Krebs on Security

FEBRUARY 12, 2019

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever. Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users.

Hacking 260

Hacking DDOS Backups Accountability 260

Adam Shostack

FEBRUARY 9, 2019

The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership. For an upcoming flight, I paid extra to reserve an upper deck seat before the last of the passenger-carrying Queens of the Skies retires.

Engineering 223

Engineering Mobile Government 223

Schneier on Security

FEBRUARY 13, 2019

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. First, the scope of cyber risks vastly exceeds available coverage, as cyber perils cut across most areas of commercial insurance in an unprecedented manner: d

Cyber Insurance 212

Cyber Insurance Insurance Cyber Risk Risk 212

Troy Hunt

FEBRUARY 11, 2019

A race to the bottom is a market condition in which there is a surplus of a commodity relative to the demand for it. Often the term is used to describe labour conditions (workers versus jobs), and in simple supply and demand terms, once there's so much of something all vying for the attention of those consuming it, the value of it plummets. On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain

Passwords 207

Passwords Data breaches Media InfoSec 207

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

FEBRUARY 13, 2019

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked.

Hacking 219

Hacking DDOS Government Accountability 219

Adam Levin

FEBRUARY 11, 2019

A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers. Credit unions and banks are both required by the Bank Secrecy Act (BSA) to report potential money laundering operations and to dedicate at least two staff members to ensure compliance. The phishing emails seemed to specifically target the accounts of these BSA officers, which raises the concern that a database containing their information m

Phishing 181

Phishing Banking Accountability Malware 181

Adam Shostack

FEBRUARY 13, 2019

I did a podcast with Mark Miller over at DevSecOps days. It was a fun conversation, and you can have a listen at “ Anticipating Failure through Threat Modeling w/ Adam Shostack.

145

145

Krebs on Security

FEBRUARY 12, 2019

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday.

Internet 184

Internet Internet Malware Hacking 184

The Last Watchdog

FEBRUARY 12, 2019

Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation. Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It’s called Project Furnace , an all-new open source software development platform.

Digital transformation 124

Digital transformation Software Surveillance IoT 124

Schneier on Security

FEBRUARY 15, 2019

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system.

Encryption 180

Encryption 180

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Adam Shostack

FEBRUARY 14, 2019

I’m getting ready for the 5-year anniversary of my book, “ Threat Modeling: Designing for Security.” As part of that, I would love to see the book have more than 55 5 reviews on Amazon. If you found the book valuable, I would appreciate it if you could take a few minutes to write a review.

113

113

Adam Levin

FEBRUARY 13, 2019

Dailymotion is a Paris-based video-sharing rival of YouTube. The site gets about 300 million unique visitors a month who watch an estimated 3.5 billion videos. While that’s a fraction of YouTube’s nearly 2 billion uniques, it makes a perfectly good target for a hacker. Dailymotion announced “a large-scale computer attack aimed at compromising the data of its users,” on January 25. “The attack, which was discovered by Dailymotion technical teams and is still ongoin

Risk 100

Risk Data breaches Passwords Password Management 100

The Last Watchdog

FEBRUARY 11, 2019

The moment we’ve all feared has finally come to pass. When government agencies and international intelligence groups pooled together resources to gather user data, the VPN’s encryption seemed like the light at the end of the tunnel. Related: California enacts pioneering privacy law. However, it looks like things are starting to break apart now that Australia has passed the “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018”.

Encryption 124

Encryption VPN Telecommunications Data privacy 124

Schneier on Security

FEBRUARY 12, 2019

274

274

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 11, 2019

Security experts found a serious flaw tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O. Aleksa Sarai, a senior software engineer at SUSE Linux GmbH, has disclosed a serious vulnerability tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O.

Advertising 111

Advertising Engineering Hacking Software 111

Adam Levin

FEBRUARY 14, 2019

The U.S. Federal Government should pass legislation protecting citizens’ privacy online, according to a new report by the Government Accountability Office. The GAO study referenced 101 privacy violations that had been referred to the FTC for enforcement, nearly none of them resulting in fines or penalties for offenders. All of the violations were associated with internet companies.

