software “What Really Works, and Why We Believe It” by Andy Oram and Greg Wilson. This collection of essays is a fascinating view into the state of the art in empirical analysis software engineering. Agile Application Security by Laura Bell, Michael Brunton-Spall, Rich Smith and Jim Bird. A really good overview of the many moving pieces in an agile SDL.

Marketing 150

Marketing Internet Internet Software 150

The Last Watchdog

APRIL 3, 2019

Identity governance and administration, or IGA , has suddenly become a front-burner matter at many enterprises. Related: Identity governance issues in the age of digital transformation. This is, in large part, because the complexity of business networks continues to escalate at a time when compliance mandates are intensifying. I had the chance at RSA 2019 to visit with Mike Kiser, global strategist at SailPoint , an Austin, TX-based supplier of IGA services to discuss this.

Digital transformation 140

Digital transformation Insurance Government Financial Services 140

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Troy Hunt

MARCH 31, 2019

From last week's update in Seattle to home to Sydney to back home and a late update (again). But regardless, I'm committed to continuing the cadence of doing these updates each week and 132 of them in, I'm yet to miss a week. This week it's a combination of more of the same (travel, events and data breaches), as well as more thoughts on the future of HIBP and Cloudflare's role when it comes to nasty content online.

Data breaches 152

Data breaches Cyber Attacks Ransomware 152

Schneier on Security

APRIL 2, 2019

This is a fascinating hack: In today's digital age, a large Instagram audience is considered a valuable currency. I had also heard through the grapevine that I could monetize a large following -- or in my desired case -- use it to have my meals paid for. So I did just that. I created an Instagram page that showcased pictures of New York City's skylines, iconic spots, elegant skyscrapers ­-- you name it.

Hacking 232

Hacking Marketing Accountability 232

Adam Shostack

APRIL 2, 2019

“90% of attacks start with phishing!*” “Cyber attacks will cost the world 6 trillion by 2020!” We’ve all seen these sorts of numbers from vendors, and in a sense they’re April Fools day numbers: you’d have to be a fool to believe them. But vendors quote insane because there’s no downside and much upside.

Phishing 113

Phishing Cyber Attacks Marketing 113

Security Affairs

APRIL 2, 2019

Attackers Store Malware in Hidden Directories of Compromised HTTPS Sites. Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads. Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads.

Malware 111

Malware Phishing Ransomware Advertising 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

APRIL 3, 2019

In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent - even in the face of a skills shortage.

Cybersecurity 106

Cybersecurity 106

Schneier on Security

APRIL 1, 2019

Yet another side-channel attack on smartphones: " Hearing your touch: A new acoustic side channel on smartphones ," by Ilia Shumailov, Laurent Simon, Jeff Yan, and Ross Anderson. Abstract: We present the first acoustic side-channel attack that recovers what users type on the virtual keyboard of their touch-screen smartphone or tablet. When a user taps the screen with a finger, the tap generates a sound wave that propagates on the screen surface and in the air.

Mobile 232

Mobile 232

Adam Shostack

APRIL 1, 2019

“Today, let me contrast two 20-year-old papers on threat modeling. My first paper on this topic, “Breaking Up Is Hard to Do,” written with Bruce Schneier, analyzed smart-card security. We talked about categories of threats, threat actors, assets — all the usual stuff for a paper of that era. We took the stance that “we experts have thought hard about these problems, and would like to share our results.” Around the same time, on April 1, 1999, Loren Kohnfelder and Pr

100

100

Security Affairs

APRIL 4, 2019

The German chemicals giant Bayer confirmed that of a cyber attack, it confirmed the incident but clarified that no data has been stolen. The chemicals giant Bayer is the last victims of a cyber attack, it confirmed the incident, but pointed out the hackers haven’t stolen any data. According to the company, at the beginning of 2018, it detected an intrusion that linked to Winnti threat actors, a group of Chinese APTs belonging to the Beijing intelligence apparatus, Groups under the Winnti u

Cyber Attacks 111

Cyber Attacks Advertising Media Hacking 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

APRIL 2, 2019

New data from ISC(2) shows younger women are making more money than in previous generations in the field - but overall gender pay disparity persists.

Cybersecurity 107

Cybersecurity 107

Elie

MARCH 31, 2019

On February 5th, for Safer Internet Day, our team. launched. its first public-facing system, called. Password Checkup. Password checkup allows users to check, in a privacy-preserving manner, whether their username and password matches one of the more than 4B+ credentials exposed by third-party data breaches of which Google is aware. This launch success vastly exceeded our wildest expectations, with over 650,000 users installing our chrome extension in the first three weeks following the release.

Passwords 87

Passwords Data breaches Accountability Internet 87

WIRED Threat Level

APRIL 3, 2019

A cybersecurity firm found that two different third-party Facebook apps left millions of records about users sitting unprotected on Amazon’s servers.

Cybersecurity 97

Cybersecurity 97

Security Affairs

APRIL 2, 2019

The privilege escalation vulnerability ( CVE-2019-0211 ) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems. An important privilege escalation vulnerability ( CVE-2019-0211 ) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems via scoreboard manipulation.

Advertising 111

Advertising Authentication Hacking Risk 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

APRIL 5, 2019

The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.

Cybersecurity 88

Cybersecurity 88

Thales Cloud Protection & Licensing

APRIL 2, 2019

Today marks an exciting milestone as Thales and Gemalto become one company. As a result of the combination of these two global leaders in digital security, Thales eSecurity and Gemalto’s Enterprise & Cybersecurity business are joining together as Thales Cloud Protection & Licensing , creating the world leader in cloud, data and software protection.

Digital transformation 83

Digital transformation Software Encryption Technology 83

WIRED Threat Level

APRIL 3, 2019

Galperin has already convinced Kaspersky to flag domestic abuse spyware as malware. She expects more to follow.

Spyware 112

Spyware Malware 112

Security Affairs

APRIL 5, 2019

Security experts at Rapid7 have discovered that over 2 million Apache HTTP servers are still affected by the CVE-2019-0211 critical privilege escalation flaw. An important privilege escalation vulnerability ( CVE-2019-0211 ) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems via scoreboard manipulation.

Advertising 111

Advertising Cyber Attacks Risk Hacking 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

APRIL 4, 2019

The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.

Malware 88

Malware Banking Ransomware 88

eSecurity Planet

APRIL 1, 2019

Automation, orchestration and machine learning technologies could help organizations keep up with cybersecurity threats, according to new research.

Cybersecurity 90

Cybersecurity Risk Technology 90

Threatpost

APRIL 1, 2019

Google said in 2018 it tracked a rise in the number of potentially harmful apps found on Android devices that were either pre-installed or delivered via over-the-air updates.

Software 76

Software Mobile Malware 76

Security Affairs

APRIL 3, 2019

The huge trove of Facebook user data was amassed and stored online on unprotected cloud servers by third-party Facebook app developers. Definitively I can tell you that this is an awful period for Facebook and its users. We first read about an embarrassing incident involving the social network giant that asked some newly-registered users to provide the passwords to their email accounts to confirm their identity … this is absurd.

Advertising 111

Advertising Accountability Media Passwords 111

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity