Sat.Nov 17, 2018 - Fri.Nov 23, 2018

article thumbnail

Information Attacks against Democracies

Schneier on Security

Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks. Specifically, we wanted to explain why the same disinformation campaigns that act as a stabilizing influence in Russia are destabilizing in the United States.

article thumbnail

How to Shop Online Like a Security Pro

Krebs on Security

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping. So here’s a quick refresher course on how to make it through the next few weeks without getting snookered online. Adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet, for the simple r

Scams 276
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Massive Vulnerability Exposed at USPS

Adam Levin

Krebs on Security reported a security weakness that affected millions of USPS customers. The vulnerability in question allowed anyone with an account on USPS.com to view granular information about the site’s more than 60 million users. In what has become an all too familiar scenario, Krebs on Security was contacted by a researcher who discovered the problem a year earlier.

article thumbnail

Weekly Update 114

Troy Hunt

It's a no-blog week, but that doesn't mean any less is happening! This week, I've finally wrapped up the Lego Bugatti, got myself into the new iPad, connected my washing machine (I know, I know, I didn't plan it this way!) and then isolated it on a separate IoT network. What a time we live in. Oh - and speaking of times we live in, our data is getting thrown around the place like never before thanks to data aggregators and their constant breaches and frankly, I'm a bit fed up with it.

IoT 184
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Using Machine Learning to Create Fake Fingerprints

Schneier on Security

Researchers are able to create fake fingerprints that result in a 20% false-positive rate. The problem is that these sensors obtain only partial images of users' fingerprints -- at the points where they make contact with the scanner. The paper noted that since partial prints are not as distinctive as complete prints, the chances of one partial print getting matched with another is high.

article thumbnail

USPS Site Exposed Data on 60 Million Users

Krebs on Security

U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous.

More Trending

article thumbnail

Instagram glitch exposed some user passwords

Security Affairs

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch. According to a company spokesperson, the bug was “discovered internally and affected a very small number of people.”.

Passwords 111
article thumbnail

What Happened to Cyber 9/11?

Schneier on Security

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. (I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then.) The author's answer: Three main barriers are likely preventing this.

Hacking 213
article thumbnail

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

WIRED Threat Level

Safer browsing, more bitcoin scams, and the rest of the week's top security news.

Scams 112
article thumbnail

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

Privacy regulations and legislation are topics that continue to be of concern for consumers and businesses alike. News of data breaches, data vulnerabilities and compromised private information is released almost daily from businesses both small and large. Related: Europe’s GDPR ushers in new privacy era. Legislation has recently been proposed for individual states, addressing data privacy regulations head-on.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

6,500+ sites deleted after Dark Web hosting provider Daniel’s Hosting hack

Security Affairs

On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider, and deleted 6,500+ sites. On Thursday, November 15, hackers compromised Daniel’s Hosting, one of the largest Dark Web hosting provider. The news was confirmed by Daniel Winzen, the software developer behind the hosting service. Daniel’s Hosting became the largest Dark Web hosting provider earlier 2017 when Anonymous members breached and took down Freedom Hosting II.

Hacking 111
article thumbnail

The PCLOB Needs a Director

Schneier on Security

The US Privacy and Civil Liberties Oversight Board is looking for a director. Among other things, this board has some oversight role over the NSA. More precisely, it can examine what any executive-branch agency is doing about counterterrorism. So it can examine the program of TSA watchlists, NSA anti-terrorism surveillance, and FBI counterterrorism activities.

article thumbnail

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

WIRED Threat Level

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.

111
111
article thumbnail

Will Apple Serve Our Veterans, Or Expose Them to Fraud?

