Trending Articles

Pay Up, Or We’ll Make Google Ban Your Ads

Krebs on Security

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program.

Cybersecurity Plan for 2020 US Election Unveiled

Data Breach Today

CISA Describes Its Role as Security Facilitator The U.S.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: CyCognito employs offensive bot network to put companies a step a head of attackers

The Last Watchdog

When it comes to defending their networks, most companies have had it drilled into them, by now, that it’s essential to erect layered defenses.

CVE-2019-0604 SharePoint Remote code execution (RCE) vulnerability

Security Affairs

A security expert found a flaw in SharePoint that could be exploited to remotely execute arbitrary code by sending a specially crafted SharePoint application package.

IT 94

Legacy ECM: 4 Key Reasons to Modernize

Speaker: Chris McLaughlin, Chief Marketing Officer and Chief Product Officer, Nuxeo

After 20 years of Enterprise Content Management (ECM), businesses still face many of the same challenges with finding and managing information. Join Chris McLaughlin, CMO and CPO of Nuxeo, as he examines four common business challenges that these legacy ECM systems pose and how they can be addressed with a more modern approach.

Hacking McDonald's for Free Food

Schneier on Security

This hack was possible because the McDonald's app didn't authenticate the server, and just did whatever the server told it to do: McDonald's receipts in Germany end with a link to a survey page. Once you take the survey, you receive a coupon code for a free small beverage, redeemable within a month.

More Trending

Google Removes 500 Chrome Extensions Tied to Malvertising

Data Breach Today

Researchers Say Attackers Stole Browser Data and Redirected Users to Malicious Sites Google has removed 500 Chrome extensions from its online store after researchers found that attackers were using them to steal browser data, according to a new report from security firm Duo Security.

Over 500 Chrome Extensions Secretly Uploaded Private Data

WIRED Threat Level

A researcher discovered that hundreds of extensions in the Web Store were part of a long-running malvertising and ad-fraud scheme. Security Security / Cyberattacks and Hacks

Fox Kitten Campaign – Iranian hackers exploit 1-day VPN flaws in attacks

Security Affairs

Iranian hackers have been hacking VPN servers to plant backdoors in companies around the world. Iran-linked attackers targeted Pulse Secure, Fortinet, Palo Alto Networks, and Citrix VPNs to hack into large companies as part of the Fox Kitten Campaign.

Voatz Internet Voting App Is Insecure

Schneier on Security

This paper describes the flaws in the Voatz Internet voting app: " The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections.".

Paper 89

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

Encoding Stolen Credit Card Data on Barcodes

Krebs on Security

Crooks are constantly dreaming up new ways to use and conceal stolen credit card data. According to the U.S. Secret Service , the latest scheme involves stolen card information embedded in barcodes affixed to phony money network rewards cards.

IT 160

Facebook Delays EU Dating Service Rollout After 'Dawn Raid'

Data Breach Today

Irish Data Protection Authority Questions Impact of New Service Any lonely hearts in Europe hoping to meet the person of their dreams via Facebook's dating service on Valentine's Day this year will have to wait a little longer.

The 5 Love Languages of Cybersecurity

Dark Reading

When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication

Organizers of major hacking conferences in Asia put them on hold due to Coronavirus outbreak

Security Affairs

Organizers of Black Hat Asia and DEF CON China security conferences announced that they put the events on hold due to the Coronavirus outbreak.

Privacy without borders: Reality or Fantasy?

Imagine a world in which every country shared a vision and a common set of principles to protect and regulate the use of personal data. It would make international business far simpler, provide citizens in every country with the same privacy rights.

