Krebs on Security

FEBRUARY 18, 2019

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

DNS 271

DNS Internet Internet Government 271

Adam Levin

FEBRUARY 18, 2019

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission. The social media giant has been under investigation by the FTC since March 2018 in the wake of the Cambridge Analytica scandal, which affected 87 million users and may have been a pivotal influence in the 2016 election campaign.

Media 248

Media Technology Government 248

Schneier on Security

FEBRUARY 21, 2019

The police are increasingly getting search warrants for information about all cellphones in a certain location at a certain time: Police departments across the country have been knocking at Google's door for at least the last two years with warrants to tap into the company's extensive stores of cellphone location data. Known as "reverse location search warrants," these legal mandates allow law enforcement to sweep up the coordinates and movements of every cellphone in a broad area.

Surveillance 213

Surveillance 213

Troy Hunt

FEBRUARY 16, 2019

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one. That's why I'm a day late this week having finally arrived home late last night. Moving on though, I've got a bunch of other events coming up particularly in conjunctions with the folks at NDC.

Data breaches 197

Data breaches Hacking 197

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

FEBRUARY 21, 2019

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card

Wireless 270

Wireless Mobile Accountability Technology 270

Adam Levin

FEBRUARY 21, 2019

As Brexit looms, the UK and the EU can still agree that Facebook needs to be reined in. A report published earlier this month by the U.K. Digital, Culture, Media and Sport committee likened the social media company to “‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.” The committee came to the conclusion that Facebook knowingly violated U.K. privacy and anti-competition laws and required further regulation and investigation.

Marketing 158

Marketing Media Government 158

The Last Watchdog

FEBRUARY 20, 2019

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established. That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.”. Related: Mark Zuckerberg’s intolerable business model.

Internet 113

Internet Internet Data privacy Engineering 113

Adam Shostack

FEBRUARY 16, 2019

Apparently, “ Dolphins Seem to Use Toxic Pufferfish to Get High.” Of course, pufferfish toxins are also part of why the fish is a delicacy in Japan. It just goes to show that nature finds its own, chaotic, uses for things.

113

113

WIRED Threat Level

FEBRUARY 21, 2019

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

112

112

Schneier on Security

FEBRUARY 19, 2019

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia. Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian border, and in the capital, Tallinn, about twice as far from it. The volunteers, who've inspired a handful of similar operations around the world, are readying themselves to defend against the kind of sustained digital attack that could

Banking 205

Banking 205

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 21, 2019

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The GandCrab decryptor is available for free from BitDefender and from the NoMoreRansom project.

Ransomware 111

Ransomware Advertising Malware Encryption 111

Adam Shostack

FEBRUARY 20, 2019

“ Making the Case for a Cybersecurity Moon Shot ” is my latest, over at Dark Reading. “There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.

Cybersecurity 100

Cybersecurity 100

WIRED Threat Level

FEBRUARY 20, 2019

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean.

112

112

Schneier on Security

FEBRUARY 18, 2019

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters.

IoT 202

IoT Hacking 202

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer. Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years.

Advertising 111

Advertising Software Hacking 111

Dark Reading

FEBRUARY 22, 2019

VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.

VPN 97

VPN Information Security 97

WIRED Threat Level

FEBRUARY 19, 2019

A new ranking of nation-state hacker speed puts Russia on top by a span of hours.

111

111

Schneier on Security

FEBRUARY 20, 2019

At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.

DNS 197

DNS Government 197

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 18, 2019

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they have orchestrated the key attack vectors but the mitigation and detection guidance for each attack vector are also part of this framework.

Cybercrime 111

Cybercrime Advertising Threat Detection Marketing 111

Dark Reading

FEBRUARY 21, 2019

The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.

Cybersecurity 92

Cybersecurity Malware 92

WIRED Threat Level

FEBRUARY 18, 2019

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders.

Accountability 111

Accountability 111

Schneier on Security

FEBRUARY 18, 2019

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories, screen shots of chats, etc. -- please forward them to me.

195

195

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

FEBRUARY 17, 2019

Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link. The white hat hacker who goes online with the moniker “Samm0uda” discovered a critical CSRF vulnerability in Facebook and the social network giant paid a $25,000 bounty. “This bug could have allowed malicious users to send requests with CSRF tokens to arbitrary endpoints on Facebook which could lead t

Accountability 111

Accountability Advertising Passwords Hacking 111

Elie

FEBRUARY 17, 2019

Account Security 91

Account Security Accountability 91

WIRED Threat Level

FEBRUARY 18, 2019

It used to make sense to believe something until it was debunked; now, it makes sense to assume certain claims are fake—unless they are verified.

110

110

Dark Reading

FEBRUARY 20, 2019

A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.

Phishing 88

Phishing Engineering 88

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

FEBRUARY 17, 2019

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month. Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Hacking 111

Hacking Advertising Engineering Cybersecurity 111

Threatpost

FEBRUARY 20, 2019

Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.

Cybersecurity 87

Cybersecurity Hacking 87

WIRED Threat Level

FEBRUARY 17, 2019

What happens to all those emails and passwords that get leaked? They're frequently used to try to break into users' other accounts across the internet.

Passwords 110

Passwords Internet Internet Accountability 110

Dark Reading

FEBRUARY 22, 2019

Preventative technologies are only part of the picture and often come at the expense of the humans behind them.

Technology 86

Technology 86

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity