Krebs on Security

AUGUST 22, 2019

On Tuesday of this week, one of the more popular underground stores peddling credit and debit card data stolen from hacked merchants announced a blockbuster new sale: More than 5.3 million new accounts belonging to cardholders from 35 U.S. states. Multiple sources now tell KrebsOnSecurity that the card data came from compromised gas pumps, coffee shops and restaurants operated by Hy-Vee , an Iowa-based company that operates a chain of more than 245 supermarkets throughout the Midwestern United S

Energy and Utilities 276

Energy and Utilities Retail Data breaches Marketing 276

Schneier on Security

AUGUST 21, 2019

There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.

243

243

Adam Levin

AUGUST 19, 2019

The local governments and agencies from twenty-three Texas towns were hit by a coordinated ransomware campaign last week. . The Texas Department of Information Resources (DIR) became aware of the ransomware campaign after being contacted by the municipal governments of several towns that were unable to access critical files. The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Secur

Government 213

Government Ransomware Encryption Malware 213

The Last Watchdog

AUGUST 20, 2019

A faked Rolex or Prada handbag is easy enough to acquire on the street in certain cities, and you can certainly hunt one down online. Now add high-end counterfeit smartphones to the list of luxury consumer items that are being aggressively marketed to bargain-hungry consumers. Related: Most companies ignorant about rising mobile attacks While it might be tempting to dismiss the potential revenue lost by Apple, Samsung, HTC and other suppliers of authentic phones, this counterfeit wave is particu

Malware 185

Malware Mobile Manufacturing Marketing 185

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

AUGUST 21, 2019

Passwords 225

Passwords 225

Schneier on Security

AUGUST 23, 2019

There was a DefCon talk by someone with the vanity plate "NULL." The California system assigned him every ticket with no license plate: $12,000. Although the initial $12,000-worth of fines were removed, the private company that administers the database didn't fix the issue and new NULL tickets are still showing up. The unanswered question is: now that he has a way to get parking fines removed, can he park anywhere for free?

242

242

The Last Watchdog

AUGUST 22, 2019

178

178

Elie

AUGUST 18, 2019

In this paper, we propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried.

Passwords 118

Passwords Accountability 118

Schneier on Security

AUGUST 22, 2019

From DefCon : At the Defcon hacker conference today, security researcher Truman Kain debuted what he calls the Surveillance Detection Scout. The DIY computer fits into the middle console of a Tesla Model S or Model 3, plugs into its dashboard USB port, and turns the car's built-in cameras­ -- the same dash and rearview cameras providing a 360-degree view used for Tesla's Autopilot and Sentry features­ -- into a system that spots, tracks, and stores license plates and faces over time.

Surveillance 242

Surveillance Software 242

Thales Cloud Protection & Licensing

AUGUST 20, 2019

117

117

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

AUGUST 19, 2019

IoT 157

IoT Mobile 157

Adam Shostack

AUGUST 21, 2019

If you needed more reasons to move away from using SMS-based authentication, and treating phone companies as trusted, “ AT&T employees took over $1 million in bribes to plant malware and unlock millions of smartphones: DOJ “ Abuse reporting systems are being abused. You need to threat model and play the chess game. “ How Flat Earthers Nearly Derailed a Space Photo Book “ My conflict modeling work is a first draft of how to threat model such systems.

Media 113

Media Authentication Malware Personal Security 113

Schneier on Security

AUGUST 20, 2019

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance. Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal data.

Surveillance 221

Surveillance Technology 221

Security Affairs

AUGUST 23, 2019

Hackers are exploiting recently disclosed flaws in enterprise virtual private network (VPN) products from Fortinet and Pulse Secure. The popular cybersecurity expert Kevin Beaumont has observed threat actors attempting to exploit the CVE-2018-13379 in the FortiOS SSL VPN web portal and CVE-2019-11510 flaw in Pulse Connect Secure. Fortigate Fortinet SSL VPN is being exploited in the wild since last night at scale using 1996 style././ exploit – if you use this as a security boundary, you wan

VPN 112

VPN Advertising Firewall Hacking 112

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

AUGUST 22, 2019

A core security challenge confronts just about every company today. Related : Can serverless computing plus GitOps lock down DX? Companies are being compelled to embrace digital transformation, or DX , if for no other reason than the fear of being left behind as competitors leverage microservices, containers and cloud infrastructure to spin-up software innovation at high velocity.

Digital transformation 147

Digital transformation Risk Firewall Accountability 147

WIRED Threat Level

AUGUST 23, 2019

The threat of cyberwar looms over the future: a new dimension of conflict capable of leapfrogging borders and teleporting the chaos of war to civilians thousands of miles beyond its front.

111

111

Threatpost

AUGUST 21, 2019

Backdoor was intentionally planted in 2018 and found during the DEF CON 2019 security conference when researchers stumbled upon malicious code.

Hacking 102

Hacking 102

Security Affairs

AUGUST 23, 2019

The Ukrainian Secret Service is investigating the case of employees at a nuclear power plant that connected its system online to mine cryp tocurrency. The Ukrainian Secret Service (SBU) launched an investigation after employees at a local nuclear power plant connected some systems of the internal network to the Internet to mine cryptocurrency. The incident was first reported by the Ukrainian news site UNIAN.

Cryptocurrency 111

Cryptocurrency Advertising Engineering Internet 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

AUGUST 20, 2019

Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.

CISO 97

CISO Risk 97

WIRED Threat Level

AUGUST 20, 2019

"Off-Facebook Activity" will give users more control over their data, but Facebook needs up to 48 hours to aggregate your information into a format it can share with advertisers.

Advertising 105

Advertising 105

Thales Cloud Protection & Licensing

AUGUST 22, 2019

Originally published in Dark Reading on Aug. 13, 2019. The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape. Ten years ago, GPS on phones was just becoming available. Self-driving cars were secretly making their way into traffic, and most people hadn’t even heard of 3D printing.

Digital transformation 92

Digital transformation Encryption Technology Risk 92

Security Affairs

AUGUST 22, 2019

A new zero-day vulnerability in the for Windows impacting over 96 million users was disclosed by researcher Vasily Kravets. A news zero-day flaw in the Steam client for Windows client impacts over 96 million users. The flaw is a privilege escalation vulnerability and it has been publicly disclosed by researcher Vasily Kravets. Kravets is one of the researchers that discovered a first zero-day flaw in the Steam client for Windows, the issue was initially addressed by Valve, but the researcher Xia

Advertising 111

Advertising Antivirus Firewall Information Security 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

AUGUST 19, 2019

Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.

Media 96

Media 96

WIRED Threat Level

AUGUST 19, 2019

Twitter and Facebook say they’ve taken down misinformation campaigns from China that cast pro-democracy activists as ISIS members and cockroaches.

105

105

Threatpost

AUGUST 20, 2019

Attackers are taking aim at Fortnite's global community of 250 million gamers.

Hacking 89

Hacking Ransomware Malware 89

Security Affairs

AUGUST 19, 2019

Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers. A public Jailbreak for iPhones in was released by a hacker, it is an exceptional event because it is the first in years. According to Motherboard, that first reported the news, Apple accidentally unpatched a flaw it had already fixed allowing the hacker to exploit it.

Hacking 111

Hacking Advertising Mobile Malware 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Dark Reading

AUGUST 20, 2019

Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.

Financial Services 93

Financial Services 93

WIRED Threat Level

AUGUST 20, 2019

First promised back in January, the first YubiKey for iOS will help cut down on painful password clutter starting. now.

Passwords 103

Passwords 103

Threatpost

AUGUST 21, 2019

After Valve banned him from its bug bounty program, a researcher has found a second zero-day vulnerability affecting the Steam gaming client.

85

85

Security Affairs

AUGUST 18, 2019

Bluetana App allows detecting Bluetooth card skimmers installed at the gas pumps to steal customers’ credit and debit card information in just 3 seconds on average. Bluetooth card skimmers continue to be one of the favorite tools in the arsenal of crooks that attempt to steal credit and debit card information. In recent years, law enforcement reported many cases of gas stations where cyber criminals have installed Bluetooth card skimmers.

Advertising 111

Advertising Mobile Hacking Cybercrime 111

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity