Krebs on Security

JUNE 18, 2018

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed anywhere on their local network. Craig Young , a researcher with security firm Tripwire , said he discovered an authentication weakness that leaks incredibly accurate location information about users of both

IoT 199

IoT Internet Internet Wireless 199

Schneier on Security

JUNE 18, 2018

Tapplock sells an "unbreakable" Internet-connected lock that you can open with your fingerprint. It turns out that : The lock broadcasts its Bluetooth MAC address in the clear, and you can calculate the unlock key from it. Any Tapplock account an unlock every lock. You can open the lock with a screwdriver. Regarding the third flaw, the manufacturer has responded that ".the lock is invincible to the people who do not have a screwdriver.".

Manufacturing 184

Manufacturing Internet Internet Accountability 184

The Last Watchdog

JUNE 20, 2018

Don’t look now but cryptojacking may be about to metastasize into the scourge of cloud services. Cryptojacking, as defined by the Federal Trade Commission , is the use of JavaScript code to capture cryptocurrencies in users’ browsers without asking permission. There’s a temptation to dismiss it as a mere nuisance; companies deep into ‘digital transformation,’ in particular, might be lulled into this sort of apathy.

Cryptocurrency 176

Cryptocurrency Ransomware Passwords Malware 176

Troy Hunt

JUNE 16, 2018

We're at NDC Oslo! We found a spot on the floor and recorded this a couple of hours before doing our final talk of the event. In this video, we discuss some of what we were planning to cover in that talk, namely HTTPS anti-vaxxers as Scott wrote about earlier in the week. And how did it go? Apparently, exceptionally well! Best talk of the conf! @troyhunt and @Scott_Helme on web security - dont get advise from a psychic ??

116

116

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JUNE 19, 2018

In the wake of a scandal involving third-party companies leaking or selling precise, real-time location data on virtually all Americans who own a mobile phone, AT&T , Sprint and Verizon now say they are terminating location data sharing agreements with third parties. At issue are companies known in the wireless industry as “location aggregators,” entities that manage requests for real-time customer location data for a variety of purposes, such as roadside assistance and emergenc

Mobile 179

Mobile Wireless Telecommunications Technology 179

Schneier on Security

JUNE 20, 2018

Apple is rolling out an iOS security usability feature called Security code AutoFill. The basic idea is that the OS scans incoming SMS messages for security codes and suggests them in AutoFill, so that people can use them without having to memorize or type them. Sounds like a really good idea, but Andreas Gutmann points out an application where this could become a vulnerability: when authenticating transactions: Transaction authentication, as opposed to user authentication, is used to attest the

Authentication 156

Authentication Banking Social Engineering Mobile 156

Troy Hunt

JUNE 22, 2018

Last day away! As much as I enjoy travel, I love going home and I'm wrapping this post up whilst sitting at the airport in Oslo about to begin the epic journey that is travelling back to the other side of the world. It's been a great trip, but yeah, I like home ??. This week, I'm recapping on some workshops, talking about how data breaches circulate, sharing some pretty epic Report URI stats and also covering last week's blog post on the Estonian government providing data to HIBP.

Data breaches 112

Data breaches Government 112

Krebs on Security

JUNE 22, 2018

The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies. Image: Wikipedia.

Mobile 134

Mobile Wireless Government Technology 134

Schneier on Security

JUNE 21, 2018

Algeria shut the Internet down nationwide to prevent high-school students from cheating on their exams. The solution in New South Wales, Australia was to ban smartphones.

Internet 144

Internet Internet 144

The Last Watchdog

JUNE 21, 2018

The disclosure earlier this week that Tesla CEO Elon Musk reportedly informed all of his employees about a rogue worker conducting “extensive and damaging sabotage” to the company’s operations very much deserves the news coverage it has gotten. Related: The ‘golden age’ of cyber spying is upon us. Musk reportedly sent out an internal email describing how an unnamed insider allegedly made unspecified code changes to the company’s manufacturing systems.

Network Security 150

Network Security Manufacturing Accountability Risk 150

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

WIRED Threat Level

JUNE 22, 2018

Thanks to Carpenter v. United States, the government will now generally need a warrant to obtain your cell site location information.

Government 111

Government 111

Adam Shostack

JUNE 21, 2018

For Threat Model Thursday, I want to use current events here in Seattle as a prism through which we can look at technology architecture review. If you want to take this as an excuse to civilly discuss the political side of this, please feel free. Seattle has a housing and homelessness crisis. The cost of a house has risen nearly 25% above the 2007 market peak , and has roughly doubled in the 6 years since April 2012.

Architecture 100

Architecture Marketing Technology Software 100

Schneier on Security

JUNE 22, 2018

I missed this story when it came around last year : someone tried to steal a domain name at gunpoint. He was just sentenced to 20 years in jail.

134

134

Dark Reading

JUNE 22, 2018

Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.

Scams 92

Scams Ransomware 92

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

JUNE 22, 2018

A hacking truce between China and the US doesn't address government espionage operations, a workaround both countries exploit.

Hacking 111

Hacking Government 111

Threatpost

JUNE 20, 2018

Researchers are warning of a new Netflix phishing scam that leads to sites with valid TLS certificates.

Scams 63

Scams Phishing Hacking 63

Schneier on Security

JUNE 22, 2018

The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used extensively by activists, independent and citizen journalists, dissidents and international media.

Media 125

Media 125

Dark Reading

JUNE 18, 2018

The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.

Phishing 82

Phishing 82

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JUNE 19, 2018

Using a technique called DNS rebinding, one amateur hacker found vulnerabilities in devices from Google, Roku, Sonos, and more.

DNS 111

DNS 111

Thales Cloud Protection & Licensing

JUNE 19, 2018

Every June, Gartner hosts a terrific security conference near Washington, D.C. called Gartner Security & Risk Management Summit. This event is focused on the needs of senior IT and security professionals, such as CISOs, chief risk officers, architects, IAM and network security leaders. This year, there were over 3,000 attendees, 120 analyst sessions to choose from, and 200 vendors that were on the show floor and delivering presentations.

Risk 59

Risk Digital transformation IoT Firewall 59

eSecurity Planet

JUNE 18, 2018

A look at the strengths and weaknesses of Sophos XG and SonicWall NSA, two top next-generation firewalls.

Firewall 59

Firewall 59

Dark Reading

JUNE 19, 2018

Michelle Dennedy sat down with Dark Reading at the recent Cisco Live to set the record straight about privacy, regulation, encryption, and more.

Encryption 76

Encryption 76

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JUNE 18, 2018

Forget memoji. Apple's push to transmit instant, accurate locations during emergency calls will have a profound effect for first responders.

111

111

Thales Cloud Protection & Licensing

JUNE 20, 2018

Data-level security is not just another mandate. It’s a necessity. That was a recurring theme during a roundtable discussion held in advance of the Data Security Summit at Spire in Washington, D.C. The theme of the summit, sponsored by Thales eSecurity, was “IT Modernization: The New Cyber Agenda.”. The roundtable, including more than a dozen IT and cyber leaders from government and industry, explored the business drivers, challenges and evolving strategies around cybersecurity in government.

Government 54

Government Data breaches Big data Technology 54

Threatpost

JUNE 20, 2018

A new botnet from the Dark Web displays a never-before-seen level of complexity in terms of the sheer breadth of its various tools.

Malware 50

Malware 50

Dark Reading

JUNE 19, 2018

The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.

76

76

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

JUNE 22, 2018

Lawmakers in California have introduced a sweeping privacy bill that could reign in the power of their Silicon Valley neighbors.

108

108

Spinone

JUNE 21, 2018

Only one week has passed after a mass phishing attack hit the Gmail users, and the world came under attack by a new global cyber threat called WannaCry ransomware. One month ahead – new victims of WannaCry appear: the Honda car plant and an Australian government contractor. These cloud ransomware attacks , as our security experts predict, might become the turning point for individuals and organizations all over the world in strengthening their overall cyber security.

Ransomware 40

Ransomware Backups Software Phishing 40

Threatpost

JUNE 18, 2018

The devices don’t require authentication for connections received on a local network; and, HTTP is used to configure or control embedded devices.

Authentication 48

Authentication DNS 48

Dark Reading

JUNE 20, 2018

Hackers are using the infrastructure, meant to transmit data between applications, for command and control.

Financial Services 75

Financial Services 75

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity