The Last Watchdog

AUGUST 27, 2018

Distributed denial of service (DDoS) attacks continue to erupt all across the Internet showing not the faintest hint of leveling off, much less declining, any time soon. Related video: How DDoS attacks leverage the Internet’s DNA. To the contrary, DDoS attacks appear to be scaling up and getting more sophisticated in lock step with digital transformation; DDoS attacks today are larger, more varied and come at the targeted website from so many more vectors than ever before.

DDOS 255

DDOS IoT Digital transformation Internet 255

Schneier on Security

AUGUST 27, 2018

A report for the Center for Strategic and International Studies looks at surprise and war. One of the report's cyberwar scenarios is particularly compelling. It doesn't just map cyber onto today's tactics, but completely re-imagines future tactics that include a cyber component (quote starts on page 110). The U.S. secretary of defense had wondered this past week when the other shoe would drop.

Accountability 252

Accountability Internet Internet Cyber Attacks 252

Troy Hunt

AUGUST 28, 2018

I'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months ago, I wrote about Pwned Passwords in Practice which demonstrates a whole heap of great use cases where they've been used in registration, password reset and login flows. Since that time, another big name has come on board too : I love that a service I use every day has taken something I've built and is doing awesome things with it!

Passwords 201

Passwords 201

Krebs on Security

AUGUST 28, 2018

Fiserv, Inc., a major provider of technology services to financial institutions, just fixed a glaring weakness in its Web platform that exposed personal and financial details of countless customers across hundreds of bank Web sites, KrebsOnSecurity has learned. Brookfield, Wisc.-based Fiserv [ NASDAQ:FISV ] is a Fortune 500 company with 24,000 employees and $5.7 billion in earnings last year.

Banking 188

Banking Accountability Retail Marketing 188

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

AUGUST 30, 2018

As the Industrial Internet of Things continues to transform the global industrial manufacturing and critical infrastructure industries, the threat of aggressive, innovative and dangerous cyber-attacks has become increasingly concerning. Related: The top 7 most worrisome cyber warfare attacks. Adopting modern technology has revealed a downside: its interconnectedness.

Manufacturing 154

Manufacturing Cyber Risk Risk Cyber Attacks 154

Schneier on Security

AUGUST 29, 2018

Interesting story of a CIA intelligence network in China that was exposed partly because of a computer-security failure: Although they used some of the same coding, the interim system and the main covert communication platform used in China at this time were supposed to be clearly separated. In theory, if the interim system were discovered or turned over to Chinese intelligence, people using the main system would still be protected -- and there would be no way to trace the communication back to

Penetration Testing 244

Penetration Testing Architecture Firewall Government 244

Krebs on Security

AUGUST 29, 2018

Instagram users should soon have more secure options for protecting their accounts against Internet bad guys. On Tuesday, the Facebook -owned social network said it is in the process of rolling out support for third-party authentication apps. Unfortunately, this welcome new security offering does nothing to block Instagram account takeovers when thieves manage to hijack a target’s mobile phone number — an increasingly common crime.

Authentication 143

Authentication Mobile Passwords Accountability 143

The Last Watchdog

AUGUST 29, 2018

If digital transformation, or DX , is to reach its full potential, there must be a security breakthrough that goes beyond legacy defenses to address the myriad new ways threat actors can insinuate themselves into complex digital systems. Network traffic analytics, or NTA , just may be that pivotal step forward. NTA refers to using advanced data mining and security analytics techniques to detect and investigate malicious activity in traffic moving between each device and on every critical system

Digital transformation 140

Digital transformation Accountability Retail Hacking 140

Schneier on Security

AUGUST 31, 2018

On Thursday, September 6, starting at 10:00 am CDT, I'll be doing a Reddit " Ask Me Anything " in association with the Ford Foundation. It's about my new book , but -- of course -- you can ask me anything. No promises that I will answer everything.

202

202

Security Affairs

AUGUST 29, 2018

Cyberstalking is one of the most overlooked crimes. This is exactly why it is among the fastest growing crimes in the world. Learn all there is about cyberstalking here. The internet has been a blessing since its inception. The very concept of globalization has come into existence just because of the internet. The world that was previously unconnected soon became a global village with different cultures and traditions linking together via the information highway.

Identity Theft 111

Identity Theft Internet Internet Surveillance 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

AUGUST 25, 2018

The sextortion email scam last month that invoked a real password used by each recipient and threatened to release embarrassing Webcam videos almost certainly was not the work of one criminal or even one group of criminals. Rather, it’s likely that additional spammers and scammers piled on with their own versions of the phishing email after noticing that some recipients were actually paying up.

Scams 133

Scams Internet Internet Passwords 133

Troy Hunt

AUGUST 31, 2018

A few little bits and pieces this week ranging from a new web cam (primarily to do Windows Hello auth), teaching my 8-year-old son HTML, progress with Firefox and HIBP, some really ridiculous comments from Namecheap re SSL (or TLS or HTTPS) and a full set of Pwned Passwords as NTLM hashes. I didn't mention it when I recorded, but there's already a bunch of sample code on how to dump your AD hashes and compare them to the Pwned Passwords list in the comments on that blog post.

