Sat.Nov 03, 2018 - Fri.Nov 09, 2018

article thumbnail

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S. Postal Service (USPS) that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and made it easier for people to opt out. This week, the U.S.

article thumbnail

The Pentagon is Publishing Foreign Nation-State Malware

Schneier on Security

This is a new thing : The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that's used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape. This feels like an example of the US's new strategy of actively harassing foreign government actors.

Malware 249
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed. The first one was about HSBC disclosing a "security incident" which, upon closer inspection, boiled down to this: The security incident that HSBC described in its letter seems to fit the characteristics of brute-force password-guessing attempts, also known as a credentials stuffing

Passwords 234
article thumbnail

FIFA Hacked Again

Adam Levin

The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017. That attack was attributed to a Russian hacking group alternately called Fancy Bear and APT28. News of this new hack was made public after FIFA documents were published on a website called Football Leaks , a whistleblower website dedicated to the soc

Hacking 207
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.

Mobile 243
article thumbnail

iOS 12.1 Vulnerability

Schneier on Security

This is really just to point out that computer security is really hard : Almost as soon as Apple released iOS 12.1 on Tuesday, a Spanish security researcher discovered a bug that exploits group Facetime calls to give anyone access to an iPhone users' contact information with no need for a passcode. [.]. A bad actor would need physical access to the phone that they are targeting and has a few options for viewing the victim's contact information.

247
247

More Trending

article thumbnail

GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

The Last Watchdog

Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge.

Media 174
article thumbnail

Who’s In Your Online Shopping Cart?

Krebs on Security

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. These days, a compromised e-commerce site is more likely to be seeded with a tiny snippet of code that invokes a hostile domain which appears harmless or that is virtually indistinguishable from the hacked site’s own

Antivirus 241
article thumbnail

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware. In theory, the security guarantees offered by hardware encryption are similar to or better than software implementations. In reality, we found that many hardware implementations have critical security weaknesses, for many models allowing for complete recovery of the data

article thumbnail

It's End of Life for ASafaWeb

Troy Hunt

A lot has changed in the Microsoft technology world in the last 7 years since I launched ASafaWeb in September 2011. Windows XP is no longer the dominant operating system ( Win 7 actually caught up the month I launched ASafaWeb ). Internet Explorer is no longer the dominant browser ( Chrome was in 3rd place back then ). Windows Server has gone from 2008 R2 to 2012 to 2012 R2 to 2016 to 2019.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Facebook Blocks Handful of Accounts on Eve of Election

Adam Levin

Facebook announced in a blog post on November 5th that it blocked 115 accounts on its platforms after being informed by law enforcement that they may have been “engaged in coordinated inauthentic behavior.”. Roughly 30 of the Facebook accounts blocked were from Russian or French speakers, with the remaining 85 on its Instagram platform being in English.

article thumbnail

Bug Bounty Hunter Ran ISP Doxing Service

Krebs on Security

A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned. In May 2018, ZDNet ran a story about the discovery of a glaring vulnerability in the Web site for wireless provider T-Mobile that let anyone look up customer home addresses and account PINs.

Mobile 210
article thumbnail

Consumer Reports Reviews Wireless Home-Security Cameras

Schneier on Security

Consumer Reports is starting to evaluate the security of IoT devices. As part of that, it's reviewing wireless home-security cameras. It found significant security vulnerabilities in D-Link cameras: In contrast, D-Link doesn't store video from the DCS-2630L in the cloud. Instead, the camera has its own, onboard web server, which can deliver video to the user in different ways.

Wireless 224
article thumbnail

Weekly Update 112

Troy Hunt

Wow, didn't the passwords discussions go nuts this week! Passwords suck and they must die, they're never going to die, people are using bad ones, people should be able to use bad ones, developers are at fault and my personal favourite in the "how on earth did you reach that conclusion" category, I should actually do something to educate people about passwords rather than blaming them for using bad ones.

Passwords 159
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Change in the Weather

Adam Shostack

A remote Hawaiian island, East Island, was destroyed by Hurricane Walaka. East Island was 11 acres. It was also a key refuge for turtles and seals. Read more in The Guardian. Maersk has sent a ship, the Venta Maersk, through the Northern Passage. The journey and its significance were outlined by the Washington Post, with predictions of 23 days (versus 34 to sail via Suez).

113
113
article thumbnail

VMware releases security patches for a critical virtual machine escape flaw

Security Affairs

VMware released security patches for a critical virtual machine (VM) escape vulnerability that was recently discovered at a Chinese hacking contest. VMware has released security patches for a critical virtual machine (VM) escape vulnerability (CVE-2018-6981 and CVE-2018-6982) that was recently discovered by the researcher Zhangyanyu at the Chinese GeekPwn2018 hacking contest.

article thumbnail

Troy Hunt on Passwords

Schneier on Security

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them. No amount of focusing on how bad passwords are or how many accounts have been breached or what it costs when people can't access their accounts is going to change that.

Passwords 222
article thumbnail

How to Control What Websites Can Do on Your Computer

WIRED Threat Level

If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser.

111
111
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Top 10 SIEM Products

eSecurity Planet

We review and compare 10 SIEM products that can help you manage your overall IT security from a single tool.

111
111
article thumbnail

Data from ‘almost all’ Pakistani banks stolen, Pakistani debit card details surface on the dark web

Security Affairs

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach. Almost all Pakistani banks were affected by a recent security breach, the shocking news was confirmed by the head of the Federal Investigation Agency’s (FIA) cybercrime wing. “According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked,” FIA Cybercrimes Director retired Capt Mohammad

Banking 111
article thumbnail

Privacy and Security of Data at Universities

Schneier on Security

Interesting paper: " Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier ," by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property.

article thumbnail

20 Cybersecurity Firms to Watch

Dark Reading

A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Midterm Elections 2018: All the Hoaxes and Viral Misinformation

WIRED Threat Level

WIRED is looking out for the biggest stories, the most common hoaxes, and the likeliest sources of confusion as they emerge throughout the day.

102
102
article thumbnail

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Guy Fawkes Day, November 5th 2018 – LulzSec Italy announced credit a string of hacks and leaks targeting numerous systems and websites across Italy. In celebration of Guy Fawkes Day, November 5th 2018, LulzSec Italy announced credit for a massive string of hacks and leaks targeting numerous systems and websites across Italy. Included in the breaches were Italy’s National Research Center , The Institute for Education Technologies , the ILIESI Institute for the European Intellectual Le

Passwords 111
article thumbnail

Make sure you trust your third-party vendor

Thales Cloud Protection & Licensing

Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common? They each suffered a data breach at the hands of a third-party vendor. While the most common definition of a data breach is the unauthorized access, transition, reproduction, dissemination or sale of personal, confidential or privileged data, if data is mistakenly shared with an unauthorized user by an authorized user– that is also a breach.

article thumbnail

Why the CISSP Remains Relevant to Cybersecurity After 28 Years

Dark Reading

The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Sue Gordon: Silicon Valley Should Work With the Government

WIRED Threat Level

In an expansive on-the-record interview with WIRED, the principal deputy director of national intelligence made her pitch for public-private partnerships.

article thumbnail

Researcher discloses VirtualBox Zero-Day without reporting it to Oracle

Security Affairs

Security expert disclosed the details of a zero-day flaw affecting Oracle’s VirtualBox virtualization software without waiting for a patch from Oracle. The security expert Sergey Zelenyuk has disclosed the details of a zero-day vulnerability affecting Oracle’s VirtualBox virtualization software that could be exploited by an attacker to make a guest-to-host escape.

InfoSec 111
article thumbnail

HSBC Data Breach Hits Online Banking Customers

Threatpost

The data breach includes names, addresses, transaction histories, account information and more.

article thumbnail

5 Reasons Why Threat Intelligence Doesn't Work

Dark Reading

Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!