Sat.Aug 31, 2019 - Fri.Sep 06, 2019

article thumbnail

The Doghouse: Crown Sterling

Schneier on Security

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.". I dropped it both because it stopped being fun and because almost everyone converged on standard cryptographic libraries, which meant standard non-snake-oil cryptography.

article thumbnail

Voice Deepfake Scams CEO out of $243,000

Adam Levin

The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice. The Wall Street Journal reported that the CEO of an unnamed UK energy company received a phone call from what sounded like his boss, the CEO of a German parent company, telling him to wire €220,000 (roughly $243,000) to a bank account in Hungary.

Scams 233
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

‘Satori’ IoT Botnet Operator Pleads Guilty

Krebs on Security

A 21-year-old man from Vancouver, Wash. has pleaded guilty to federal hacking charges tied to his role in operating the “ Satori ” botnet, a crime machine powered by hacked Internet of Things (IoT) devices that was built to conduct massive denial-of-service attacks targeting Internet service providers, online gaming platforms and Web hosting companies.

IoT 206
article thumbnail

SHARED INTEL: Mobile apps are riddled with security flaws, many of which go unremediated

The Last Watchdog

The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps. Organizations that are all-in leveraging microservices to speed-up application development, on the DevOps side of the house, have begun acknowledging the importance of incorporating SecOps along the way.

Mobile 170
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Massive iPhone Hack Targets Uyghurs

Schneier on Security

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install malware on iPhones that would visit the site. (The vulnerabilities were patched in iOS 12.1.4, released on February 7.).

Hacking 244
article thumbnail

Expect More Spam Calls and SIM-Card Scams: 400 Million Phone Numbers Exposed

Adam Levin

As much as I love this one friend of mine, nothing is private when we’re together. You probably have a friend like this. The relationship is really great so you stay friends despite all, but this particular friend simply cannot know something about you without sharing it with others no matter how hard you try to get them to understand it’s totally uncool. .

Scams 197

More Trending

article thumbnail

MY TAKE: How advanced automation of threat intel sharing has quickened incident response

The Last Watchdog

Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches? Related: Ground zero for cybersecurity research Having covered the cybersecurity industry for the past 15 years, it’s clear to me that there are two primary reasons.

Big data 153
article thumbnail

Credit Card Privacy

Schneier on Security

Good article in the Washington Post on all the surveillance associated with credit card use.

article thumbnail

If You Have to Ask How Much a Data Breach Costs, You Can’t Afford One

Adam Levin

article thumbnail

Threat Modeling Building Blocks

Adam Shostack

Threat modeling isn’t one task — its a collection of tasks that build on each other to produce more valuable insights. One of the values of the four question frame is that it lets us reduce things into smaller, more assessable building blocks. And in that vein, there are a couple of new, short (4-page), interesting papers from a team at KU Leuven including: Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation.

124
124
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Hundreds of millions of Facebook users’ phone numbers exposed online

Security Affairs

New problems to Facebook , phone numbers associated with more than 400 million accounts of the social network giant were exposed online. A new privacy incident involved Facebook, according to TechCruch, phone numbers associated with 419 million accounts of the social network giant were exposed online. The data was found by Sanyam Jain, a security researcher and member of the GDI Foundation, who contacted TechCrunch because he was able to contact the owner of the archive. .

article thumbnail

Default Password for GPS Trackers

Schneier on Security

Many GPS trackers are shipped with the default password 123456. Many users don't change them. We just need to eliminate default passwords. This is an easy win.

Passwords 216
article thumbnail

Google Discovers Massive iPhone Hack

Adam Levin

Researchers at Google announced the discovery of a hacking campaign that used hacked websites to deliver malware to iPhones. Project Zero, Google’s security research team, discovered fourteen previously unknown vulnerabilities, called zero day exploits, that were capable of compromising iPhones. Further research revealed a small collection of hacked websites capable of delivering malware to iPhone users visiting those sites.

Hacking 172
article thumbnail

Supermicro Bug Could Let "Virtual USBs" Take Over Corporate Servers

WIRED Threat Level

A newly disclosed vulnerability in Supermicro hardware brings the threat of malicious USBs to corporate servers.

Hacking 107
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

XMR crypto miner switches from arm IoT devices to X86/I686 Intel servers

Security Affairs

Akamai researcher Larry Cashdollar reported that a cryptocurrency miner that previously hit only Arm-powered IoT devices it now targeting Intel systems. The popular researcher Larry Cashdollar, from Akamai SIRT, announced in exclusive to The Register, that he observed a miner that previously hit only Arm-powered IoT devices targeting Intel systems. The researchers revealed that one of his honeypots was hit by this IoT malware that targets Intel machines running Linux. “I suspect it’s proba

IoT 111
article thumbnail

Black Hat/DefCon 2019: Where is Quantum?

Thales Cloud Protection & Licensing

The weeklong “hacker summer camp” of the combined Black Hat and DefCon drew over 22,000 attendees to Las Vegas last month. Overall, we continue to think the security industry is still ripe for commoditization, especially from the cloud providers who have the capacity to simply offer features as a default. Last year we thought we saw evidence that security vendors were consolidating and on the cusp of providing higher order services to meet this threat, but we didn’t see much evidence of that str

IoT 104
article thumbnail

Day-1 Skills That Cybersecurity Hiring Managers Are Looking For

Daniel Miessler

I’ve written before about the paradox of hiring managers not being able to find entry-level cybersecurity candidates, while many people with decent training or even degrees in the field cannot get hired. As it turns out, it’s not really that hard to explain. The Military takes you from zero to hero. In extremely large and long-term-focused organizations—like the Military—this gap is understood, so they spend time building extensive, standardized programs that can take any

article thumbnail

Google Wants to Help Tech Companies Know Less About You

WIRED Threat Level

By releasing its homegrown differential privacy tool, Google will make it easier for any company to boost its privacy bona fides.

96
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Android Zero-Day exploits are the most expensive in the new Zerodium price list

Security Affairs

Zero-day broker Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time. For the first time, the price for Android exploits is higher than the iOS ones, this is what has emerged from the updated price list published by the zero-day broker Zerodium. Announcement: We've updated our prices for major Mobile exploits.

article thumbnail

Chinese Group Built Advanced Trojan by Reverse Engineering NSA Attack Tool

Dark Reading

APT3 quietly monitored an NSA attack on its systems and used the information to build a weapon of its own.

article thumbnail

Unsupervised Learning: No. 192 (Member Edition)

Daniel Miessler

This is UL Member Content Subscribe Already a member? Login No related posts.

article thumbnail

Cold War Analogies are Warping Tech Policy

WIRED Threat Level

Opinion: Politicians and pundits' fixation with flawed Cold War metaphors have produced overly combative policies on emerging tech.

96
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Crooks stole €1.5 million from German bank OLB cloning EMV cards

Security Affairs

Criminals have stolen more than €1.5 million from the German bank OLB by cloning customer debit cards and using them to cash out user funds across Brazil. ZDnet first reported that last week cyber criminals have stolen more than €1.5 million from the German bank Oldenburgische Landesbank (OLB) by cloning customer debit cards and using them to cash out user funds across Brazil.

Banking 110
article thumbnail

419M Facebook User Phone Numbers Publicly Exposed

Dark Reading

It's still unclear who owned the server storing hundreds of millions of records online without a password.

article thumbnail

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

In responding to ever-evolving threats and opportunities, enterprises today must embrace constant motion – a continuous cycle of responding to change and keeping one eye on what’s to come. This underpins the digital transformation imperative most of them face today, and the huge responsibility that rests on the shoulders of the CIO. With many of these transformations, it is not just the premise of keeping up that drives the huge levels of investment we see organisations making – but also the pro

article thumbnail

Why 'Zero Day' Android Hacking Now Costs More Than iOS Attacks

WIRED Threat Level

Brokers of so-called zero day exploits are paying out more for Android than iOS—which would have been unthinkable until recently.

Hacking 94
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran

Security Affairs

Journalists revealed the role of a mole recruited by the Dutch intelligence in the US-Israeli Stuxnet attack on the Natanz plant in Iran. The story of the Stuxnet attack is still one of the most intriguing case of modern information warfare. The virus was developed by the US and Israel to interfere with the nuclear enrichment program conducted by Iran in the plant of Natanz.

Malware 110
article thumbnail

Cybercriminals Impersonate Chief Exec's Voice with AI Software

Dark Reading

Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.

article thumbnail

CEO ‘Deep Fake’ Swindles Company Out of $243K

Threatpost

Cybercrooks successfully fooled a company into a large wire transfer using an AI-powered deep fake of a chief executive's voice, according to a report.

article thumbnail

Apple Finally Breaks Its Silence on iOS Hacking Campaign

WIRED Threat Level

In its first public statement since Google revealed a sophisticated attack against iOS devices, Apple defended its security measures.

Hacking 93
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!