Consumer Protection 100

Consumer Protection Internet Internet Government 100

Dark Reading

FEBRUARY 12, 2019

We examine the issue of fallibility from six sides: end users, security leaders, security analysts, IT security administrators, programmers, and attackers.

Cybersecurity 97

Cybersecurity 97

WIRED Threat Level

FEBRUARY 10, 2019

The shutdown may have ended two weeks ago, but federal cybersecurity professionals will be coping with its impact for a long time to come.

Cybersecurity 102

Cybersecurity 102

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

FEBRUARY 13, 2019

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it replied that the file was not malicious. Because the manufacturer’s analysis was not satisfactory, the team responsible for handling the incident requested a second opinion, since in other anti-virus

Antivirus 111

Antivirus Advertising Manufacturing Hacking 111

Threatpost

FEBRUARY 12, 2019

Dunkin’ Donuts may have just launched its first double-filled doughnut, but another doubling up is not quite as tasty. The chain has suffered its second credential-stuffing attack in three months. Like the first incident, the attack targeted pastry aficionados that have DD Perks accounts, which is Dunkin’s loyalty program. Names, email addresses, 16-digit DD Perks […].

Accountability 78

Accountability Passwords 78

Dark Reading

FEBRUARY 14, 2019

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them.

Cybersecurity 85

Cybersecurity 85

WIRED Threat Level

FEBRUARY 13, 2019

In an astonishing indictment, the DoJ details how Monica Witt allegedly turned on her former counterintelligence colleagues.

Hacking 102

Hacking 102

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

FEBRUARY 11, 2019

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update. Users of the Network attached storage devices manufactured have reported a mystery string of malware attacks that disabled software updates by hijacking entries in host machines’ hosts file. According to the users, the malicious code adds some 700 entries to the /etc/hosts file that redirects requests to IP address 0.0.0.0.

Antivirus 111

Antivirus Advertising Firmware VPN 111

Thales Cloud Protection & Licensing

FEBRUARY 14, 2019

It’s Valentine’s Day. Chocolates. Romantic dinners. Little conversation hearts with affectionate messages. A special gift for someone special. Or if we flash back to high school, maybe even, a game of Truth or Dare. But in the data-security world, we might play “Truth or DAR,” as in data at rest. (And please pardon my pun.). Here is a “Truth” about “DAR:” There is no silver bullet for securing all of your agencies’ data.

Encryption 70

Encryption Threat Reports Marketing Government 70

Dark Reading

FEBRUARY 12, 2019

All data belonging to US users-including backup copies-have been deleted in catastrophe, VMEmail says.

Backups 107

Backups 107

eSecurity Planet

FEBRUARY 11, 2019

Companies are more confident in their ability to meet GDPR and other compliance demands, but some important controls haven't been fully adopted.

83

83

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

FEBRUARY 11, 2019

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. The advertising for the sale of the huge trove of data was published in the popular Dream Market black marketplace, data are available for less than $20,000 worth of Bitcoin.

Accountability 110

Accountability Hacking Advertising Data breaches 110

WIRED Threat Level

FEBRUARY 11, 2019

Many of the body cameras worn by police are woefully vulnerable to hacking and manipulation. Amber Authenticate wants to fix that—with the blockchain.

Authentication 79

Authentication Hacking 79

Dark Reading

FEBRUARY 13, 2019

Hacking by external actors caused most breaches, but Web intrusions and exposures compromised more records, according to Risk Based Security.

Data breaches 90

Data breaches Hacking Risk 90

Threatpost

FEBRUARY 12, 2019

The affected SICAM 230 process control system is used as an integrated energy system for utility companies, and as a monitoring system for smart-grid applications.

Energy and Utilities 73

Energy and Utilities 73

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity