Krebs on Security

FEBRUARY 18, 2019

The U.S. government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies. But to date, the specifics of exactly how that attack went down and who was hit have remained shrouded in secrecy.

DNS 270

DNS Internet Internet Government 270

Adam Levin

FEBRUARY 18, 2019

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission. The social media giant has been under investigation by the FTC since March 2018 in the wake of the Cambridge Analytica scandal, which affected 87 million users and may have been a pivotal influence in the 2016 election campaign.

Media 248

Media Technology Government 248

Schneier on Security

FEBRUARY 21, 2019

The police are increasingly getting search warrants for information about all cellphones in a certain location at a certain time: Police departments across the country have been knocking at Google's door for at least the last two years with warrants to tap into the company's extensive stores of cellphone location data. Known as "reverse location search warrants," these legal mandates allow law enforcement to sweep up the coordinates and movements of every cellphone in a broad area.

Surveillance 208

Surveillance 208

Troy Hunt

FEBRUARY 16, 2019

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one. That's why I'm a day late this week having finally arrived home late last night. Moving on though, I've got a bunch of other events coming up particularly in conjunctions with the folks at NDC.

Data breaches 193

Data breaches Hacking 193

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

FEBRUARY 21, 2019

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world. One interesting component of this criminal innovation is a small cellphone and Bluetooth-enabled device hidden inside the contactless payment terminal of the pump, which appears to act as a Bluetooth hub that wirelessly gathers card

Wireless 262

Wireless Mobile Accountability Technology 262

Adam Levin

FEBRUARY 21, 2019

As Brexit looms, the UK and the EU can still agree that Facebook needs to be reined in. A report published earlier this month by the U.K. Digital, Culture, Media and Sport committee likened the social media company to “‘digital gangsters’ in the online world, considering themselves to be ahead of and beyond the law.” The committee came to the conclusion that Facebook knowingly violated U.K. privacy and anti-competition laws and required further regulation and investigation.

Marketing 158

Marketing Media Government 158

The Last Watchdog

FEBRUARY 20, 2019

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established. That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.”. Related: Mark Zuckerberg’s intolerable business model.

Internet 113

Internet Internet Data privacy Engineering 113

Adam Shostack

FEBRUARY 16, 2019

Apparently, “ Dolphins Seem to Use Toxic Pufferfish to Get High.” Of course, pufferfish toxins are also part of why the fish is a delicacy in Japan. It just goes to show that nature finds its own, chaotic, uses for things.

113

113

Security Affairs

FEBRUARY 17, 2019

Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link. The white hat hacker who goes online with the moniker “Samm0uda” discovered a critical CSRF vulnerability in Facebook and the social network giant paid a $25,000 bounty. “This bug could have allowed malicious users to send requests with CSRF tokens to arbitrary endpoints on Facebook which could lead t

Accountability 111

Accountability Advertising Passwords Hacking 111

Schneier on Security

FEBRUARY 19, 2019

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia. Padar's militia of amateur IT workers, economists, lawyers, and other white-hat types are grouped in the city of Tartu, about 65 miles from the Russian border, and in the capital, Tallinn, about twice as far from it. The volunteers, who've inspired a handful of similar operations around the world, are readying themselves to defend against the kind of sustained digital attack that could

Banking 202

Banking 202

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

WIRED Threat Level

FEBRUARY 18, 2019

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders.

Accountability 100

Accountability 100

Adam Shostack

FEBRUARY 20, 2019

“ Making the Case for a Cybersecurity Moon Shot ” is my latest, over at Dark Reading. “There’s been a lot of talk lately of a cybersecurity moon shot. Unfortunately, the model seems to be the war on cancer, not the Apollo program. Both are worthwhile, but they are meaningfully different.

Cybersecurity 100

Cybersecurity 100

Security Affairs

FEBRUARY 18, 2019

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack. Moreover, not only they have orchestrated the key attack vectors but the mitigation and detection guidance for each attack vector are also part of this framework.

Cybercrime 111

Cybercrime Advertising Threat Detection Marketing 111

Schneier on Security

FEBRUARY 20, 2019

At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended.

DNS 195

DNS Government 195

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

FEBRUARY 21, 2019

Roman Dobrokhotov has been playing a dangerous game for a Russian reporter: identifying agents of the GRU military intelligence agency.

111

111

Dark Reading

FEBRUARY 21, 2019

The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.

Cybersecurity 92

Cybersecurity Malware 92

Security Affairs

FEBRUARY 21, 2019

Security experts at BitDefender have released a new version of the GandCrab decryptor able to decrypt versions of GandCrab 1, 4 and 5. Security experts at BitDefender have released a new version of the GandCrab decryptor that could be used to decrypt versions of GandCrab 1, 4 and 5, including the latest version 5.1. The GandCrab decryptor is available for free from BitDefender and from the NoMoreRansom project.

Ransomware 111

Ransomware Advertising Malware Encryption 111

Schneier on Security

FEBRUARY 18, 2019

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not. If anyone has any more information -- stories, screen shots of chats, etc. -- please forward them to me.

193

193

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

FEBRUARY 20, 2019

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean.

111

111

Dark Reading

FEBRUARY 22, 2019

VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.

VPN 97

VPN Information Security 97

Security Affairs

FEBRUARY 17, 2019

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month. Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of modern vehicles.

Hacking 111

Hacking Advertising Engineering Cybersecurity 111

Schneier on Security

FEBRUARY 18, 2019

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters.

IoT 200

IoT Hacking 200

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

FEBRUARY 18, 2019

It used to make sense to believe something until it was debunked; now, it makes sense to assume certain claims are fake—unless they are verified.

91

91

Dark Reading

FEBRUARY 19, 2019

In an unusual development, the group known for its attacks against companies in countries viewed as geopolitical foes is now going after companies in a country considered an ally, Check Point Software says.

Software 84

Software 84

Security Affairs

FEBRUARY 17, 2019

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block. Crooks are distributing links to blogs and services that display users “login using Facebook account” to read an exclusive article or purchase a discounted product.

Phishing 111

Phishing Advertising Accountability Authentication 111

Thales Cloud Protection & Licensing

FEBRUARY 19, 2019

A few weeks ago, we issued the Global Edition of our 2019 Thales Data Threat Report, now in its seventh year. This year much of the emphasis within the results was on how digital transformation can put organizations’ sensitive data at risk. The results showed, for instance, that almost every organization surveyed is dealing with digital transformation at one level or another (97%), and that organizations that are aggressively investing in digital transformation had higher rates of data breaches.

Digital transformation 70

Digital transformation Data breaches Threat Reports Marketing 70

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

FEBRUARY 17, 2019

What happens to all those emails and passwords that get leaked? They're frequently used to try to break into users' other accounts across the internet.

Passwords 84

Passwords Internet Internet Accountability 84

Dark Reading

FEBRUARY 18, 2019

No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.

CISO 85

CISO Technology 85

Security Affairs

FEBRUARY 21, 2019

Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR. Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer. Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years.

Advertising 111

Advertising Software Hacking 111

Elie

FEBRUARY 18, 2019

This post considers the perception clash that exists between what users perceive to be their most valuable accounts (email and social networks) and those they think they should protect the most (online banking).

Accountability 62

Accountability Account Security Banking 62

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity