Trending Articles

New Breed of Fuel Pump Skimmer Uses SMS and Bluetooth

Krebs on Security

Fraud investigators say they’ve uncovered a sophisticated new breed of credit card skimmers being installed at gas pumps that is capable of relaying stolen card data via mobile text message, thereby enabling fraudsters to collect it from anywhere in the world.

WhatsApp Flaw Could Enable iOS Message Snooping

Data Breach Today

Facebook Promises Quick Patch for Face ID and Touch ID Bypassing Problem Facebook says it will soon issue a patch for a bug in its WhatsApp messenger application that can circumvent a security feature launched just last month for Apple devices.

Access 188

Password Managers Leave Crumbs in Memory, Researchers Warn

Data Breach Today

Popular Password Managers for Windows Fail to Tidy Up Before Locking Up Shop A security audit of popular password manager has revealed some concerning weaknesses. Luckily, none of the problems are showstoppers that should put people off using such applications.

ATT&CKized Splunk – Threat Hunting with MITRE’s ATT&CK using Splunk

Security Affairs

Most of us know MITRE and the ATT&CK framework that they have come up with. What a splendid job they have done for the cyber security community by bringing most of the key attack vectors under an organized framework that segregates these attack vectors in various stages of a typical attack.

Demo 113

Facebook May Be Fined for Billions for Cambridge Analytica Scandal

Adam Levin

Facebook’s long string of privacy scandals may (finally) have some meaningful repercussions by way of a multi-billion dollar fine from the Federal Trade Commission.

IT 113

Maltese bank thwarts huge cyber heist by taking its IT systems offline

IT Governance

Sometimes the only thing that can stop an outrageous plan is an even more outrageous one. At least that was the thinking at the Bank of Valletta in Malta, which last week prevented a daring cyber heist by shutting down its IT systems and plunging the organisation into cyber darkness.

IT 91

More Trending

Criminals, Nation-States Keep Hijacking BGP and DNS

Data Breach Today

While Exploitable Protocols and Processes Persist, Adoption of Secure Fixes Lags The internet is composed of a series of networks built on trust.

These Are the Countries With the Best and Worst Cybersecurity

Security Affairs

Cybersecurity is a growing concern among governments, businesses and individuals around the world. Cyberattacks can have severe impacts on everyone. A recent report from researchers at the University of Oxford identified 57 different impacts that cyber incidents can have.

Cataloging IoT Vulnerabilities

Schneier on Security

Recent articles about IoT vulnerabilities describe hacking of construction cranes , supermarket freezers , and electric scooters. hacking internetofthings vulnerabilities

IoT 91

7 Scenarios for How the Mueller Probe Might End

WIRED Threat Level

New reports say that Robert Mueller will be "wrapping up" his investigation soon. Here's what that might actually mean. Security

2019 Thales DTR: Global Edition: Facts that may surprise you

Thales Data Security

A few weeks ago, we issued the Global Edition of our 2019 Thales Data Threat Report, now in its seventh year. This year much of the emphasis within the results was on how digital transformation can put organizations’ sensitive data at risk.

Police Push Free Decryptor for GandCrab Ransomware

Data Breach Today

Toyota PASTA Car-Hacking Tool will be soon on GitHub

Security Affairs

Toyota plans to release the PASTA (Portable Automotive Security Testbed) Car-Hacking Tool on GitHub next month.

Tools 112

Reverse Location Search Warrants

Schneier on Security

Weekly Update 126

Troy Hunt

Another week, another conference. This time it was Microsoft Ignite in Sydney and as tends to happen at these events, many casual meetups, chats, beers, selfies, delivery of HIBP stickers and an all-round good time, albeit an exhausting one.

MY TAKE: Here’s why the Internet Society’s new Privacy Code of Conduct deserves wide adoption

The Last Watchdog

When Facebook founder Mark Zuckerberg infamously declared that privacy “is no longer a social norm” in 2010, he was merely parroting a corporate imperative that Google had long since established. That same year, then-Google CEO Eric Schmidt publicly admitted that Google’s privacy policy was to “get right up to the creepy line and not cross it.”. Related: Mark Zuckerberg’s intolerable business model. We now know, of course, they weren’t kidding.

Mining 106

Facebook paid $25,000 for CSRF exploit that leads to Account Takeover

Security Affairs

Facebook paid a $25,000 bounty for a critical cross-site request forgery (CSRF) vulnerability that could have been exploited to hijack accounts simply by tricking users into clicki on a link.

USB Cable with Embedded Wi-Fi Controller

Schneier on Security

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer. implants sidechannelattacks usb wifi

IT 92

RSA 2019 Blog Series: Securing Microservices

Thales Data Security

Every once in a while, a new transformative architecture emerges, which challenges how we think about applications and our understanding of how to build and operate them securely.

Blog 67

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Data Breach Today

FTC and Social Network Are Negotiating Record Penalty, Washington Post Reports The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures.

Offensive Security announced the release of Kali Linux 2019.1

Security Affairs

It’s official, Offensive Security announced the release of Kali Linux 2019.1, the latest version of the popular penetration testing and forensics Linux distro. On Monday, Offensive Security announced the availability of Kali Linux 2019.1,

Details on Recent DNS Hijacking

Schneier on Security

At the end of January the US Department of Homeland Security issued a warning regarding serious DNS hijacking attempts against US government domains. Brian Krebs wrote an excellent article detailing the attacks and their implications. Strongly recommended

Blockchain is Real, But Still Not for Everybody

Weissman's World

I have conversations every day with people who believe either (a) blockchain is just another overhyped new technology being foisted upon us by unscrupulous vendors, or (b) it’s the solution to all their problems. Neither of these, of course, is correct. As written and discussed before in this space (and plenty of ‘elsewheres,’ too), blockchain […]. The post Blockchain is Real, But Still Not for Everybody appeared first on Holly Group. Blockchain infogov records

Russian Hackers Go From Foothold to Full-On Breach in 19 Minutes

WIRED Threat Level

A new ranking of nation-state hacker speed puts Russia on top by a span of hours. Security

Facebook Smackdown: UK Seeks 'Digital Gangster' Regulation

Data Breach Today

But Can New Laws and Greater Oversight Fix UK's 'Fake News' Challenges? Technology giants stand accused by a U.K. parliamentary committee of risking democracy in pursuit of profit, acting as monopolies and blocking attempts to hold them accountable.

Risk 184

Facebook login phishing campaign can deceive tech-savvy users

Security Affairs

Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. The technique relies upon the concept of being able to reproduce a social login prompt in a very realistic format inside an HTML block.

Estonia's Volunteer Cyber Militia

Schneier on Security

Interesting -- although short and not very detailed -- article about Estonia's volunteer cyber-defense militia.

Unactioned data subject access requests could lead to legal action

IT Governance

Buckinghamshire-based housing developer Magnacrest has been fined for failing to respond to DSARs (data subject access requests) , giving organisations a fresh reminder of the importance of the public’s legal rights to review the information that’s processed about them.

Don’t Get Your Valentine an Internet-Connected Sex Toy

WIRED Threat Level

Mozilla expands its “Privacy Not Included” gift guide to the bedroom: It’s all sexy fun and games until someone hacks a WiFi-enabled butt plug. Security

Wendy's Reaches $50 Million Breach Settlement With Banks

Data Breach Today

Astaroth Trojan relies on legitimate os and antivirus processes to steal data

Security Affairs

A new Astaroth Trojan campaign was spotted by the Cybereason’s Nocturnus team, hackers are targeting Brazil and European countries.

I Am Not Associated with Swift Recovery Ltd.

Schneier on Security

It seems that someone from a company called Swift Recovery Ltd. is impersonating me -- at least on Telegram. The person is using a photo of me, and is using details of my life available on Wikipedia to convince people that they are me. They are not.

IT 77

Truth or DAR? (Or the Truth about DAR Security)

Thales Data Security

It’s Valentine’s Day. Chocolates. Romantic dinners. Little conversation hearts with affectionate messages. A special gift for someone special. Or if we flash back to high school, maybe even, a game of Truth or Dare. But in the data-security world, we might play “Truth or DAR,” as in data at rest.