Trending Articles

Magecart Spies Payment Cards From Retailer Vision Direct

Data Breach Today

Card-Sniffing JavaScript Posed as Google Analytics Script on Retailer's Sites Online contact lens retailer Vision Direct says it suffered a data breach that exposed customers' names and complete payment card details.

Retail 201

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

The Last Watchdog

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom. Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way.

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others.

IT 231

Worst-Case Thinking Breeds Fear and Irrationality

Schneier on Security

Here's a crazy story from the UK. Basically, someone sees a man and a little girl leaving a shopping center.

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices.

Texas Hospital Hit With Dharma Ransomware Attack

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie.

More Trending

Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria

Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria.

Chip Cards Fail to Reduce Credit Card Fraud in the US

Schneier on Security

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold.

Sales 108

Romanian Hacker 'Guccifer' Extradited to US

Data Breach Today

236

Patch Tuesday, November 2018 Edition

Krebs on Security

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe also has security patches available for Flash Player , Acrobat and Reader users.

Tools 183

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

Cyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation. Related: The ‘Golden Age’ of cyber espionage is upon us.

B2C 117

Instagram glitch exposed some user passwords

Security Affairs

Instagram has suffered a serious security leak that might have exposed user’s passwords, revealed The Information website. Instagram notified some of its users that it might have accidentally exposed their password due to a security glitch.

Hidden Cameras in Streetlights

Schneier on Security

Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.

Video 104

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 240

Protecting Big Data, while Preserving Analytical Agility

Thales Data Security

The age of Big Data is upon us. And, as more data is available for analytical purposes, more sensitive and private information is at risk.

Q&A: How certifying in-house IT staffers as cyber analysts, pen testers can boost SMB security

The Last Watchdog

A security-first mindset is beginning to seep into the ground floor of the IT departments of small and mid-sized companies across the land. Senior executives at these SMBs are finally acknowledging that a check-box approach to security isn’t enough, and that instilling a security mindset pervasively throughout their IT departments has become the ground stakes. Related: The ‘gamification’ of cybersecurity training.

Protonmail hacked …. a very strange scam attempt

Security Affairs

A hacker going online by the moniker AmFearLiathMor is claiming to have hacked the most popular end-to-end encrypted email service ProtonMail.

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

Data controllers and data processors are an integral part of the GDPR. This article explains what those roles involve and helps you understand if you are a controller, processor or both.

GDPR 105

Here's Why Account Authentication Shouldn't Use SMS

Data Breach Today

Database Blunder Left Two-Step Codes, Account Reset Links Exposed A database security blunder revealed on Friday serves as a reminder that the days of SMS-based authentication should be over.

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Troy Hunt

You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really don't like?

Demo 99

Julian Assange Charges, Japan's Top Cybersecurity Official, and More Security News This Week

WIRED Threat Level

Safer browsing, more bitcoin scams, and the rest of the week's top security news. Security

Expert found a way to bypass Windows UAC by mocking trusted Directory

Security Affairs

David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. .

Course 109

JavaScript keylogger sees Vision Direct’s customer data stolen

IT Governance

Contact lens supplier Vision Direct has released information about a data breach it suffered earlier this month.

Congress Approves New DHS Cybersecurity Agency

Data Breach Today

Bill Creating Cybersecurity and Infrastructure Security Agency Awaits President's Signature The United States will soon officially have a single agency that takes the lead role for cybersecurity.

New IoT Security Regulations

Schneier on Security

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to lightbulbs to major appliances­ -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

IoT 96

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

WIRED Threat Level

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security. Security

Million password resets and 2FA codes exposed in unsecured Vovox DB

Security Affairs

Million of password resets and two-factor authentication codes exposed in unsecured Vovox DB.

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. However, the airline has since admitted that an extra 185,000 people may have been affected. Then and now.

Who Hijacked Google's Web Traffic?

Data Breach Today

Data Routes Through Russia, Nigeria and China, Raising Security Concerns Google is investigating the unorthodox routing of traffic bound for its cloud services that instead traveled via internet service provides in Nigeria, Russia and China.

Cloud 199

Guest Blog: Why it’s Critical to Orchestrate PKI Keys for IoT

Thales Data Security

According to statistica the number of Internet of Things (IoT) devices connected will rise to 23 billion this year. From industrial machinery and intelligent transportation to health monitoring and emergency notification systems, a broad range of IoT devices are already being deployed by enterprises.

IoT 92

What Happened to Cyber 9/11?

Schneier on Security

A recent article in the Atlantic asks why we haven't seen a"cyber 9/11" in the past fifteen or so years. (I, I, too, remember the increasingly frantic and fearful warnings of a "cyber Peal Harbor," "cyber Katrina" -- when that was a thing -- or "cyber 9/11." I made fun of those warnings back then.)

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies. A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers.

IoT 106

Shopping safely over Black Friday and Cyber Monday

IT Governance

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, the flurry of purchases and the data that represents means cyber criminals will also be looking to cash in.

Texas Hospital Catches Dharma Ransomware Infection

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

Surveillance Kills Freedom By Killing Experimentation

WIRED Threat Level

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral. Security

Hiding Secret Messages in Fingerprints

Schneier on Security

This is a fun steganographic application : hiding a message in a fingerprint image. Can't see any real use for it, but that's okay. academicpapers encryption fingerprints steganography

IT 91