Krebs on Security

DECEMBER 13, 2018

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient’s building that will be detonated unless a hefty bitcoin ransom is paid by the end of the business day. Sources at multiple U.S. based financial institutions reported receiving the threats, which included the subject line, “I advise you not to call the police.” The email reads: My man carried a bomb (Hexogen) into the building where your company is located.

Scams 243

Scams Banking Passwords 243

Schneier on Security

DECEMBER 12, 2018

Last week, Australia passed a law [link] the government the ability to demand backdoors in computers and communications systems. Details are still to be defined , but it's really bad. Note: Many people e-mailed me to ask why I haven't blogged this yet. One, I was busy with other things. And two, there's nothing I can say that I haven't said many times before.

Government 221

Government Encryption 221

Adam Levin

DECEMBER 12, 2018

A New York Times report about the ways smartphone apps track users and sell their location data (on a far greater scale than most customers realize) has gotten much deserved attention this week. One data sample obtained by the Times showed records of a company updating users’ locations up to 14,000 times a day in 2017. While many users allow location tracking on their mobile apps to enable tailored content such as weather or nearby restaurants, they are often unaware that their travel history an

Mobile 192

Mobile Advertising Data collection Marketing 192

The Last Watchdog

DECEMBER 10, 2018

The holiday season is upon us and the bright lights and greenery aren’t the only indicators that we’ve reached December. Sadly, data breaches often occur at this time of year. Recently we’ve seen major news stories about breaches at Starwood Hotels and Quora. Related podcast: The need to lock down unstructured data. Last year, at this time, it was announced that there was a significant privacy leak at eBay affecting many customers.

Government 149

Government Unstructured Data Data breaches Risk 149

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

DECEMBER 12, 2018

Is it fair to judge an organization’s information security posture simply by looking at its Internet-facing assets for weaknesses commonly sought after and exploited by attackers, such as outdated software or accidentally exposed data and devices? Fair or not, a number of nascent efforts are using just such an approach to derive security scores for companies and entire industries.

Cyber Risk 224

Cyber Risk Energy and Utilities Risk Marketing 224

Schneier on Security

DECEMBER 10, 2018

The research group AI Now just published its annual report. It's an excellent summary of today's AI security challenges, as well as a policy agenda to address them. This is related, and also worth reading.

216

216

The Last Watchdog

DECEMBER 11, 2018

SAN JOSE, Calif. – Dec. 11, 2018 – NetSecOPEN , the first industry organization focused on the creation of open, transparent network security performance testing standards, today announced that 11 prominent security vendors, test solutions and services vendors, and testing laboratories have joined the organization as founding members. Related podcast: The importance of sharing alliances.

Network Security 133

Network Security Security Performance Engineering Encryption 133

Krebs on Security

DECEMBER 11, 2018

Adobe and Microsoft each released updates today to tackle critical security weaknesses in their software. Microsoft’s December patch batch is relatively light, addressing more than three dozen vulnerabilities in Windows and related applications. Adobe has issued security fixes for its Acrobat and PDF Reader products, and has a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

Software 193

Software Internet Internet Malware 193

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages.

Authentication 210

Authentication Passwords Phishing Government 210

Adam Shostack

DECEMBER 12, 2018

Thanks to the kind folks Digital Guardian for including my threat modeling book in their list of “ The Best Resources for InfoSec Skillbuilding.” It’s particularly gratifying to see that the work is standing the test of time.

InfoSec 113

InfoSec 113

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

DECEMBER 12, 2018

Picture two castles. The first is impeccably built – state of the art, with impenetrable walls, a deep moat, and so many defenses that attacking it is akin to suicide. The second one isn’t quite as well-made. The walls are reasonably strong, but there are clear structural weaknesses. And while it does have a moat, that moat is easily forded. Related podcast: The case for ‘zero-trust’ security.

Data breaches 127

Data breaches Cybersecurity Architecture Security Awareness 127

Security Affairs

DECEMBER 13, 2018

McAfee uncovered a campaign tracked as Operation Sharpshooter that hit at least 87 organizations in global defense and critical infrastructure. Security experts at McAfee uncovered a hacking campaign, tracked as Operation Sharpshooter, aimed at infrastructure companies worldwide. The threat actors are using malware associated with Lazarus APT group that carried out Sony Pictures attack back in 2014.

Malware 111

Malware Advertising Hacking Encryption 111

Schneier on Security

DECEMBER 13, 2018

The New York Times and Reuters are reporting that China was behind the recent hack of Mariott Hotels. Note that this is still uncomfirmed, but interesting if it is true. Reuters: Private investigators looking into the breach have found hacking tools, techniques and procedures previously used in attacks attributed to Chinese hackers, said three sources who were not authorized to discuss the company's private probe into the attack.

Hacking 206

Hacking 206

WIRED Threat Level

DECEMBER 14, 2018

In the latest in its long string of 2018 incidents, Facebook let developers access the private photos of millions of users.

109

109

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

DECEMBER 11, 2018

The House Oversight Committee has released a scathing report on Equifax. Through the investigation, the Committee reviewed over 122,000 pages of documents, conducted transcribed interviews with three former Equifax employees directly involved with IT, and met with numerous current and former Equifax employees, in addition to Mandiant, the forensic firm hired to conduct an investigation of the breach.

Information Security 100

Information Security 100

Security Affairs

DECEMBER 12, 2018

Experts from Kaspersky Lab reported that that the recently patched Windows kernel zero-day vulnerability ( CVE-2018-8611 ) has been exploited by several threat actors. Microsoft’s Patch Tuesday updates for December 2018 address nearly 40 flaws, including a zero-day vulnerability affecting the Windows kernel. The flaw, tracked as CVE-2018-8611, is as a privilege escalation flaw caused by the failure of the Windows kernel to properly handle objects in memory. “An elevation of privilege vulne

Advertising 111

Advertising Spyware Accountability Malware 111

Dark Reading

DECEMBER 12, 2018

Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.

Education 99

Education Cybersecurity 99

WIRED Threat Level

DECEMBER 10, 2018

A month after Google had already decided to shut down Google+, a new bug made its problems much, much worse.

99

99

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

DECEMBER 14, 2018

The bug allowed 1,500 apps built by 876 developers to view users' unposted "draft" photos.

Data privacy 81

Data privacy Mobile Hacking 81

Security Affairs

DECEMBER 11, 2018

‘ The Seedworm APT Group has targeted more than 130 victims in 30 organizations since September including NGOs, oil and gas, and telecom businesses. According to a new research conducted from Symantec’s DeepSight Managed Adversary and ThreatIntelligence (MATI) team, the Seedworm APT group, aka MuddyWater , is rapidly evolving and extended its targets to the telecom, IT services, and oil and gas industries.

Telecommunications 111

Telecommunications Passwords Advertising Media 111

Dark Reading

DECEMBER 14, 2018

Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.

91

91

WIRED Threat Level

DECEMBER 13, 2018

Apparent bitcoin scammers caused chaos across the US Thursday, radically escalating longstanding tactics.

Scams 98

Scams 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

eSecurity Planet

DECEMBER 13, 2018

A look at the top vendors in the breach and attack simulation market, a new IT security technology that offers continuous vulnerability assessment.

Marketing 81

Marketing Technology 81

Security Affairs

DECEMBER 10, 2018

The Linux.org website was defaced last week via DNS hijack, attackers breached into associated registrar account and changed the DNS settings. Attackers changed the defacement page a few times, they protested against the new Linux kernel developer code of conduct in a regrettable way with racial slurs and the image of an individual showing the anus.

DNS 112

DNS Accountability Advertising Authentication 112

Dark Reading

DECEMBER 8, 2018

Researcher demonstrates how attackers could steal data from smartphones while they charge up.

Banking 91

Banking Hacking 91

WIRED Threat Level

DECEMBER 8, 2018

China accusations, Eastern European bank heists, and more of the week's top security news.

Hacking 82

Hacking Banking Ransomware 82

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Threatpost

DECEMBER 10, 2018

Women are key to solving the workforce shortage, which is expected to reach 3.5 million open jobs by 2022.

80

80

Security Affairs

DECEMBER 10, 2018

The popular expert Jens ‘Atom’ Steube devised a new WiFi hack that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiFi passwords of most modern routers. Jens ‘Atom’ Steube, the lead developer of the popular password-cracking tool Hashcat, has developed a new WiFi hacking technique that allows cracking WiF

Hacking 111

Hacking Wireless Passwords Authentication 111

Dark Reading

DECEMBER 10, 2018

How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.

90

90

PerezBox Security

DECEMBER 13, 2018

The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of WordPress. Read More. The post OSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress appeared first on PerezBox.

Architecture 79

Architecture Technology 79

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity