Trending Articles

Beware of Hurricane Florence Relief Scams

Krebs on Security

Tips 233

WhatsApp Appoints Grievance Officer for India

Data Breach Today

Security Experts Question Whether the Move Will Have a Significant Impact on Fake News WhatsApp has agreed to appoint a grievance officer for India who will handle complaints about fake news.

Credit Freezes are Free: Let the Ice Age Begin

Krebs on Security

It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history.

Tools 281

Equifax Hit With Maximum UK Privacy Fine After Mega-Breach

Data Breach Today

Multiple Failures' Cited as Watchdog Levies Maximum Possible Pre-GDPR Fine Credit bureau Equifax has been hit with the maximum possible fine under U.K.

MY TAKE: The no. 1 reason ransomware attacks persist: companies overlook ‘unstructured data’

The Last Watchdog

All too many companies lack a full appreciation of how vital it has become to proactively manage and keep secure “unstructured data.”. One reason for the enduring waves of ransomware is that unstructured data is easy for hackers to locate and simple for them to encrypt. Related video: Why it’s high time to protect unstructured data. Ironically, many victimized companies are paying hefty ransoms to decrypt unstructured data that may not be all that sensitive or mission critical.

Hackers target Port of Barcelona, maritime operations had not affected

Security Affairs

The Port of Barcelona was hit by a cyber attack, fortunately, maritime operations had not affected. On September 20, 2018 morning, the Port of Barcelona was hit by a cyber attack that forced the operators of the infrastructure to launch the procedure to respond to the emergency.

New Variants of Cold-Boot Attack

Schneier on Security

If someone has physical access to your shut-down computer, they can probably break the hard-drive's encryption. This is a "cold boot" attack, and one we thought solved.

More Trending

Q&A: Reddit breach shows use of ‘SMS 2FA’ won’t stop privileged access pillaging

The Last Watchdog

The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing. An excerpt from Reddit’s mea culpa says it all: “On June 19, we learned that between June 14 and June 18, an attacker compromised a few of our employees’ accounts with our cloud and source code hosting providers.

Access 118

Cracked Windows installations are serially infected with EternalBlue exploit code

Security Affairs

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code. The EternalBlue , is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack.

Study 105

Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer

Schneier on Security

Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process.

Mirai Botnet Authors Avoid Jail Time

Krebs on Security

Video 224

Twitter Bug Sent Direct Messages to External Developers

Data Breach Today

More Than 3 Million Users' DMs Leaked to Third Parties Twitter has fixed a bug that sometimes sent a user's direct messages not only to the specified recipient, but also to unrelated external developers.


MY TAKE: Here’s why we need ‘SecOps’ to help secure ‘Cloud Native’ companiess

The Last Watchdog

For many start-ups, DevOps has proven to be a magical formula for increasing business velocity. Speed and agility is the name of the game — especially for Software as a Service (SaaS) companies. Related: How DevOps enabled the hacking of Uber. DevOps is a process designed to foster intensive collaboration between software developers and the IT operations team, two disciplines that traditionally have functioned as isolated silos with the technology department.

Cloud 125

Ngrok Mining Botnet

Security Affairs

The Ngrok campaign is unique in terms of its overall sophistication for a Docker-based attack vector. Specifically, it demonstrates a novel, dynamic and robust operational security model and the ability to detect and attack newly deployed and misconfigured infrastructure.

AES Resulted in a $250 Billion Economic Benefit

Schneier on Security

NIST has released a new study concluding that the AES encryption standard has resulted in a $250 billion world-wide economic benefit over the past twenty years.

Study 92

Granular Security at the App Level

Thales Data Security

My last blog about Vormetric Application Encryption covered new RESTful APIs and it revealed that those APIs provide quite a bit of granular control in the use of encryption keys.

Cybercrime Markets Sell Access to Hacked Sites, Databases

Data Breach Today

Payment Card Theft, Ransomware Facilitated by Cybercrime-as-a-Service Offerings One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks.

Access 194

The Promise of Next Generation of Digital Health

Perficient Data & Analytics

By 2022, we predict 25% of healthcare consumer interactions will be digitally executed outside of a traditional care setting; while the remaining 75% will gravitate to digitally coordinate real-time health systems. Digital Health is coming of age, bringing with it new capabilities for healthcare interactions and care delivery for consumers, patients and members, and the ecosystem that supports them.

Operator of Scan4You Malware-Scanning sentenced to 14 Years in prison

Security Affairs

The Latvian expert Ruslans Bondars (37), who developed and run the counter antivirus service Scan4You has been sentenced to 14 years in prison.

New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography

Schneier on Security

Lots of people are e-mailing me about this new result on the distribution of prime numbers. While interesting, it has nothing to do with cryptography. Cryptographers aren't interested in how to find prime numbers, or even in the distribution of prime numbers.

John Deere Just Cost Farmers Their Right to Repair

WIRED Threat Level

The California Farm Bureau has given away the right of farmers to fix their equipment without going through a dealer. Security Opinion

Opioid Crisis Raises Tough Privacy Issues

Data Breach Today

What to do when you suffer a data breach

IT Governance

If you’re among the seemingly small number of organisations that hasn’t yet suffered a data breach, you should be preparing for the inevitable. You can’t count on your cyber security defences to continue repelling attacks, because even the most secure systems contain vulnerabilities.

Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows

Security Affairs

A security researcher from Trend Micro Security Research team disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows.

Pegasus Spyware Used in 45 Countries

Schneier on Security

Citizen Lab has published a new report about the Pegasus spyware. From a ZDNet article : The malware, known as Pegasus (or Trident), was created by Israeli cyber-security firm NSO Group and has been around for at least three years -- when it was first detailed in a report over the summer of 2016.

The Series 5 YubiKey Will Help Kill the Password

WIRED Threat Level

The latest batch of hardware-based tokens from Yubico will eventually let you skip the password altogether. Security

Email Systems Represent Unseen Threat in Midterm Elections

Adam Levin

Email systems used by some county election officials lack rudimentary security settings and are vulnerable to hacking, according to a recent survey conducted by the nonprofit investigative newsroom, ProPublica. Propublica’s findings include eleven offices protected by only a login and password.

Experts uncovered a new Adwind campaign aimed at Linux, Windows, and macOS systems

Security Affairs

Researchers from ReversingLabs and Cisco Talos have uncovered a new Adwind campaign that targets Linux, Windows, and macOS systems. Security experts from ReversingLabs and Cisco Talos have spotted a new Adwind campaign that targets Linux, Windows, and macOS systems.

Demo 80

Evidence for the Security of PKCS #1 Digital Signatures

Schneier on Security

This is interesting research: " On the Security of the PKCS#1 v1.5 Signature Scheme ": Abstract: The RSA PKCS#1 v1.5 signature algorithm is the most widely used digital signature scheme in practice.

Paper 72

The Impact of Artificial Intelligence and Cognitive Computing

Perficient Data & Analytics

In the realm of healthcare, artificial intelligence (AI) and cognitive computing continue to gain momentum, and they have the potential to revolutionize healthcare. In fact, Forrester predicts that 70% of enterprises are anticipated to implement AI in 2018.

Yahoo's Mega-Breaches: Altaba Moves to Settle Lawsuits

Data Breach Today

$47 Million Settlement Agreement to be Submitted to Court in Next 45 Days Lawsuits sparked by massive data breaches at Yahoo - and the company's failure to report those breaches to investors in a timely manner - could soon be resolved.

How the HTC Exodus Blockchain Phone Plans to Secure Your Cryptocurrency

WIRED Threat Level

HTC starts filling in the details of its so-called blockchain smartphone, expected to launch later this year. Security

DanaBot banking Trojan evolves and now targets European countries

Security Affairs

Security experts at ESET have recently observed a surge in activity of DanaBot banking Trojan that is now targeting Poland, Italy, Germany, Austria, and as of September 2018, Ukraine.

Public Shaming of Companies for Bad Security

Schneier on Security

Troy Hunt makes some good points , with good examples. psychologyofsecurity securityengineering securitypolicies

Multi-cloud use, regulatory compliance and information protection drive new era of encryption and key management in France

Thales Data Security

Now in its 13 th year, our Global Encryption Trends Study that is performed by the Ponemon Institute reveals interesting findings that span a dozen different geographies.

Scotland's Arran Brewery Slammed by Dharma Bip Ransomware

Data Breach Today

Ransomware Crypto-Locked via Domain Controller, Complicating Restoration Scotland's Arran Brewery fell victim to a Dharma Bip ransomware attack that infected its Windows domain controller and crypto-locked files and local backups, leading to the loss of three months' worth of sales data.

A Small Google Chrome Change Stirs a Big Privacy Controversy

WIRED Threat Level

The latest update to Google's browser has riled privacy advocates by appearing to log people in without their explicit permission. Security