Troy Hunt

NOVEMBER 22, 2019

Until this month, I'd never heard of People Data Labs (PDL). I'd certainly heard of the sector they operate in - "Data Enrichment" - but I'd never heard of the company itself. I've become more familiar with this sector over recent years due to the frequency with which it's been suffering data breaches that have ultimately landed in my inbox. For example, there's Dun & Bradstreet's NetProspex which leaked 33M records in 2017 , Exactis who had 132M records breached last year and the Apollo dat

Data breaches 359

Data breaches Technology Software Accountability 359

Krebs on Security

NOVEMBER 22, 2019

A ransomware outbreak has besieged a Wisconsin based IT company that provides cloud data hosting, security and access management to more than 100 nursing homes across the United States. The ongoing attack is preventing these care centers from accessing crucial patient medical records, and the IT company’s owner says she fears this incident could soon lead not only to the closure of her business, but also to the untimely demise of some patients.

Ransomware 352

Ransomware Computers and Electronics Healthcare Data breaches 352

Schneier on Security

NOVEMBER 20, 2019

Iran has gone pretty much entirely offline in the wake of nationwide protests. This is the best article detailing what's going on; this is also good. AccessNow has a global campaign to stop Internet shutdowns.

Internet 250

Internet Internet 250

Adam Levin

NOVEMBER 20, 2019

Macy’s has informed customers of an e-skimming data breach following the discovery of Magecart malware on its website. In a letter to affected customers, the retailer said that it had detected malware on its e-commerce website on October 15 and that it had been active for a little over a week. . “The unauthorized code was highly specific and only allowed the third party party to capture information submitted by customers,” stated the letter, explaining that user-submitted data on the site’s chec

Data breaches 176

Data breaches Retail Malware Cybersecurity 176

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

NOVEMBER 17, 2019

Over the last couple of years, I've been increasingly providing governments with better access to their departments' data exposed in breaches by giving them free and unfettered API access to their domains. As I've been travelling around the world this year, I've been carving out time to spend with governments to better understand the infosec challenges they're facing and the role HIBP can play in helping them tackle those challenges.

Government 235

Government InfoSec 235

Krebs on Security

NOVEMBER 20, 2019

A 21-year-old Illinois man was sentenced last week to 13 months in prison for running multiple DDoS-for-hire services that launched millions of attacks over several years. This individual’s sentencing comes more than five years after KrebsOnSecurity interviewed both the defendant and his father and urged the latter to take a more active interest in his son’s online activities.

DDOS 206

DDOS Internet Internet Advertising 206

The Last Watchdog

NOVEMBER 20, 2019

What does Chinese tech giant Huawei have in common with the precocious kid next door who knows how to hack his favorite video game? Related: Ransomware remains a scourge The former has been accused of placing hidden backdoors in the firmware of equipment distributed to smaller telecom companies all across the U.S. The latter knows how to carry out a DLL injection hack — to cheat the game score.

Firmware 174

Firmware Hacking Software Surveillance 174

Troy Hunt

NOVEMBER 18, 2019

You know how banks really, really want to avoid their customers falling victim to phishing scams? And how they put a heap of effort into education to warn folks about the hallmarks of phishing scams? And how banks are the shining beacons of light when it comes to demonstrating security best practices? Ok, that final one might be a bit of a stretch , but the fact remains that people have high expectations of how banks should communicate to ensure that they themselves don't come across as phishers

Banking 235

Banking Phishing Scams Accountability 235

Tech Republic Security

NOVEMBER 21, 2019

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

183

183

Schneier on Security

NOVEMBER 18, 2019

Researchers have discovered and revealed 146 vulnerabilities in various incarnations of Android smartphone firmware. The vulnerabilities were found by scanning the phones of 29 different Android makers, and each is unique to a particular phone or maker. They were found using automatic tools, and it is extremely likely that many of the vulnerabilities are not exploitable -- making them bugs but not security concerns.

Firmware 224

Firmware 224

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Levin

NOVEMBER 19, 2019

Data belonging to more than 450,000 players of popular online games were exposed on an unprotected database accessible online. Wizards of the Coast, the company behind games such as Magic: The Gathering , MTG Arena , and Magic Online accidentally left a database unprotected on an online Amazon Web Services storage bucket. The first and last names, email addresses, and passwords of 452,634 players and 470 employees were exposed.

Data breaches 145

Data breaches Passwords Cybersecurity 145

Troy Hunt

NOVEMBER 17, 2019

Yes, I'm in my car. I'm completely disorganised, rushing to the next event and really didn't plan this very well. But hey, what an awesome little soundproof booth it is! That said, I did keep this week deliberately concise. until I went to edit it and then Adobe Premiere (or the NVIDIA drivers on my laptop) decided to turn a 16 minute video clip into a multi-hour s**t-fight.

VPN 180

VPN Surveillance Passwords Banking 180

Tech Republic Security

NOVEMBER 22, 2019

Consumers have to make sure not to fall prey to fraudulent coupons or deceptively spoofed retailer websites.

Retail 188

Retail 188

Schneier on Security

NOVEMBER 21, 2019

Long article on the manipulation of GPS in Shanghai. It seems not to be some Chinese military program, but ships who are stealing sand. The Shanghai "crop circles," which somehow spoof each vessel to a different false location, are something new. "I'm still puzzled by this," says Humphreys. "I can't get it to work out in the math. It's an interesting mystery.

215

215

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Last Watchdog

NOVEMBER 18, 2019

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage. Related: Can Europe’s GDPR restore data privacy? And yet today there is a resurgence in demand for encrypted flash drives.

Backups 133

Backups Encryption Data privacy Digital transformation 133

Security Affairs

NOVEMBER 22, 2019

Security duo discovered personal and social information 1.2 billion people exposed online on an unsecured Elasticsearch server. Researchers Bob Diachenko and Vinny Troia discovered an unsecured Eslasticsearch server containing an unprecedented 4 billion user accounts. The database, discovered on October 16, 2019, contained more than 4 terabytes of data is the largest data leaks from a single source organization in history.

Advertising 145

Advertising Accountability Education Media 145

Tech Republic Security

NOVEMBER 21, 2019

Millions of dollars and loads of personal information is being stolen through a growing threat known as Business Email Compromise (BEC).

148

148

Dark Reading

NOVEMBER 21, 2019

The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.

132

132

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Threatpost

NOVEMBER 22, 2019

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous.

131

131

Security Affairs

NOVEMBER 21, 2019

ENISA, the European Union Agency for Cybersecurity publishes a Threat Landscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). ENISA with the support of the Member States, the European Commission and an Expert Group, published an extensive report on threats relating to 5G networks. An EU-wide Coordinated Risk Assessment of 5G networks has been published on the 9 th October 2019.

Architecture 141

Architecture Risk Telecommunications Advertising 141

Tech Republic Security

NOVEMBER 21, 2019

The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.

134

134

Thales Cloud Protection & Licensing

NOVEMBER 21, 2019

Some organizations presume that encryption is a one-and-done affair that can solve all of their security woes. But that’s not the case. Even when organizations effectively implement encryption, they might forget to safely store their encryption keys. This oversight poses a serious threat to organizations’ data security, as digital criminals can compromise those keys and gain access to an organization’s sensitive data.

Encryption 107

Encryption Digital transformation Firmware Authentication 107

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

NOVEMBER 22, 2019

A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.

Mobile 118

Mobile Media 118

Security Affairs

NOVEMBER 22, 2019

The University Hospital Center (CHU) of Rouen was hit by the malware last week, the ransomware had a severe impact on the operations during the weekend. The AFP news agency reported that a ransomware attack on a hospital in Rouen last week caused “very long delays in care.” Medical staff at the hospital were not able to use the PCs and servers that were crippled by ransomware, they returned to the “ old-fashioned method of paper and pencil.” The management of the hospital

Ransomware 124

Ransomware Cybercrime Cyber Attacks Advertising 124

Tech Republic Security

NOVEMBER 19, 2019

Nearly half of executives surveyed don't believe their employees would be able to spot a bad actor posing as an online retailer, Zix-AppRiver found.

Retail 135

Retail Risk 135

WIRED Threat Level

NOVEMBER 22, 2019

Here's the next jumbo data leak, complete with Facebook, Twitter, and LinkedIn profiles.

139

139

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

NOVEMBER 19, 2019

A malicious spam campaign that informs victims it contains a “critical Windows update” instead leads to the installation of Cyborg ransomware, researchers have found. Further, they were able to access its builder, which can be used to create malware variants. The email-based threat, discovered recently by researchers at Trustwave, is unique in a few ways, […].

Ransomware 101

Ransomware Malware 101

Security Affairs

NOVEMBER 21, 2019

Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip. At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The chip was designed to process sensitive data and processes, include Verified Boot, on-device disk encryption, and secure transactions.

Advertising 120

Advertising Encryption Hacking Mobile 120

Tech Republic Security

NOVEMBER 18, 2019

The conference, hosted by Columbia University, brought together CISOs, lawmakers, academics, and businesses to discuss GDPR, CCPA, and data privacy in all its forms.

Data privacy 126

Data privacy CISO 126

Dark Reading

NOVEMBER 22, 2019

The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.

Data breaches 108

Data breaches Insurance 108

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity