Sat.Feb 23, 2019 - Fri.Mar 01, 2019

article thumbnail

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique. Over four weeks, the researchers developed fake pages and closed groups on Facebook that looked like they were associated with the military exercise, as well as profiles impersonating service members both real and imagined.

Media 258
article thumbnail

Payroll Provider Gives Extortionists a Payday

Krebs on Security

Payroll software provider Apex Human Capital Management suffered a ransomware attack this week that severed payroll management services for hundreds of the company’s customers for nearly three days. Faced with the threat of an extended outage, Apex chose to pay the ransom demand and begin the process of restoring service to customers. Roswell, Ga. based Apex HCM is a cloud-based payroll software company that serves some 350 payroll service bureaus that in turn provide payroll services to s

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

The Last Watchdog

There’s a frantic scramble going on among those responsible for network security at organizations across all sectors. Related: Why we’re in the Golden Age of cyber espionage. Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy.

article thumbnail

ICANN Urges Greater Domain Name Security

Adam Levin

The infrastructure at the core of the internet is vulnerable to attack from state-sponsored hackers, its governing body warned. . The Internet Corporation for Assigned Names and Numbers (ICANN), charged with overseeing Domain Name Systems (DNS), published an announcement that companies have moved too slowly to adopt security standards that would have mitigated several recent large-scale cyberattacks.

DNS 183
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Can Everybody Read the US Terrorist Watch List?

Schneier on Security

After years of claiming that the Terrorist Screening Database is kept secret within the government, we have now learned that the DHS shares it "with more than 1,400 private entities, including hospitals and universities.". Critics say that the watchlist is wildly overbroad and mismanaged, and that large numbers of people wrongly included on the list suffer routine difficulties and indignities because of their inclusion.

article thumbnail

Crypto Mining Service Coinhive to Call it Quits

Krebs on Security

Roughly one year ago, KrebsOnSecurity published a lengthy investigation into the individuals behind Coinhive[.]com , a cryptocurrency mining service that has been heavily abused to force hacked Web sites to mine virtual currency. On Tuesday, Coinhive announced plans to pull the plug on the project early next month. A message posted to the Coinhive blog on Tuesday, Feb. 26, 2019.

More Trending

article thumbnail

Weekly Update 127

Troy Hunt

It was another travel week so another slightly delayed weekly update, but still plenty of stuff going on all the same. Along with a private Sydney workshop earlier on, I'm talking about some free upcoming NDC meetup events in Brisbane and Melbourne and I'd love to get a great turnout for. I've just ordered 10k more HIBP stickers to last me through upcoming events so they'll be coming with me.

article thumbnail

On the Security of Password Managers

Schneier on Security

There's new research on the security of password managers, speficially 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of password lying around memory? All password managers we examined sufficiently secured user secrets while in a 'not running' state.

article thumbnail

Booter Boss Interviewed in 2014 Pleads Guilty

Krebs on Security

A 20-year-old Illinois man has pleaded guilty to running multiple DDoS-for-hire services that launched millions of attacks over several years. The plea deal comes almost exactly five years after KrebsOnSecurity interviewed both the admitted felon and his father and urged the latter to take a more active interest in his son’s online activities.

DDOS 199
article thumbnail

MY TAKE: Why the next web-delivered ad you encounter could invisibly infect your smartphone

The Last Watchdog

Google, Facebook and Amazon have gotten filthy rich doing one thing extremely well: fixating on every move each one of us makes when we use our Internet-connected computing devices. Related: Protecting web gateways. The tech titans have swelled into multi-billion dollar behemoths by myopically focusing on delivering targeted online advertising, in support of online retailing.

Retail 138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

What Should Training Cover?

Adam Shostack

Chris Eng said “ Someone should set up a GoFundMe to send whoever wrote the hit piece on password managers to a threat modeling class. ” And while it’s pretty amusing, you know, I teach threat modeling classes. I spend a lot of time crafting explicit learning goals, considering and refining instructional methods, and so when a smart fellow like Chris says this, my question is why?

article thumbnail

"Insider Threat" Detection Software

Schneier on Security

Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson's arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any "insider threat." The program identified suspicious computer activity tied to Hasson, prompting the agency's investigative service to launch an investigation last fall, said Lt.

article thumbnail

PDF zero-day samples harvest user data when opened in Chrome

Security Affairs

Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data. Exploit detection service EdgeSpot spotted several PDF documents that exploit a zero-day vulnerability in Chrome to harvest data on users who open the files through the popular web browser. The experts initially detected the specially-crafted PDF files in December 2018.

article thumbnail

GUEST ESSAY: Repelling social engineering attacks requires shoring up the weakest link: humans

The Last Watchdog

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Spoofing in Depth

Adam Shostack

I’m quite happy to say that my next Linkedin Learning course has launched! This one is all about spoofing. It’s titled “ Threat Modeling: Spoofing in Depth.” It’s free until at least a week after RSA. Also, I’m exploring the idea that security professionals lack a shared body of knowledge about attacks, and that an entertaining and engaging presentation of such a BoK could be a useful contribution.

124
124
article thumbnail

Data Leakage from Encrypted Databases

Schneier on Security

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it.

article thumbnail

5 Key Takeaways From Michael Cohen's Testimony to Congress

WIRED Threat Level

Michael Cohen testifies before the House Oversight committee, and brings the receipts.

111
111
article thumbnail

70000 Pakistani banks’ cards with PINs go on sale on the dark web.

Security Affairs

Group-IB experts discovered new databases with a total of 69,189 Pakistani banks’ cards that have shown up for sale on the dark web. Group-IB , an international company that specializes in preventing cyberattacks, has discovered new databases with a total of 69,189 Pakistani banks’ cards that have shown up for sale on the dark web. The total market value of the databases is estimated at nearly 3.5 million USD.

Banking 112
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

TurboTax Hit with Cyberattack, Tax Returns Compromised

Dark Reading

Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.

105
105
article thumbnail

The Dark Sides of Modern Cars: Hacking and Data Collection

Threatpost

How features such as infotainment and driver-assist can give others a leg up on car owners.

article thumbnail

FTC Hits TikTok With Record $5.7 Million Fine Over Children’s Privacy

WIRED Threat Level

The social media app will pay $5.7 million to settle the allegations, and be required to delete videos uploaded by anyone under 13.

Media 111
article thumbnail

ICANN warns of large-scale attacks on Internet infrastructure

Security Affairs

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks. ICANN warns of “an ongoing and significant risk” to key components of the Internet infrastructure. “The Internet Corporation for Assigned Names an

Internet 111
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Security Experts, Not Users, Are the Weakest Link

Dark Reading

CISOs: Stop abdicating responsibility for problems with users - it's part of your job.

CISO 99
article thumbnail

Ring Doorbell Flaw Opens Door to Spying

Threatpost

Researchers are urging Ring users to update to the latest version of the smart doorbell after a serious flaw triggered privacy concerns.

IoT 91
article thumbnail

Hackers Can Slip Invisible Malware into 'Bare Metal' Cloud Computers

WIRED Threat Level

Researchers point a tough-to-fix in some cloud computing setups: hackable firmware.

Firmware 110
article thumbnail

B0r0nt0K ransomware demands $75,000 ransom to the victims

Security Affairs

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). This B0r0nt0K ransomware infects both Linux and Windows servers.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Security Pros Agree: Cloud Adoption Outpaces Security

Dark Reading

Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.

90
article thumbnail

‘Cloudborne’ IaaS Attack Allows Persistent Backdoors in the Cloud

Threatpost

A known vulnerability combined with a weakness in bare-metal server reclamation opens the door to powerful, high-impact attacks.

article thumbnail

A Hidden Nest Secure Mic, Facebook's Dead VPN, and More Security News This Week

WIRED Threat Level

The 2020 disinformation campaigns have started, DrainerBot is coming for your smartphone's battery, and more security news this week.

VPN 106
article thumbnail

Crooks offer millions to skilled black hats to help them in extortion campaigns

Security Affairs

Cybercriminals are offering over a million dollars per year to skilled professionals like vxers and penetration testers to help them in extortion campaigns. According to a new report published by the security firm Digital Shadows cybercriminal organizations are willing to pay millions to skilled hackers and malware developers. The analysis of posts on Dark Web forums reveals that at least one threat actor is willing to pay more than $64,000 per month ($768,000 per year) to skilled hackers to rec

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!