Sat.Dec 28, 2019 - Fri.Jan 03, 2020

article thumbnail

Promiscuous Cookies and Their Impending Death via the SameSite Policy

Troy Hunt

Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it: If a website sets a cookie then you click a link to another page on that same site, will the cookie be automatically sent with the request? Yes. What if an attacker sends you a link to that same website in a malicious email and you click that link, will the cookie be sent?

Passwords 307
article thumbnail

The United Kingdom Leaks Home Addresses of Prominent Brits

Adam Levin

2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime. The UK Cabinet Office issued an apology after a data leak that involved the exact addresses (including house and apartment numbers) of more than 1,000 New Year Honours recipients.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to change the HTTP listening port in Apache

Tech Republic Security

If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.

Risk 208
article thumbnail

Hacking School Surveillance Systems

Schneier on Security

Lance Vick suggesting that students hack their schools' surveillance systems. "This is an ethical minefield that I feel students would be well within their rights to challenge, and if needed, undermine," he said. Of course, there are a lot more laws in place against this sort of thing than there were in -- say -- the 1980s, but it's still worth thinking about.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GUEST ESSAY: As cyber risks rise in 2020, as they surely will, don’t overlook physical security

The Last Watchdog

Physical security is the protection of personnel and IT infrastructure (such as hardware, software, and data) from physical actions and events that could cause severe damage to an organization. This includes protection from natural disasters, theft, vandalism, and terrorism. Related: Good to know about IoT Physical security is often a second thought when it comes to information security.

article thumbnail

Happy 10th Birthday, KrebsOnSecurity.com

Krebs on Security

Today marks the 10th anniversary of KrebsOnSecurity.com! Over the past decade, the site has featured more than 1,800 stories focusing mainly on cybercrime, computer security and user privacy concerns. And what a decade it has been. Stories here have exposed countless scams, data breaches, cybercrooks and corporate stumbles. In the ten years since its inception, the site has attracted more than 37,000 newsletter subscribers, and nearly 100 million pageviews generated by roughly 40 million unique

More Trending

article thumbnail

Chrome Extension Stealing Cryptocurrency Keys and Passwords

Schneier on Security

A malicious Chrome extension surreptitiously steals Ethereum keys and passwords: According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk. Denley says that the extension sends the private keys of all wallets created or managed through its interface to a third-party website located at erc20wallet[.]tk.

article thumbnail

3 security tips to protect yourself from skimming attacks

Tech Republic Security

E-commerce sites are trying to keep up with sophisticated skimming schemes, but chances are your credit card information will still be compromised. A security expert offers advice.

140
140
article thumbnail

Threat Modeling Thursday: Machine Learning

Adam Shostack

For my first blog post of 2020, I want to look at threat modeling machine learning systems. Microsoft recently released a set of documents including “ Threat Modeling AI/ML Systems and Dependencies ” and “ Failure Modes in Machine Learning ” (the later also available in a more printer-friendly version at arxiv.). These build on last December’s “ Securing the Future of Artificial Intelligence and Machine Learning at Microsoft.” First and foremost, I’

article thumbnail

Weekly Update 171

Troy Hunt

Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a good sign. I still intend to finish writing up the blog post because the issues they've raised need tackling, but as with the Sophos example I also talk about, it's good to see a bit of humility (I've certainly been there myself before).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Mysterious Drones are Flying over Colorado

Schneier on Security

No one knows who they belong to. (Well, of course someone knows. And my guess is that it's likely that we will know soon.).

143
143
article thumbnail

How to change the HTTP listening port in Apache

Tech Republic Security

If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.

Risk 138
article thumbnail

What’s In Your Business Plan? California’s Privacy Law Goes Into Effect

Adam Levin

California’s groundbreaking privacy law went into effect January 1, 2020. The California Consumer Privacy Act (CCPA) requires businesses to inform state residents if their data is being monetized as well as to provide them with a clearly stated means of opting out from the collection of their data and/or having it deleted. Businesses not in compliance with CCPA regulations may be fined by the state of California and sued by its residents.