Adam Levin

The Wall Street Journal (subscription required) reported a potential new partnership between Apple and the Department of Veterans Affairs that would give military veterans access to portable electronic health records. This move will have one effect: expanding attackable surface and creating a new vector for fraudsters to attack. That should be enough to give pause, but there is more.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Flaw allowing identity spoofing affects authentication based on German eID cards

Security Affairs

The authentication process via German eID cards with RFID chips is flawed, an attacker could impersonate any other citizen. The nightmare comes true, the authentication process via German eID cards with RFID chips is flawed and a flaw could allow an attacker to allow identity spoofing and changing the date of birth. The situation is very serious, the new cards are accepted as an ID document in most countries in Europe and allow the German citizens to access online government services (i.e. tax s

article thumbnail

Cybersecurity at the Core

Dark Reading

For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.

article thumbnail

Using Airport and Hotel Wi-Fi Is Much Safer Than It Used to Be

WIRED Threat Level

You were right not to trust hotel and airport Wi-Fi a few years ago. But these days, it's (probably) fine.

111
111
article thumbnail

Protecting Big Data, while Preserving Analytical Agility

Thales Cloud Protection & Licensing

The age of Big Data is upon us. And, as more data is available for analytical purposes, more sensitive and private information is at risk. As The 2018 Thales Global Data Threat Report notes, “The top Big Data security issue is that sensitive data can be anywhere – and therefore everywhere – a concern expressed by 34% of global and U.S. respondents.”.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Protonmail hacked …. a very strange scam attempt

Security Affairs

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail. At the time it is not clear if the hacker belongs to a cyber crime gang, it claims to have stolen a “significant” amounts of data from the company. The ransom demand ( archive.is link ) was posted on Pastebin , the hacker claims to have compromised user’s email and also accused ProtonMail of sending user’s decrypted data to America

Scams 111
article thumbnail

Mirai Evolves From IoT Devices to Linux Servers

Dark Reading

Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.

IoT 84
article thumbnail

Rowhammer Data Hacks Are More Dangerous Than Anyone Feared

WIRED Threat Level

Researchers have discovered that the so-called Rowhammer technique works on "error-correcting code" memory, in what amounts to a serious escalation.

Hacking 111
article thumbnail

Ford Eyes Use of Customers’ Personal Data to Boost Profits

Threatpost

Ford's CEO sees the tech company model as key to the company's next chapter.

IoT 83
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

VMware fixed Workstation flaw disclosed at the Tianfu Cup PWN competition

Security Affairs

VMware released security updates to address a vulnerability (CVE-2018-6983) that was recently discovered at the Tianfu Cup PWN competition. VMware released security updates to address a vulnerability ( CVE-2018-6983 ) that was recently discovered by Tianwen Tang of Qihoo 360’s Vulcan Team at the Tianfu Cup PWN competition. White hat hackers earned more than $1 million for zero-day exploits disclosed at the hacking contest that took place on November 16-17 in Chengdu.

article thumbnail

To Stockpile or Not to Stockpile Zero-Days?

Dark Reading

As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.

article thumbnail

Russia's Fancy Bear and Cozy Bear Hackers May Have New Phishing Tricks

WIRED Threat Level

Two new reports show an uptick in sophisticated phishing attacks originating from—where else—Russia.

article thumbnail

Tips to Protect Your Domain[s] Investments

PerezBox Security

A few months back I was working with a customer that was having the worst day of their lives. Attackers had taken full control of their most critical digital asset. Read More. The post Tips to Protect Your Domain[s] Investments appeared first on PerezBox.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New set of Pakistani banks’ card dumps goes on sale on the dark web

Security Affairs

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach. Group-IB experts discovered another large set of compromised payment cards details that was put on sale on Joker’s Stash, one of the most popular underground hubs of stolen card data, on Nov. 13. The new set of dumps, unauthorized digital copies of the information contained in magnetic stripe of a bank card, came with the payment details of 177,

Banking 111
article thumbnail

Russia Linked Group Resurfaces With Large-Scale Phishing Campaign

Dark Reading

APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.

article thumbnail

Beware Black Friday Scams Lurking Among the Holiday Deals

WIRED Threat Level

Cybercriminals are always looking to steal your credit card or even your identity. But it pays to be on extra high alert come Black Friday.

Scams 97
article thumbnail

Zero-Trust Frameworks: Securing the Digital Transformation

Threatpost

Zero trust refers to the notion of evaluating the security risk of devices and users within the context of any given moment, without automatically conferring access based on credentials.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!