Sat.Jan 11, 2020 - Fri.Jan 17, 2020

article thumbnail

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from dis

Internet 284
article thumbnail

5G Security

Schneier on Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Because the companies that make the equipment are subservient to the Chinese government, they could be forced to include backdoors in the hardware or software to give Beijing remote access. Eavesdropping is also a risk, although efforts to listen in would almost certainly be detectable.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Baby App “Peekaboo” Leaks Photos, Videos and Personal Data

Adam Levin

An unsecured database discovered online has leaked thousands of baby photos and videos. . Bithouse, Inc. left unprotected and accessible online an Elasticsearch database containing nearly 100GB of information associated with its app Peekabo Moments. The leaked data includes photos, videos, and birthdates of babies, as well as 800,000 email addresses, location data as well as detailed device information. .

article thumbnail

Why blockchain-based cybersecurity may be the answer for vulnerable IoT networks

Tech Republic Security

CES 2020: A "hacked" robot was on display to demonstrate how SigmaDots serverless architecture is poised to fend off IoT security threats.

IoT 203
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Patch Tuesday, January 2020 Edition

Krebs on Security

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. The patch batch includes a fix for a flaw in Windows 10 and server equivalents of this operating system that prompted an unprecedented public warning from the U.S. National Security Agency. This month also marks the end of mainstream support for Windows 7 , a still broadly-used operating system that will no longer be supplied with security updates.

Software 259
article thumbnail

Critical Windows Vulnerability Discovered by NSA

Schneier on Security

Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.

Media 269

More Trending

article thumbnail

These subject lines are the most clicked for phishing

Tech Republic Security

The most successful email lures don't promise riches, but issue imminent cybersecurity warnings or urgent office messages, a report reveals.

Phishing 187
article thumbnail

Phishing for Apples, Bobbing for Links

Krebs on Security

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple , whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen.

Phishing 244
article thumbnail

Cryptographic Excitement

Adam Shostack

In the last few days, we’ve seen two big stories in the realm of cryptography. The first is that SHA-1 breaks are now practical , and those practical breaks impact things like PGP and git. If you have code that depends on SHA-1, its time to fix that. If you have a protocol that uses SHA1, you need to rapidly version cycle. Thinking a bit more strategically, SHA-1 was designed by the NSA, and published in 1993.

article thumbnail

Securing Tiffany's Move

Schneier on Security

Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.

140
140
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How a researcher exploited the Windows 10 bug patched by Microsoft

Tech Republic Security

Security researcher Saleem Rashid "rickrolled" himself to show that the bug could be exploited in the real world to spoof security certificates on machines without Microsoft's patch.

184
184
article thumbnail

All the Ways Facebook Tracks You—and How to Limit It

WIRED Threat Level

If you have a Facebook account—and even if you don't—the company is going to collect data about you. But you can at least control how it gets used.

article thumbnail

Enter the SpudNet

Adam Shostack

Spudnet is a new game to teach networking and security concepts. The creators were kind enough to send me a pre-production copy, and I can tell you – it looks and feels super solid, and, more importantly, it plays well. The Kickstarter has already met its goals, and while all Kickstarters have risk, the creators clearly have production down.

Risk 147
article thumbnail

Las Vegas Successfully Averted a Cyberattack

Adam Levin

The City of Las Vegas successfully averted what could have been a disastrous cyberattack earlier this month. City officials detected a cyberattack January 7, and in response immediately took several services offline, including its public-facing website. . “We do not believe any data was lost from our systems and no personal data was taken. We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications,” the city announced on its Twitter feed.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How to better protect your organization's most valuable data

Tech Republic Security

Many organizations underestimate the value of their data to skilled and organized cybercriminals, said security provider eSentire.

158
158
article thumbnail

If Russia Hacked Burisma, Brace for the Leaks to Follow

WIRED Threat Level

The Kremlin likely hacked the oil giant. Its next play: selectively release—and even forge—documents. Did the US learn enough from 2016 to ignore them?

Hacking 133
article thumbnail

100,00 Moon Shots

Adam Shostack

Andrew McCarthy has an amazing and impressive photographs of the moon on Instagram. To call these photographs is somewhat provocative. In his trilogy, Ansel Adams focuses (sorry! Not sorry) on composition, exposure, and development. By exposure, he specifically meant exposing film to light in controlled ways that caused chemical reactions on the film, and it remains common to hear photographers talk of ‘an exposure’, in much the same way that we dial phones.

130
130
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On Thursday, February 27, at 9:20 AM, I'm giving a keynote on "Hacking Society.".

Hacking 122
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Microsoft rolls out patch for serious Windows bug highlighted by NSA

Tech Republic Security

Designed to exploit a vulnerability in Windows 10 and Windows Server 2016 and 2019, the bug could allow an attacker to remotely access and control an infected computer.

147
147
article thumbnail

This One Little Configuration Change Will Make It Harder For People To Steal Your Information

CTOVision Cybersecurity

Editor’s note: We are aiming this tutorial at the non-technical person. Please share with anyone in your life who could benefit from this. -bg Cyberspace is a complex domain and our adversaries are always seeking new ways to steal information or spread their malicious code or hold our data for ransom. This is the big reason […].

108
108
article thumbnail

A Practical Guide to Zero-Trust Security

Threatpost

There are five different pillars to implement when moving to a modern, zero-trust security model.

InfoSec 107
article thumbnail

Google removed 1.7K+ Joker Malware infected apps from its Play Store

Security Affairs

Google revealed it successfully removed more than 1,700 apps from the Play Store over the past three years that had been infected with the Joker malware. Google provided technical details of its activity against the Joker malware (aka Bread) operation during the last few years. The Joker malware is a malicious code camouflaged as a system app and allows attackers to perform a broad range of malicious operations, including disable the Google Play Protect service , install malicious apps, generate

Malware 104
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

How to add a host to Observium

Tech Republic Security

Now that you have the Observium network monitoring platform installed, it's time to add a host.

144
144
article thumbnail

The Mandalorian Is the Only Smart Soldier in the Star Wars Galaxy

WIRED Threat Level

It took decades, but the galaxy finally has a tactical and operational genius. .

101
101
article thumbnail

Unsupervised Learning: No. 211

Daniel Miessler

[advanced_iframe src=”[link] width=”100%”] No related posts.

article thumbnail

China-linked APT40 group hides behind 13 front companies

Security Affairs

A group of anonymous security researchers that calls itself Intrusion Truth have tracked the activity of a China-linked cyber – e spionage group dubbed APT40. A group of anonymous security researchers that calls itself Intrusion Truth has discovered that a China-linked cyberespionage group, tracked as APT40, uses 13 front companies operating in the island of Hainan to recruit hackers.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What to do if you're still running Windows 7

Tech Republic Security

Your best bet is to finish a migration to Windows 10 ASAP, but there are other options in the interim, says content delivery company Kollective.

139
139
article thumbnail

Windows 10 Has a Security Flaw So Severe the NSA Disclosed It

WIRED Threat Level

In a shift toward transparency, the National Security Agency announced a bug that could have left over 900 million PCs vulnerable to attack.

Hacking 100
article thumbnail

Texas School District Loses $2.3M to Phishing Attack

Dark Reading

The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.

article thumbnail

New Bill prohibits intelligence sharing with countries using Huawei 5G equipment

Security Affairs

Last week, Senator Tom Cotton (R-Arkansas) introduced a bill that would ban intelligence sharing with countries that use Huawei 5G networks. Senator Tom Cotton (R-Arkansas) has introduced this week a new bill that would ban the sharing of intelligence with countries that use Huawei equipment on their fifth-generation (5G) networks. Since November 2018, the US Government has invited its allies to exclude Chinese equipment from critical infrastructure and 5G architectures over security concerns.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!