Krebs on Security

APRIL 26, 2019

A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found. A map showing the distribution of some 2 million iLinkP2P-enabled devices that are vulnerable to eavesdropping, password theft and possibly remote compromise, according to new research.

IoT 273

IoT Firewall Manufacturing Computers and Electronics 273

Schneier on Security

APRIL 22, 2019

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical systems in general -- in here.

Software 272

Software IoT 272

Adam Levin

APRIL 22, 2019

The European Union’s parliament voted to create a biometric database of over 350 million people. The Common Identity Repository, or CIR, will consolidate the data from the EU’s border, migration, and law enforcement agencies into one system to be quickly accessible and searchable by any or all of them. Information will include names, birthdates, passport numbers as well as fingerprints and face scans.

Government 227

Government Data breaches 227

The Last Watchdog

APRIL 23, 2019

As a tech reporter at USA TODAY, I wrote stories about how Google fractured Microsoft’s Office monopoly , and then how Google clawed ahead of Apple to dominate the global smartphone market. Related: A path to fruition of ‘SecOps’ And now for Act 3, Google has thrown down the gauntlet at Amazon, challenging the dominant position of Amazon Web Services in the fast-emerging cloud infrastructure global market.

Marketing 193

Marketing Firewall Architecture Software 193

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

APRIL 22, 2019

The owner of a Swedish company behind a popular remote administration tool (RAT) implicated in thousands of malware attacks shares the same name as a Swedish man who pleaded guilty in 2015 to co-creating the Blackshades RAT , a similar product that was used to infect more than half a million computers with malware, KrebsOnSecurity has learned. An advertisement for RevCode WebMonitor.

Advertising 215

Advertising Antivirus Software Malware 215

Schneier on Security

APRIL 23, 2019

From a G7 meeting of interior ministers in Paris this month, an " outcome document ": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology and while ensuring that assistance requested from internet companies is underpinned by the r

Encryption 267

Encryption Internet Internet Hacking 267

The Last Watchdog

APRIL 22, 2019

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be. Related: The need for diversity in cybersecurity personnel One of the top innovators in the training space is Circadence ®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player video games.

Cybersecurity 190

Cybersecurity Artificial Intelligence Internet Internet 190

Adam Levin

APRIL 24, 2019

A messaging app released by the French government to secure internal communications has gotten off to a troubled start. Tchap was released in beta earlier this month as a secure messaging app exclusively for government officials. Its development and release was made to address security concerns and data vulnerabilities in more widely used apps including WhatsApp and Telegram (a favorite of French Prime Minister Emmanuel Macron).

Government 123

Government Software Hacking Cybersecurity 123

Schneier on Security

APRIL 24, 2019

A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing.

Government 210

Government 210

Adam Shostack

APRIL 24, 2019

There’s a great post from my friends at Continuum, “ Three Killer Arguments for Adopting Threat Modeling. Their arguments are “Threat Modeling Produces Measurable Security,” “Threat Modeling Done Right Encourages Compliance,” and “Threat Modeling Saves You Money.” (Actually, they have 6.).

100

100

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

APRIL 24, 2019

Accounting for third-party risks is now mandated by regulations — with teeth. Related: Free ‘VRMM’ tool measures third-party exposure Just take a look at Europe’s GDPR , NYDFS’s cybersecurity requirement s or even California’s newly minted Consumer Privacy Act. What does this mean for company decision makers, going forward, especially as digital transformation and expansion of the gig economy deepens their reliance on subcontractors?

Risk 164

Risk Technology IoT Digital transformation 164

Security Affairs

APRIL 21, 2019

Researcher discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Researcher Sanyam Jain at GDI foundation discovered eight unsecured databases exposed online that contained approximately 60 million records of LinkedIn user data. Most of the data are publicly available, the databases also include the email addresses of the users.

Data breaches 112

Data breaches Advertising Education Accountability 112

Schneier on Security

APRIL 26, 2019

Business Weekly in Taiwan interviewed me. (Here's a translation courtesy of Google.) It was a surprisingly intimate interview. I hope the Chinese reads better than the translation.

199

199

Dark Reading

APRIL 23, 2019

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.

Malware 105

Malware 105

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Spinone

APRIL 23, 2019

Accidental and intentional file deletion is extremely common among corporate employees. You may have Google Workspace (formerly G Suite) users who have deleted a file or a number of files only to realise it was not the file or files they assumed. Another common scenario is when you have your coworkers who perform a Save operation instead of a Save As operation by overwriting valuable data.

Backups 95

Backups Accountability Ransomware Encryption 95

Security Affairs

APRIL 23, 2019

CheckPoint firm uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer to target officials in several embassies in Europe. Security experts at CheckPoint uncovered a cyber espionage campaign leveraging a weaponized version of TeamViewer and malware disguised as a top-secret US government document to target officials in several embassies in Europe.

Advertising 111

Advertising Government Cryptocurrency Banking 111

Schneier on Security

APRIL 25, 2019

Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper.

Surveillance 224

Surveillance Cybersecurity 224

WIRED Threat Level

APRIL 25, 2019

In a small Minnesota town, an IT technician found his way to the darkest corner of the web. Then he made a deadly plan.

Hacking 111

Hacking 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

APRIL 23, 2019

What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.

Malware 96

Malware 96

Security Affairs

APRIL 22, 2019

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x and 2.x versions of the library that are affected by the ‘Prototype Pollution’ vulnerability.

Advertising 111

Advertising Hacking 111

eSecurity Planet

APRIL 24, 2019

Single sign-on solutions can make access management easier for security teams, and the most sophisticated can adapt as risks change. Here are 10 of the best.

Risk 89

Risk 89

WIRED Threat Level

APRIL 23, 2019

The larger lesson of an ongoing Ethereum crime spree: Be careful with who's generating your cryptocurrency keys.

Cryptocurrency 109

Cryptocurrency Hacking 109

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

APRIL 25, 2019

For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.

Internet 81

Internet Internet Firewall 81

Security Affairs

APRIL 20, 2019

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap , a new secure messaging app launched by the French government for encrypted communications between officials and politicians.

Government 111

Government Encryption Accountability Advertising 111

Threatpost

APRIL 24, 2019

As U.S. citizens realize that facial recognition is present in real-life applications, more questions are arising about consent, how data is shared - and what regulation exists.

69

69

WIRED Threat Level

APRIL 26, 2019

While foreign phone carriers are sharing data to stop SIM swap fraud, US carriers are dragging feet.

Hacking 110

Hacking 110

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

APRIL 22, 2019

Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.

Media 86

Media 86

Security Affairs

APRIL 24, 2019

Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. New Oracle #WebLogic #RCE #Deserialization 0-day Vulnerability. No vendor fix yet! Speak to @waratek for guaranteed active protection against 0-day RCE attacks with no blacklists, signatures, or profiling #NoSourceCodeChanges [link]

Advertising 111

Advertising Engineering Technology Hacking 111

Threatpost

APRIL 25, 2019

An auditing program for the voice assistant technology exposes geolocation data that can be personally identified, sources said.

Technology 81

Technology IoT 81

WIRED Threat Level

APRIL 21, 2019

Researchers have shown that even though Netflix encrypts its traffic, hackers can figure out your interactive movie choices.

Encryption 84

Encryption Hacking 84

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity