Krebs on Security
JULY 19, 2019
Cloud hosting provider iNSYNQ says it is trying to recover from a ransomware attack that shut down its network and has left customers unable to access their accounting data for the past three days. Unfortunately for iNSYNQ, the company appears to be turning a deaf ear to the increasingly anxious cries from its users for more information about the incident.
Schneier on Security
JULY 16, 2019
The Zoom conferencing app has a vulnerability that allows someone to remotely take over the computer's camera. It's a bad vulnerability, made worse by the fact that it remains even if you uninstall the Zoom app: This vulnerability allows any website to forcibly join a user to a Zoom call, with their video camera activated, without the user's permission.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
JULY 18, 2019
The very first feature I added to Have I Been Pwned after I launched it back in December 2013 was the public API. My thinking at the time was that it would make the data more easily accessible to more people to go and do awesome things; build mobile clients, integrate into security tools and surface more information to more people to enable them to do positive and constructive things with the data.
Adam Levin
JULY 19, 2019
The Kazakhstan government is intercepting all HTTPS-encrypted internet traffic within its borders. Under a new directive effective 7/17, the Kazakhstan government is requiring every internet service provider in the country to install a security certificate onto every internet-enabled device and browser. Once installed, this certificate allows the government to decrypt and analyze all incoming internet traffic. .
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
JULY 17, 2019
“It takes a certain kind of man with a certain reputation. To alleviate the cash from a whole entire nation…” KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake. The name of this particular card shop won’t be mentioned here, and its various domain names featured in the video have been pixelated so as not to further
Schneier on Security
JULY 15, 2019
Motherboard got its hands on Palantir's Gotham user's manual, which is used by the police to get information on people: The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: If police have a name that's associated with a license plate, they can use automatic license plate reader data to find out where they've been, and when
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
JULY 15, 2019
Cyber crime can be extremely financially damaging to businesses. However, if you believe that money is the only thing that a cyber-attack costs your organization, you would be wrong. In fact, a recent academic analysis identified 57 specific individual negative factors that result from a cyber-attack against a business. Here are six ways, worth considering, that a attack can affect your organization.
Krebs on Security
JULY 15, 2019
The cybercriminals behind the GandCrab ransomware-as-a-service (RaaS) offering recently announced they were closing up shop and retiring after having allegedly earned more than $2 billion in extortion payments from victims. But a growing body of evidence suggests the GandCrab team have instead quietly regrouped behind a more exclusive and advanced ransomware program known variously as “ REvil ,” “ Sodin ,” and “ Sodinokibi.” “We are getting a well-deserv
Schneier on Security
JULY 18, 2019
Identity theft is getting more subtle: " My job application was withdrawn by someone pretending to be me ": When Mr Fearn applied for a job at the company he didn't hear back. He said the recruitment team said they'd get back to him by Friday, but they never did. At first, he assumed he was unsuccessful, but after emailing his contact there, it turned out someone had created a Gmail account in his name and asked the company to withdraw his application.
Adam Shostack
JULY 14, 2019
A Man on the Moon , Andrew Chaikin is probably the best of the general histories of the moon landings. Failure is not an Option , by Gene Kranz, who didn’t actually say that during Apollo 13. Marketing The Moon by David Scott and Richard Jurek. I was surprised what a good history this was, and how much it brought in the overall history of the program and put it in context.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Thales Cloud Protection & Licensing
JULY 17, 2019
If the vast majority of the people in your office knew they would contract the flu today, it’s safe to say most chairs would remain empty. Anyone who actually came to work would avoid others, sanitize drawer handles, wash their hands, and/or wear a mask. There would be an obvious flurry of activity as people attempted to be part of the fortunate 30 percent that wouldn’t get sick.
WIRED Threat Level
JULY 16, 2019
Medtronic and the FDA left an insulin pump with a potentially deadly vulnerability on the market—until researchers who found the flaw showed how bad it could be.
Schneier on Security
JULY 19, 2019
I didn't know that Supreme Court Justice John Paul Stevens "was also a cryptographer for the Navy during World War II." He was a proponent of individual privacy.