DNSSEC Keysigning Ceremony Postponed Because of Locked Safe

Schneier on Security

Interesting collision of real-world and Internet security: The ceremony sees several trusted internet engineers (a minimum of three and up to seven) from across the world descend on one of two secure locations -- one in El Segundo, California, just south of Los Angeles, and the other in Culpeper, Virginia -- both in America, every three months. Once in place, they run through a lengthy series of steps and checks to cryptographically sign the digital key pairs used to secure the internet's root zone. (Here's Cloudflare 's in-depth explanation, and IANA's PDF step-by-step guide.). [.]. Only specific named people are allowed to take part in the ceremony, and they have to pass through several layers of security -- including doors that can only be opened through fingerprint and retinal scans -- before getting in the room where the ceremony takes place. Staff open up two safes, each roughly one-metre across. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants. These credentials are stored in deposit boxes and tamper-proof bags in the second safe. Each step is checked by everyone else, and the event is livestreamed. Once the ceremony is complete -- which takes a few hours -- all the pieces are separated, sealed, and put back in the safes inside the secure facility, and everyone leaves. But during what was apparently a check on the system on Tuesday night -- the day before the ceremony planned for 1300 PST (2100 UTC) Wednesday -- IANA staff discovered that they couldn't open one of the two safes. One of the locking mechanisms wouldn't retract and so the safe stayed stubbornly shut. As soon as they discovered the problem, everyone involved, including those who had flown in for the occasion, were told that the ceremony was being postponed. Thanks to the complexity of the problem -- a jammed safe with critical and sensitive equipment inside -- they were told it wasn't going to be possible to hold the ceremony on the back-up date of Thursday, either. dns keys locks safes

Microsoft Patch Tuesday, February 2020 Edition

Krebs on Security

Microsoft today released updates to plug nearly 100 security holes in various versions of its Windows operating system and related software, including a zero-day vulnerability in Internet Explorer (IE) that is actively being exploited.

APT Groups Planting Backdoors: Report

Data Breach Today

Researchers Say Groups With Apparent Ties to Iran Exploiting VPN Vulnerabilities Since August, security researchers have warned that attackers are targeting unpatched VPN servers with known vulnerabilities.

Coronavirus Raises New Business Continuity, Phishing Challenges for InfoSec

Dark Reading

What happens when understaffed security teams at home and abroad are sequestered in physical quarantine zones

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

SweynTooth Bluetooth flaws affect devices from major system-on-a-chip (SoC) vendors

Security Affairs

Security experts have discovered multiple flaws, dubbed SweynTooth, in the Bluetooth Low Energy (BLE) implementations of major system-on-a-chip (SoC) vendors.

A US Data Protection Agency

Schneier on Security

The United States is one of the few democracies without some formal data protection agency, and we need one. Senator Gillibrand just proposed creating one. dataprotection nationalsecuritypolicy

96

Signal Is Finally Bringing Its Secure Messaging to the Masses

WIRED Threat Level

The encryption app is putting a $50 million infusion from WhatsApp cofounder Brian Acton to good use, building out features to help it go mainstream. Security Security / Security News

US Has Evidence of Huawei Backdoor: Report

Data Breach Today

Chinese Firm Denies Allegations That It Can Access Networks As the U.S. ramps up pressure on its allies to ban equipment from Chinese manufacturer Huawei from their 5G networks, U.S.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Firmware Weaknesses Can Turn Computer Subsystems into Trojans

Dark Reading

Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants

US officials claim Huawei Equipment has secret backdoor for spying

Security Affairs

Huawei can secretly tap into communications through the networking equipment, states a U.S. official , while White House urge allies to ban the Chinese giant. This week The Wall Street Journal reported that U.S.

Crypto AG Was Owned by the CIA

Schneier on Security

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II.

The 'Robo Revenge' App Makes It Easy to Sue Robocallers

WIRED Threat Level

Mac malware, a Bitcoin mixer, and more of the week's top security news. Security Security / Security News

IT 83

Services Provider to Government Left Database Exposed: Report

Data Breach Today

Researcher Says Exposed Granicus Database Could Have Made Websites Vulnerable One of the largest IT services providers for U.S.