Insurance 113
article thumbnail

Crooks use Star Wars saga as bait in Phishing and malware attacks

Security Affairs

Crooks are exploiting the popularity of the Star Wars saga to monetize their efforts, experts warn of online streaming sites delivering malware. Cybercriminals leverage popular movies like Star Wars to lure users into downloading malware to watch exclusive scenes or the full movie. Experts at Kaspersky have analyzed some threats that exploit the new Star Wars movie The Rise of Skywalker as bait for unaware users. .

Phishing 113
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

2020 Cybersecurity Trends to Watch

Threatpost

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

article thumbnail

Alert overload is burning out security analysts

Tech Republic Security

Survey suggests overall volume and high rate of false problems are changing priority lists in security operations centers.

111
111
article thumbnail

How AI and Cybersecurity Will Intersect in 2020

Dark Reading

Understanding the new risks and threats posed by increased use of artificial intelligence.

article thumbnail

Cisco addresses several flaws in its DCNM product

Security Affairs

Cisco has released software updates for its Data Center Network Manager (DCNM) product to address several critical and high-severity issues. Cisco has released software updates that address several critical and high-severity vulnerabilities in it s Data Center Network Manager (DCNM) product. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the security researcher Steven Seeley of Source Incite and Harrison Neal fro

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

TikTok Banned By U.S. Army Over China Security Concerns

Threatpost

The U.S. Army this week has banned TikTok from government-owned devices as scrutiny over the platform's relationship with China grows.

article thumbnail

How to install and use git-secret

Tech Republic Security

Learn how to gain more security in your git repository with the help of the git-secret tool.

108
108
article thumbnail

Unsupervised Learning: No. 209

Daniel Miessler

[advanced_iframe src=”[link] width=”100%”] No related posts.

article thumbnail

Travelex currency exchange suspends services after malware attack

Security Affairs

The Travelex currency exchange has been forced offline following a malware attack launched on New Year’s Eve. . This week, the UK-based currency exchange Travelex announced that it has shut down its services as a “precautionary measure” following a malware attack. Statement on IT issues affecting Travelex Services pic.twitter.com/rpKagJLykn — Travelex UK (@TravelexUK) January 2, 2020.

Malware 101
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Echo, Threat Modeling and Privacy

Adam Shostack

I’m featured in (local NPR Affiliate) KUOW’s Primed: Season 3, Episode 8. I appreciate how the sense of fun that many security people bring to their work comes through. For me, it was fun learning about how Elevation of Privilege works for non-techies. (Spoiler: not super-well, you need to select the cards pretty carefully. Maybe there’s another game there?).

100
100
article thumbnail

How the US Prepares Its Embassies for Potential Attacks

WIRED Threat Level

In addition to securing physical structures, the Diplomatic Security Service runs simulations of protests in a model city in Virginia.

98
article thumbnail

6 CISO New Year's Resolutions for 2020

Dark Reading

We asked chief information security officers how they plan to get their infosec departments in shape next year.

CISO 88
article thumbnail

Expert finds Starbucks API Key exposed online

Security Affairs

Developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users. The development team at Starbucks left exposed an API key that could be used by an attacker to access company internal systems and manipulate the list of authorized users. The issue was discovered by the security expert Vinoth Kumar, he found the key in a public GitHub repository.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How to choose the best MDM partner: 5 key considerations

Tech Republic Security

Here's what organizations considering using a mobile device management server should keep in mind.

Mobile 87
article thumbnail

The Most Dangerous People on the Internet This Decade

WIRED Threat Level

In the early aughts the internet was less dangerous than it was disruptive. That's changed. .

article thumbnail

Fraud in the New Decade

Dark Reading

Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth

85
article thumbnail

A new trojan Lampion targets Portugal

Security Affairs

New trojan called ‘Lampion’ has spread using template emails from the Portuguese Government Finance & Tax during the last days of 2019. Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018.

Malware 98
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!