Trending Articles

Mirai Botnet Code Gets Exploit Refresh

Data Breach Today

Users of Mirai Likely Seek Enterprise-Class Bandwidth, Says Palo Alto Networks Mirai, the powerful malware that unleashed unprecedented distributed denial-of-service attacks in 2016, has never gone away.

IT 193

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

Tools 255

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users.

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

DARPA Is Developing an Open-Source Voting System

Schneier on Security

This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse.

Mining 113

More Trending

Israeli Candidate for PM Benny Gantz hacked by Iranian cyberspies

Security Affairs

Israeli media reported this week that the Shin Bet internal security service warned Benny Gantz that Iranian cyber spies hacked his cellphone exposing his personal data.

Critical Flaw in Swiss Internet Voting System

Schneier on Security

Researchers have found a critical flaw in the Swiss Internet voting system.

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

Course 155

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on.

Tips 166

UN Report: N. Korea Targets Cryptocurrency Exchanges, Banks

Data Breach Today

Experts published details of the actively exploited CVE-2019-0808 Windows Flaw

Security Affairs

Experts from Qihoo 360 disclosed technical details of the actively exploited Windows zero-day flaw CVE-2019-0808 recently patched by Microsoft. Researchers at the security firm Qihoo 360 disclosed technical details of the zero-day vulnerability CVE-2019-0808 that was recently patched by Microsoft.

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month.

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely. In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services. This is coming.

IoT 150

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition.

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructur

A few binary plating 0-days for Windows

Security Affairs

While we were thinking about a way to escalate privileges during a pen-test, we discovered that most Windows installations were vulnerable to binary planting.

CAs Reissue Over One Million Weak Certificates

Schneier on Security

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed : they created random serial numbers with only 63 bits instead of the required 64.

NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app

The Last Watchdog

The conundrum companies face with the Bring Your Own Device phenomenon really has not changed much since iPhones and Androids first captured our hearts, minds and souls a decade ago. Related: Malvertising threat lurks in all browsers. People demand the latest, greatest mobile devices, both to be productive and to stay connected to their personal lives. But big organizations move methodically and in general struggle mightily when it comes to balancing productivity and security.

MDM 126

The Artificial Intelligence Yin Needs a Business Yang

AIIM

Seven (yes, seven!) years ago, AIIM published “The Big Data Balancing Act - Too much yin and not enough yang?” The author of the report was none other than Nuxeo’s David Jones, who worked as a business analyst for AIIM at the time.

Anti-Virus on Android: Beware of Low-Quality Apps

Data Breach Today

More Than Half of AV Apps are Ineffective, Testing Firm Finds More than half of 250 antivirus applications available in Google's Play Store offer insufficient protection against malicious software, according to a new study by testing organizations AV Comparatives.

Study 213

Payment data of thousands of customers of UK and US online stores could have been compromised

Security Affairs

Group-IB, an international company that specializes in preventing cyberattacks , has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US.

Judging Facebook's Privacy Shift

Schneier on Security

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions.

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

The Evidence That Could Impeach Donald Trump

WIRED Threat Level

Nancy Pelosi’s comments about impeachment acknowledge a political reality: Nothing the Mueller probe has revealed so far has moved the GOP substantially. Security

Mental Healthcare Providers Respond to Ransomware Attacks

Data Breach Today

Two Entities Hit - One Pays Ransom; the Other Doesn't Two recent ransomware attacks on mental healthcare providers serve as reminders of the security incident response and risk mitigation pressure faced by entities handling especially sensitive patient information

CVE-2019-0797 Windows Zero-Day exploited by FruityArmor and SandCat APT Groups

Security Affairs

One of the zero-day flaws ( CVE-2019-0797 ) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups.

Groups 100

On Surveillance in the Workplace

Schneier on Security

Tools 91

BEST PRACTICES: 6 physical security measures every company needs

The Last Watchdog

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times. Related: Shrinking to human attack vector.

Access 112

One Step Closer to Saudi Vision 2030 | General Auditing Bureau Conclude the Fourth stage of SHAMEL with Everteam

Everteam

Riyadh, KSA – March 2019 – An event was held at the General Auditing bureau to conclude the fourth stage of linking the government entities under GAB’s supervision to the Smart Electronic Auditing Platform “SHAMEL” project with Everteam.

Ursnif Banking Trojan Variant Steals More Than Financial Data

Data Breach Today

Researchers Say Latest Version Evades Detection A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report

Data 221

Secur Solutions Group data leak exposes 800,000 Singapore blood donors

Security Affairs

Secur Solutions Group data leak – Another clamorous data leak made the headlines, personal information of 808,201 blood donors in Singapore was exposed online.

Recapping RSA Conference 2019: No Silver Bullet for Security

Thales eSecurity

I was really looking forward to participating in RSA 2019 and it was a great event. There was tremendous energy and buzz in our booth and on the show floor.

MY TAKE: Microsoft’s Active Directory lurks as a hackers’ gateway in enterprise networks

The Last Watchdog

Many of our online activities and behaviors rely on trust. From the consumer side, for example, we trust that the business is legitimate and will take care of the sensitive personal information we share with them. But that level of trust goes much deeper on the organizational side. Related: The case for ‘zero-trust’ authentication. Employees are given credentials that allow them authorized access to corporate networks and databases.