Passwords 107

Passwords Encryption 107

Schneier on Security

AUGUST 31, 2018

Yet another way of eavesdropping on someone's computer activity: using the webcam microphone to "listen" to the computer's screen.

Surveillance 147

Surveillance 147

Security Affairs

AUGUST 27, 2018

A group of researchers has conducted an interesting study on AT commands attacks on modern Android devices discovering that models of 11 vendors are at risk. A group of researchers from the University of Florida, Stony Brook University, and Samsung Research America, has conducted an interesting research on the set of AT commands that are currently supported on modern Android devices.

Mobile 109

Mobile Firmware Advertising Telecommunications 109

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

AUGUST 31, 2018

Air Canada is advising customers to reset their passwords on their mobile application after detecting a potential data breach of customer records. In a notice, Air Canada says that a data breach it discovered last week impacted 20,000 profiles. However, the airline operator is urging all 1.7 million users to reset their passwords. “We detected unusual login behavior with Air Canada’s mobile App between Aug. 22-24, 2018.

Data breaches 106

Data breaches Passwords Mobile Encryption 106

WIRED Threat Level

AUGUST 25, 2018

Your phone number was never meant to be your identity. Now that it effectively is, we're all at risk.

Risk 104

Risk 104

Schneier on Security

AUGUST 31, 2018

This is a current list of where and when I am scheduled to speak: I'm giving a book talk on Click Here to Kill Everybody at the Ford Foundation in New York City, on September 5, 2018. The Aspen Institute's Cybersecurity & Technology Program is holding a book launch for Click Here to Kill Everybody on September 10, 2018 in Washington, DC. I'm speaking about my book Click Here to Kill Everybody: Security and Survival in a Hyper-connected World at the Harvard Book Store in Cambridge, Massachuse

Technology 146

Technology Risk Cybersecurity 146

Dark Reading

AUGUST 29, 2018

The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.

Engineering 104

Engineering Internet Internet 104

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

AUGUST 25, 2018

Chinese-owned telecommunications firm Huawei has been banned from Australia’s 5G network due to security concerns. The Australian government considers risky the involvement of Huawei for the rolling out of next-generation 5G communication networks. Huawei Australia defined the decision disappointing. We have been informed by the Govt that Huawei & ZTE have been banned from providing 5G technology to Australia.

Telecommunications 96

Telecommunications Manufacturing Government Wireless 96

WIRED Threat Level

AUGUST 29, 2018

So-called Attention commands date back to the 80s, but they can enable some very modern-day smartphone hacks.

Hacking 82

Hacking 82

Schneier on Security

AUGUST 30, 2018

I've previously written about people cheating in marathon racing by driving -- or otherwise getting near the end of the race by faster means than running. In China, two people were convicted of cheating in a pigeon race: The essence of the plan involved training the pigeons to believe they had two homes. The birds had been secretly raised not just in Shanghai but also in Shangqiu.

143

143

Threatpost

AUGUST 31, 2018

The Magecart group is likely behind the most prolific card-stealing operation seen in the wild to date.

Malware 81

Malware 81

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

AUGUST 29, 2018

Qualys experts discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. Security experts from Qualys discovered that OpenSSH is still vulnerable to Oracle attack, it is affected by the CVE-2018-15919 flaw at least since September 2011. A few days ago the security expert Darek Tytko from securitum.pl has reported a similar username enumeration vulnerability in the OpenSSH client.

Authentication 93

Authentication Advertising Passwords Software 93

WIRED Threat Level

AUGUST 29, 2018

Despite an injunction against sharing the plans online, Cody Wilson is now selling the blueprints directly.

71

71

Schneier on Security

AUGUST 28, 2018

Andy Greenberg wrote a fascinating account of the Russian NotPetya worm, with an emphasis on its effects on the company Maersk. BoingBoing post.

Accountability 131

Accountability Malware 131

Threatpost

AUGUST 27, 2018

Botnets fused with artificial intelligence are decentralized and self-organized systems, capable of working together toward a common goal – attacking networks.

Artificial Intelligence 78

Artificial Intelligence DDOS Cyber threats IoT 78

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 26, 2018

A team of security experts has devised a rogue USB charging cable named USBHarpoon that can be used to compromise a computer in just a few seconds. The team was composed of Olaf Tan and Dennis Goh of RFID Research Group , Vincent Yiu of SYON Security , and the popular Kevin Mitnick. The USBHarpoon takes inspiration on the BadUSB project built by researchers at Security Research Labs lead by Karsten Nohl.

Hacking 85

Hacking Advertising Penetration Testing Mobile 85

Dark Reading

AUGUST 27, 2018

A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.

Technology 65

Technology 65

WIRED Threat Level

AUGUST 25, 2018

In security news this week, Apple and Facebook beef, Reality Winner gets sentenced, facial recognition at the airport, and more.

57

57

Threatpost

AUGUST 31, 2018

Unlike its browser competitors, Firefox will soon start blocking tracking cookies by default in the name of consumer privacy.

57

57

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity