March, 2019

article thumbnail

GUEST ESSAY: Why there’s no such thing as anonymity it this digital age

The Last Watchdog

Unless you decide to go Henry David Thoreau and shun civilization altogether, you can’t — and won’t — stop generating data , which sooner or later can be traced back to you. Related: The Facebook factor. A few weeks back I interviewed a white hat hacker. After the interview, I told him that his examples gave me paranoia. He laughed and responded, “There’s no such thing as anonymous data; it all depends on how determined the other party is.”.

Metadata 230
article thumbnail

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

Passwords 253
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

'Operation ShadowHammer' Shows Weakness of Supply Chains

Data Breach Today

Report: Poor Asus Security Allowed Its PCs to be Infected with Backdoors A sophisticated attack campaign dubbed "Operation ShadowHammer" involved an advanced persistent threat group planting backdoors within Asus computers by subverting the Taiwan-based PC maker's third-party supply chain and updater software, Kaspersky Lab warns.

Security 205
article thumbnail

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Experts at Proofpoint conducted an interesting study of massive attacks against accounts of major cloud services, The experts noticed that attackers leverage legacy protocols and credential dumps to increase the e

Phishing 111
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

How to Get and Set Up a Free Windows VM for Malware Analysis

Lenny Zeltser

If you’d like to start experimenting with malware analysis in your own lab, here’s how to download and set up a free Windows virtual machine: Step 1: Install Virtualization Software Step 2: Get a Windows Virtual Machine Step 3: Update the VM and Install Malware Analysis Tools Step 4: Isolate the Analysis VM and Disable Windows Defender AV Step 5: Analyze Some Malware.

More Trending

article thumbnail

MY TAKE: Why DDoS weapons will proliferate with the expansion of IoT and the coming of 5G

The Last Watchdog

A couple of high-profile distributed denial-of-service (DDoS) attacks will surely go down in history as watershed events – each for different reasons. Related: IoT botnets now available for economical DDoS blasts. In March 2013, several impossibly massive waves of nuisance requests – peaking as high as 300 gigabytes per second— swamped Spamhaus , knocking the anti-spam organization off line for extended periods.

IoT 263
article thumbnail

MyEquifax.com Bypasses Credit Freeze PIN

Krebs on Security

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal , it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Passwords 260
article thumbnail

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users. The campaign was first discovered in February after owners of D-Link network storage enclosures reported that their devices were being crypto-locked.

article thumbnail

Experts found a critical vulnerability in the NSA Ghidra tool

Security Affairs

A security expert has discovered a vulnerability in the NSA Ghidra platform that could be exploited to execute code remotely. A security expert who goes online with the handle of sghctoma has discovered a vulnerability in Ghidra platform recently released by the US NSA, the issue could be exploited to execute code remotely. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux).

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

10 Movies All Security Pros Should Watch

Dark Reading

Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.

Security 109
article thumbnail

Infographic: List of data breaches in 2018

IT Governance

2018 saw some of the biggest data breaches yet , with Marriott, Under Armour and Facebook suffering breaches that affected 500 million, 150 million and 100 million people respectively. It was also the year of the GDPR (General Data Protection Regulation) , which changed the way organisations handle customers’ personal data and introduced hefty fines for non-compliance.

article thumbnail

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core. In fact, memory attacks have quietly emerged as a powerful and versatile new class of hacking technique that threat actors in the vanguard are utilizing to subvert conventional IT s

article thumbnail

A Month After 2 Million Customer Cards Sold Online, Buca di Beppo Parent Admits Breach

Krebs on Security

On Feb. 21, 2019, KrebsOnSecurity contacted Italian restaurant chain Buca di Beppo after discovering strong evidence that two million credit and debit card numbers belonging to the company’s customers were being sold in the cybercrime underground. Today, Buca’s parent firm announced it had remediated a 10-month breach of its payment systems at dozens of restaurants, including some locations of its other brands such as Earl of Sandwich and Planet Hollywood.

Sales 240
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Citrix Hacked by Password-Spraying Attackers, FBI Warns

Data Breach Today

Cyber-Espionage Campaign Appears Separate to Recent Credential-Stuffing Breach Citrix Systems is investigating a suspected hack attack, resulting in the theft of business documents, after being tipped off by the FBI. The breach alert follows Citrix recently disclosing that in late 2018, hackers breached some of its customers' accounts via credential-stuffing attacks.

Passwords 263
article thumbnail

Google Chrome Zero-Day Vulnerability CVE-2019-5786 actively exploited in the wild

Security Affairs

A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day flaw in Chrome could be exploited by a remote attacker to execute arbitrary code and take full control of the target computer.

Libraries 111
article thumbnail

NSA-Inspired Vulnerability Found in Huawei Laptops

Schneier on Security

This is an interesting story of a serious vulnerability in a Huawei driver that Microsoft found. The vulnerability is similar in style to the NSA's DOUBLEPULSAR that was leaked by the Shadow Brokers -- believed to be the Russian government -- and it's obvious that this attack copied that technique. What is less clear is whether the vulnerability -- which has been fixed -- was put into the Huwei driver accidentally or on purpose.

article thumbnail

Jamf Connect now integrates with Google’s G Suite and Cloud Identity

Jamf

The integration with Google Cloud allows IT admins to easily set up and manage local educator and student Mac accounts, while also requiring users to authenticate with their G Suite credentials. Read more.

Cloud 106
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Bridging the gap between AWS Lambda and other clouds: TriggerMesh

DXC Technology

If you want to do serverless computing today chances are you’re using Amazon Web Services (AWS) Lambda. Which is fine if you’re wedded to AWS, but if you’d rather use another cloud or run a hybrid cloud, AWS-specific Lambda may not be ideal. Enter TriggerMesh Knative Lambda Sources (KLASS), which offers a way to bridge […].

Cloud 105
article thumbnail

Five use cases for digital twins in manufacturing

OpenText Information Management

The digital twin is one of the fastest growing applications of Industrial IoT technology. It creates a complete digital replica of a physical object and uses the twin as the main point of digital communication. Today, almost a half of organizations using IoT say they already have or are planning to adopt digital twins. Without … The post Five use cases for digital twins in manufacturing appeared first on OpenText Blogs.

article thumbnail

Ransomware Attack Costs Norsk Hydro $40 Million - So Far

Data Breach Today

Norwegian Aluminum Maker Still Fighting LockerGoga Ransomware Attack Norsk Hydro reports that a March 18 ransomware attack has already cost the aluminum manufacturer more than $40 million, and the company continues to bring its systems back online.

article thumbnail

Pwn2Own 2019 Day 3: Experts hacked Tesla 3 browser

Security Affairs

Pwn2Own 2019 Day 3 – Experts earned $35,000 and a Tesla Model 3 after hacking the vehicle’s web browser. Pwn2Own 2019 Day 3 – Hackers focused their efforts on car hacking, two teams participated in the competitions but only one of them reached the goal. The security experts Amat Cama and Richard Zhu of team Fluoroacetate, earned $35,000 for their exploit, along with the Tesla they hacked.

Security 109
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

A guide to the GDPR’s EU representative requirements

IT Governance

You might have heard increased chatter recently about the need for an EU representative under the GDPR (General Data Protection Regulation). This rule applies to any organisation outside the EU that monitors the behaviour of, or provides goods or services to, EU residents. The representative will be a point of contact for data subjects and supervisory authorities concerning data protection queries.

GDPR 103
article thumbnail

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition. I asked whether the company would ever support publishers across the “rest of the web” – perhaps through an advertising system competitive with Google’s AdSense.

Privacy 103
article thumbnail

Revealed: Facebook’s global lobbying against data privacy laws

The Guardian Data Protection

Social network targeted legislators around the world, promising or threatening to withhold investment Facebook has targeted politicians around the world – including the former chancellor, George Osborne – promising investments and incentives while seeking to pressure them into lobbying on Facebook’s behalf against data privacy legislation, an explosive new leak of internal Facebook documents has revealed.

article thumbnail

Improving the Public Comment Process for Records Schedules

National Archives Records Express

We are changing the process for public review and comment of proposed records schedules to one using the Federal eRulemaking Portal, [link]. We posted a Federal Register notice detailing this change in process today. Currently, we publish notice in the Federal Register of agency records schedules open for comment. People who wish to review and comment on the schedules must request copies of the actual documents, submit comments, and receive responses via mail or email.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Report: Facebook Stored Millions of Passwords in Plaintext

Data Breach Today

Facebook Under Fresh Scrutiny Over How It Stored User Passwords Facebook has corrected an internal security issue that allowed the company to store millions of user passwords in plaintext that were then available to employees through an internal search tool.

Passwords 261
article thumbnail

Severe RCE vulnerability affected popular StackStorm Automation Software

Security Affairs

The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm. According to the expert, the flaw could be exploited by a remote attacker to trick developers into executing arbitrary commands on targeted services. StackStorm has been used to automate workflows in many industries, it allows developers to configure actions, workflows, and scheduled tasks, to perform some operations on large-scale ser

article thumbnail

Take your GDPR project to the next level with our compliance packages

IT Governance

For many organisations, last year’s GDPR (General Data Protection Regulation) compliance deadline was a whirlwind of privacy policy updates, data protection training courses and hours spent online researching exactly what a ‘controller’ and ‘processor’ are. In the nine months since, you’ve hopefully been able to grips with your compliance requirements.

GDPR 101