Security Affairs
JULY 13, 2019
The Magecart continues to target websites worldwide, it infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . The Magecart gang made the headlines again, according to a new report published by RiskIQ , it has infected over 17,000 domains by targeting improperly secured Amazon S3 buckets. . A few days ago, security experts at Sanguine Security have uncovered a new large-scale payment card skimming campaign that already hacked 962 online stores running on the Magento
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
JULY 16, 2019
The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?
WIRED Threat Level
JULY 17, 2019
The idea that FaceApp is somehow exceptionally dangerous threatens to obscure the real point: All apps deserve this level of scrutiny.
Schneier on Security
JULY 13, 2019
This is a current list of where and when I am scheduled to speak: I'm speaking at Black Hat USA 2019 in Las Vegas on Wednesday, August 7 and Thurdsay, August 8, 2019. I'm speaking on "Information Security in the Public Interest" at DefCon 27 in Las Vegas on Saturday, August 10, 2019. The list is maintained on this page.
Security Affairs
JULY 19, 2019
Poland and Lithuania are probing the potential privacy and security risks of using a Russian-made app FaceApp. Millions of people recently downloaded the FaceApp app and are taking part in the “ #FaceApp Challenge ” to show friends how they can look like when they will be old and grey. Many security experts are warning of the risks of using the popular app, threat actors could be potentially interested in data collected by FaceApp.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Dark Reading
JULY 18, 2019
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Thales Cloud Protection & Licensing
JULY 16, 2019
This week marks the return of Amazon Prime Day – Amazon’s seasonal retail event which has fast become a masterclass in driving demand and growth through great customer experience. In fact, last year’s event was touted as ‘the biggest shopping event in history’ , with over 100 million products sold. In a savvy move to drive up premium subscriptions, Prime Day sees subscribed members of the Amazon Prime service access exclusive discounts on an array of products for a limited amount of time – 48 ho
Security Affairs
JULY 19, 2019
The former NSA contractor who pled guilty to stealing over 50TB of data from the Agency, was sentenced to nine years in prison. The former National Security Agency contractor Harold Thomas Martin III , who was accused and subsequently pled guilty to stealing over 50TB of classified NSA data, was sentenced to nine years in prison. The man was arrested by the FBI in October 2016 , the US DoJ charged Harold Thomas Martin with theft of secret documents and highly classified government material.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Dark Reading
JULY 17, 2019
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Threatpost
JULY 15, 2019
In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.
WIRED Threat Level
JULY 14, 2019
All those services you signed up for but forgot about? They're a security risk. Here's how to get rid of them.
Security Affairs
JULY 15, 2019
Instagram has recently addressed a critical flaw that could have allowed hackers to take over any Instagram account without any user interaction. Instagram has recently addressed a critical vulnerability that could have allowed attackers to completely take over any account without user interaction. The news was first reported by TheHackerNews, the issue was reported to the Facebook-owned photo-sharing service by the Indian security expert Laxman Muthiyah.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Dark Reading
JULY 19, 2019
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
Threatpost
JULY 19, 2019
The group was posing as a researcher from Cambridge, and was found to have added three new malware families to its spy arsenal.
CTOVision Cybersecurity
JULY 18, 2019
Your business operates in a world where there is an incredibly high demand for cybersecurity talent. Now with unemployment at a 50 year low there are no indications that anything can be done to dramatically increase the pool of cybersecurity talent. Enterprise grade cybersecurity requires enterprise grade experience. How do you get that in today’s […].
Security Affairs
JULY 14, 2019
Security experts at Emsisoft released a new decryptor, it could be used for free by victims of the Ims00rry ransomware to decrypt their files. Thanks to the experts at Emsisoft the victims of the Ims00rry ransomware can decrypt their files for free. The Ims00rry ransomware used AES-128 algorithm for the encryption process. Unlike most of the ransomware, Ims00rry and doesn’t append an extension to the filenames of the encrypted files.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
267 
Let's personalize your content