Krebs on Security

JUNE 18, 2018

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Craig Young , a researcher with security firm Tripwire , said he discovered an authentication weakness that leaks incredibly accurate location information about users of both

IoT 193

IoT Internet Internet Wireless 193

The Last Watchdog

JUNE 20, 2018

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into ‘digital transformation,’ in particular, might be lulled into this sort of apathy.

Cryptocurrency 176

Cryptocurrency Ransomware Passwords Malware 176

Schneier on Security

JUNE 18, 2018

Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that : The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, the manufacturer has responded that ".the lock is invincible to the people who do not have a screwdriver.".

Manufacturing 177

Manufacturing Internet Internet Accountability 177

Troy Hunt

JUNE 16, 2018

We're at NDC Oslo! We found a spot on the floor and recorded this a couple of hours before doing our final talk of the event. In this video, we discuss some of what we were planning to cover in that talk, namely HTTPS anti-vaxxers as Scott wrote about earlier in the week. And how did it go? Apparently, exceptionally well! Best talk of the conf! @troyhunt and @Scott_Helme on web security - dont get advise from a psychic ??

115

115

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JUNE 19, 2018

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties. At issue are companies known in the wireless industry as “location aggregators,” entities that manage requests for real-time customer location data for a variety of purposes, such as roadside assistance and emergenc

Mobile 174

Mobile Wireless Telecommunications Technology 174

The Last Watchdog

JUNE 18, 2018

Bank patrons in their 20s and 30s, who grew up blanketed with digital screens, have little interest in visiting a brick-and-mortar branch, nor interacting with a flesh-and-blood teller. This truism is pushing banks into unchartered territory. They are scrambling to invent and deliver a fresh portfolio of mobile banking services that appeal to millennials.

Banking 173

Banking Mobile Social Engineering Authentication 173

Troy Hunt

JUNE 22, 2018

Last day away! As much as I enjoy travel, I love going home and I'm wrapping this post up whilst sitting at the airport in Oslo about to begin the epic journey that is travelling back to the other side of the world. It's been a great trip, but yeah, I like home ??. This week, I'm recapping on some workshops, talking about how data breaches circulate, sharing some pretty epic Report URI stats and also covering last week's blog post on the Estonian government providing data to HIBP.

Data breaches 112

Data breaches Government 112

Krebs on Security

JUNE 22, 2018

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies. Image: Wikipedia.

Mobile 131

Mobile Wireless Government Technology 131

The Last Watchdog

JUNE 21, 2018

The disclosure earlier this week that Tesla CEO Elon Musk reportedly informed all of his employees about a rogue worker conducting “extensive and damaging sabotage” to the company’s operations very much deserves the news coverage it has gotten. Related: The ‘golden age’ of cyber spying is upon us. Musk reportedly sent out an internal email describing how an unnamed insider allegedly made unspecified code changes to the company’s manufacturing systems.

Network Security 150

Network Security Manufacturing Accountability Risk 150

Schneier on Security

JUNE 21, 2018

Algeria shut the Internet down nationwide to prevent high-school students from cheating on their exams. The solution in New South Wales, Australia was to ban smartphones.

Internet 138

Internet Internet 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

JUNE 21, 2018

For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. If you want to take this as an excuse to civilly discuss the political side of this, please feel free. Seattle has a housing and homelessness crisis. The cost of a house has risen nearly 25% above the 2007 market peak , and has roughly doubled in the 6 years since April 2012.

Architecture 100

Architecture Marketing Technology Software 100

WIRED Threat Level

JUNE 22, 2018

Thanks to Carpenter v. United States, the government will now generally need a warrant to obtain your cell site location information.

Government 105

Government 105

Dark Reading

JUNE 22, 2018

Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.

Scams 92

Scams Ransomware 92

Schneier on Security

JUNE 22, 2018

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used extensively by activists, independent and citizen journalists, dissidents and international media.

Media 121

Media 121

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Thales Cloud Protection & Licensing

JUNE 19, 2018

Every June, Gartner hosts a terrific security conference near Washington, D.C. called Gartner Security & Risk Management Summit. This event is focused on the needs of senior IT and security professionals, such as CISOs, chief risk officers, architects, IAM and network security leaders. This year, there were over 3,000 attendees, 120 analyst sessions to choose from, and 200 vendors that were on the show floor and delivering presentations.

Risk 59

Risk Digital transformation IoT Firewall 59

WIRED Threat Level

JUNE 22, 2018

A hacking truce between China and the US doesn't address government espionage operations, a workaround both countries exploit.

Hacking 103

Hacking Government 103

Dark Reading

JUNE 18, 2018

The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.

Phishing 82

Phishing 82

Schneier on Security

JUNE 22, 2018

I missed this story when it came around last year : someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail.

129

129

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Thales Cloud Protection & Licensing

JUNE 20, 2018

Data-level security is not just another mandate. It’s a necessity. That was a recurring theme during a roundtable discussion held in advance of the Data Security Summit at Spire in Washington, D.C. The theme of the summit, sponsored by Thales eSecurity, was “IT Modernization: The New Cyber Agenda.”. The roundtable, including more than a dozen IT and cyber leaders from government and industry, explored the business drivers, challenges and evolving strategies around cybersecurity in government.

Government 54

Government Data breaches Big data Technology 54

WIRED Threat Level

JUNE 19, 2018

Using a technique called DNS rebinding, one amateur hacker found vulnerabilities in devices from Google, Roku, Sonos, and more.

DNS 99

DNS 99

Dark Reading

JUNE 19, 2018

Michelle Dennedy sat down with Dark Reading at the recent Cisco Live to set the record straight about privacy, regulation, encryption, and more.

Encryption 76

Encryption 76

eSecurity Planet

JUNE 18, 2018

A look at the strengths and weaknesses of Sophos XG and SonicWall NSA, two top next-generation firewalls.

Firewall 69

Firewall 69

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

JUNE 20, 2018

Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates.

Scams 63

Scams Phishing Hacking 63

WIRED Threat Level

JUNE 18, 2018

Forget memoji. Apple's push to transmit instant, accurate locations during emergency calls will have a profound effect for first responders.

93

93

Dark Reading

JUNE 20, 2018

As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.

72

72

Spinone

JUNE 21, 2018

Only one week has passed after a mass phishing attack hit the Gmail users, and the world came under attack by a new global cyber threat called WannaCry ransomware. One month ahead – new victims of WannaCry appear: the Honda car plant and an Australian government contractor. These cloud ransomware attacks , as our security experts predict, might become the turning point for individuals and organizations all over the world in strengthening their overall cyber security.

Ransomware 40

Ransomware Backups Software Phishing 40

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

JUNE 19, 2018

The threat actors appear to be in a reconnaissance phase, which could be a prelude to a larger cyber-sabotage attack meant to destroy and paralyze infrastructure.

Malware 45

Malware Hacking 45

WIRED Threat Level

JUNE 22, 2018

Lawmakers in California have introduced a sweeping privacy bill that could reign in the power of their Silicon Valley neighbors.

88

88

Dark Reading

JUNE 20, 2018

Hackers are using the infrastructure, meant to transmit data between applications, for command and control.

Financial Services 75

Financial Services 75

Spinone

JUNE 20, 2018

Now we observe how businesses and non-profits are moving all of their valuable data to the cloud. Backup has already become their culture and savvy ones introduce CASB systems to protect their data from the most popular and dangerous cyber security risks. But since nobody knows what kind of new threat can occur, the only response remaining in case of a disaster is to follow a Disaster Recovery plan.

Backups 40

Backups Spyware Risk Antivirus 40

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity