Krebs on Security

DECEMBER 13, 2018

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

Scams 231

Scams Banking Passwords 231

Schneier on Security

DECEMBER 12, 2018

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things. And two, there's nothing I can say that I haven't said many times before.

Government 216

Government Encryption 216

Adam Levin

DECEMBER 12, 2018

A New York Times report about the ways smartphone apps track users and sell their location data (on a far greater scale than most customers realize) has gotten much deserved attention this week. One data sample obtained by the Times showed records of a company updating users’ locations up to 14,000 times a day in 2017. While many users allow location tracking on their mobile apps to enable tailored content such as weather or nearby restaurants, they are often unaware that their travel history an

Mobile 192

Mobile Advertising Data collection Marketing 192

The Last Watchdog

DECEMBER 10, 2018

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Government 149

Government Unstructured Data Data breaches Risk 149

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries.

Cyber Risk 213

Cyber Risk Energy and Utilities Risk Marketing 213

Schneier on Security

DECEMBER 10, 2018

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading.

212

212

The Last Watchdog

DECEMBER 11, 2018

SAN JOSE, Calif. – Dec. 11, 2018 – NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances.

Network Security 133

Network Security Security Performance Engineering Encryption 133

Krebs on Security

DECEMBER 11, 2018

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

Software 183

Software Internet Internet Malware 183

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages.

Authentication 207

Authentication Passwords Phishing Government 207

Adam Shostack

DECEMBER 12, 2018

Thanks to the kind folks Digital Guardian for including my threat modeling book in their list of “ The Best Resources for InfoSec Skillbuilding.” It’s particularly gratifying to see that the work is standing the test of time.

InfoSec 113

InfoSec 113

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

DECEMBER 12, 2018

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded. Related podcast: The case for ‘zero-trust’ security.

Data breaches 127

Data breaches Cybersecurity Architecture Security Awareness 127

Security Affairs

DECEMBER 10, 2018

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings. Attackers changed the defacement page a few times, they protested against the new Linux kernel developer code of conduct in a regrettable way with racial slurs and the image of an individual showing the anus.

DNS 112

DNS Accountability Advertising Authentication 112

Schneier on Security

DECEMBER 13, 2018

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company's private probe into the attack.

Hacking 203

Hacking 203

Adam Shostack

DECEMBER 11, 2018

The House Oversight Committee has released a scathing report on Equifax. Through the investigation, the Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to Mandiant, the forensic firm hired to conduct an investigation of the breach.

Information Security 100

Information Security 100

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

DECEMBER 12, 2018

Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.

Education 99

Education Cybersecurity 99

Security Affairs

DECEMBER 10, 2018

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiF

Hacking 111

Hacking Wireless Passwords Authentication 111

eSecurity Planet

DECEMBER 13, 2018

A look at the top vendors in the breach and attack simulation market, a new IT security technology that offers continuous vulnerability assessment.

Marketing 99

Marketing Technology 99

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

As you will no doubt have heard by now, Thales and Gemalto announced last December that they had reached an agreement under which Thales will acquire Gemalto by way of an all-cash offer, upon receipt of all regulatory clearances. As part of the regulatory process and in order to obtain regulatory clearances among other agencies and from the European Commission, Thales has committed to divest Thales eSecurity’s nShield business in full to a suitable purchaser.

Accountability 79

Accountability 79

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

DECEMBER 14, 2018

Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.

91

91

Security Affairs

DECEMBER 13, 2018

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in 2014.

Malware 111

Malware Advertising Hacking Encryption 111

eSecurity Planet

DECEMBER 13, 2018

With an Israeli intelligence pedigree and strong funding, XM Cyber has the makings of a serious player in the breach and attack simulation market.

Marketing 89

Marketing 89

PerezBox Security

DECEMBER 13, 2018

The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of WordPress. Read More. The post OSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress appeared first on PerezBox.

Architecture 79

Architecture Technology 79

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

DECEMBER 14, 2018

Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.

80

80

Security Affairs

DECEMBER 11, 2018

‘ The Seedworm APT Group has targeted more than 130 victims in 30 organizations since September including NGOs, oil and gas, and telecom businesses. According to a new research conducted from Symantec’s DeepSight Managed Adversary and ThreatIntelligence (MATI) team, the Seedworm APT group, aka MuddyWater , is rapidly evolving and extended its targets to the telecom, IT services, and oil and gas industries.

Telecommunications 111

Telecommunications Passwords Advertising Media 111

WIRED Threat Level

DECEMBER 14, 2018

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users.

91

91

Thales Cloud Protection & Licensing

DECEMBER 13, 2018

In the digital transformation era, companies across all sectors are using next-generation technologies to streamline their operations, deliver value to customers, and gain a competitive edge. Invariably, Internet of Things (IoT) strategies form the backbone of those efforts. Enormous quantities of data can be generated by and collected from a wide variety of IoT devices.

Internet 66

Internet Internet IoT Manufacturing 66

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

DECEMBER 11, 2018

Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.

85

85

Security Affairs

DECEMBER 9, 2018

STOLEN PENCIL campaign – North Korea-linked APT group has been targeting academic institutions since at least May of this year. North Korea-linked threat actors are targeting academic institutions with spear phishing attacks. The phishing messages include a link to a website where a decoy document that attempts to trick users into installing a malicious Google Chrome extension.

Phishing 111

Phishing Passwords Advertising Hacking 111

Threatpost

DECEMBER 14, 2018

Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire.

IoT 80

IoT Wireless 80

Thales Cloud Protection & Licensing

DECEMBER 11, 2018

As I was starting to write this blog, yet another retail program data breach occurred, for Marriott’s Starwood loyalty program. In this case, it looks as though the attackers had been on the Starwood network for somewhere around three years, mining out their reservations database (keep in mind that Marriott only acquired Starwood in 2016 ). Since in Tech we often travel “for a living”, I found in my bag an older Starwood preferred guest card.

Retail 66

Retail Data breaches Big data Financial Services 66

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity