Schneier on Security

FEBRUARY 12, 2019

279

279

Krebs on Security

FEBRUARY 12, 2019

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever. Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.

Hacking 273

Hacking DDOS Backups Accountability 273

Adam Shostack

FEBRUARY 9, 2019

The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership. For an upcoming flight, I paid extra to reserve an upper deck seat before the last of the passenger-carrying Queens of the Skies retires.

Engineering 223

Engineering Mobile Government 223

Troy Hunt

FEBRUARY 11, 2019

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once there's so much of something all vying for the attention of those consuming it, the value of it plummets. On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain

Passwords 213

Passwords Data breaches Media InfoSec 213

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

FEBRUARY 13, 2019

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. First, the scope of cyber risks vastly exceeds available coverage, as cyber perils cut across most areas of commercial insurance in an unprecedented manner: d

Cyber Insurance 244

Cyber Insurance Insurance Cyber Risk Risk 244

Krebs on Security

FEBRUARY 13, 2019

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked.

Hacking 241

Hacking DDOS Government Accountability 241

Adam Shostack

FEBRUARY 13, 2019

I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “ Anticipating Failure through Threat Modeling w/ Adam Shostack.

145

145

Schneier on Security

FEBRUARY 14, 2019

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer.

244

244

Krebs on Security

FEBRUARY 12, 2019

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday.

Internet 196

Internet Internet Malware Hacking 196

The Last Watchdog

FEBRUARY 12, 2019

Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation. Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It’s called Project Furnace , an all-new open source software development platform.

Digital transformation 124

Digital transformation Software Surveillance IoT 124

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Adam Shostack

FEBRUARY 14, 2019

I’m getting ready for the 5-year anniversary of my book, “ Threat Modeling: Designing for Security.” As part of that, I would love to see the book have more than 55 5 reviews on Amazon. If you found the book valuable, I would appreciate it if you could take a few minutes to write a review.

113

113

Schneier on Security

FEBRUARY 15, 2019

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system.

Encryption 191

Encryption 191

Security Affairs

FEBRUARY 13, 2019

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the file was not malicious. Because the manufacturer’s analysis was not satisfactory, the team responsible for handling the incident requested a second opinion, since in other anti-virus

Antivirus 111

Antivirus Advertising Manufacturing Hacking 111

The Last Watchdog

FEBRUARY 11, 2019

The moment we’ve all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN’s encryption seemed like the light at the end of the tunnel. Related: California enacts pioneering privacy law. However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”.

Encryption 124

Encryption VPN Telecommunications Data privacy 124

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Dark Reading

FEBRUARY 12, 2019

All data belonging to US users-including backup copies-have been deleted in catastrophe, VMEmail says.

Backups 107

Backups 107

Adam Levin

FEBRUARY 13, 2019

Dailymotion is a Paris-based video-sharing rival of YouTube. The site gets about 300 million unique visitors a month who watch an estimated 3.5 billion videos. While that’s a fraction of YouTube’s nearly 2 billion uniques, it makes a perfectly good target for a hacker. Dailymotion announced “a large-scale computer attack aimed at compromising the data of its users,” on January 25. “The attack, which was discovered by Dailymotion technical teams and is still ongoin

Risk 100

Risk Data breaches Passwords Password Management 100

Security Affairs

FEBRUARY 11, 2019

Security experts found a serious flaw tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O. Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O.

Advertising 111

Advertising Engineering Hacking Software 111

Threatpost

FEBRUARY 15, 2019

Researchers warn that the phishing campaign looks "deceptively realistic.".

Phishing 93

Phishing Scams Social Engineering Engineering 93

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

FEBRUARY 12, 2019

We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.

Cybersecurity 97

Cybersecurity 97

Adam Levin

FEBRUARY 14, 2019

The U.S. Federal Government should pass legislation protecting citizens’ privacy online, according to a new report by the Government Accountability Office. The GAO study referenced 101 privacy violations that had been referred to the FTC for enforcement, nearly none of them resulting in fines or penalties for offenders. All of the violations were associated with internet companies.

Consumer Protection 100

Consumer Protection Internet Internet Government 100

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. The advertising for the sale of the huge trove of data was published in the popular Dream Market black marketplace, data are available for less than $20,000 worth of Bitcoin.

Accountability 111

Accountability Hacking Advertising Data breaches 111

eSecurity Planet

FEBRUARY 13, 2019

91

91

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Dark Reading

FEBRUARY 14, 2019

Some have even turned to alcohol and medication as their demands outpace resources.

CISO 96

CISO 96

WIRED Threat Level

FEBRUARY 13, 2019

In an astonishing indictment, the DoJ details how Monica Witt allegedly turned on her former counterintelligence colleagues.

Hacking 85

Hacking 85

Security Affairs

FEBRUARY 11, 2019

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update. Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. According to the users, the malicious code adds some 700 entries to the /etc/hosts file that redirects requests to IP address 0.0.0.0.

Antivirus 111

Antivirus Advertising Firmware VPN 111

Threatpost

FEBRUARY 12, 2019

"Every file server is lost, every backup server is lost.”.

Backups 84

Backups Hacking 84

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

FEBRUARY 11, 2019

But it can't operate in a bubble, a new Washington Post study indicates.

Hacking 91

Hacking 91

WIRED Threat Level

FEBRUARY 10, 2019

The shutdown may have ended two weeks ago, but federal cybersecurity professionals will be coping with its impact for a long time to come.

Cybersecurity 83

Cybersecurity 83

Security Affairs

FEBRUARY 10, 2019

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner. Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner, researchers observed it killing other Linux malware and coin miners present on the infected machine.

Malware 111

Malware Cryptocurrency Advertising DNS 111

eSecurity Planet

FEBRUARY 11, 2019

Companies are more confident in their ability to meet GDPR and other compliance demands, but some important controls haven't been fully adopted.

83

83

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk