November, 2018

How Surveillance Inhibits Freedom of Expression

Schneier on Security

In my book Data and Goliath , I write about the value of privacy. I talk about how it is essential for political liberty and justice, and for commercial fairness and equality. I talk about how it increases personal freedom and individual autonomy, and how the lack of it makes us all less secure.

Groups 106

MY TAKE: Why security innovations paving the way for driverless cars will make IoT much safer

The Last Watchdog

Intelligent computing systems have been insinuating themselves into our homes and public gathering places for a while now. But smart homes, smart workplaces and smart shopping malls are just the warm-up act. Get ready for smart ground transportation. Related: Michigan’s Cyber Range hubs help narrow talent gap. Driverless autos, trucks and military transport vehicles are on a fast track for wide deployment in the next five years.

IoT 116

How to Shop Online Like a Security Pro

Krebs on Security

‘Tis the season when even those who know a thing or two about Internet scams tend to let down their guard in the face of an eye-popping discount or the stress of last-minute holiday shopping.

How To 283

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

When It Comes to PII, Santa’s Got Nothing Over Amazon

Weissman's World

Amazon this week announced new software that, as described by The Wall Street Journal, “can read patient records and other clinical notes, analyze them, and pluck out key data points.”

Groups 181

List of data breaches and cyber attacks in November 2018 – 251,286,753 records leaked

IT Governance

Last month I thought I’d try something new, so I focused on three stories rather than putting together a long list of breaches. It wasn’t a very popular approach. So the list is back. I count this month’s total of known leaked records to be 251,286,753.

More Trending

GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

The Last Watchdog

Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge.

Sales 144

USPS Site Exposed Data on 60 Million Users

Krebs on Security

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com.

Data 278

Romanian Hacker 'Guccifer' Extradited to US

Data Breach Today

253
253

Information Attacks against Democracies

Schneier on Security

Democracy is an information system. That's the starting place of our new paper: " Common-Knowledge Attacks on Democracy." In it, we look at democracy through the lens of information security, trying to understand the current waves of Internet disinformation attacks.

Groups 111

Search is Becoming Everything, And Vice Versa

Weissman's World

I’ve just come out of a series of discussions on the issue of records preservation, and one of my take-aways is how similar at least one current approach to the issue is to what we nominally call “search.” And the more I think about it, the more I wonder whether search is on its way […].

Groups 156

Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria

Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country. However, after a recent visit to Detroit, Ann Arbor and Grand Rapids as a guest of the Michigan Economic Development Corp., or MEDC, I’m prepared to rechristen Michigan the Cybersecurity Best Practices State. Related: California’s pioneering privacy law ripples through other states. This new nickname may not roll off the tongue. But it does fit like a glove.

Half of all Phishing Sites Now Have the Padlock

Krebs on Security

Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice.

Ransomware Keeps Ringing in Profits for Cybercrime Rings

Data Breach Today

SamSam, Dharma, GandCrab and Global Imposter Make for Ongoing Bitcoin Paydays Criminals wielding crypto-locking ransomware - especially Dharma/CrySiS, GandCrab and Global Imposter, but also SamSam - continue to attack.

How Cyber Essentials can help secure against malware

IT Governance

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented.

Propaganda and the Weakening of Trust in Government

Schneier on Security

On November 4, 2016, the hacker "Guccifer 2.0,: a front for Russia's military intelligence service, claimed in a blogpost that the Democrats were likely to use vulnerabilities to hack the presidential elections.

Nginx server security flaws expose more than a million of servers to DoS attacks

Security Affairs

Nginx developers released security updates to address several denial-of-service (DoS) vulnerabilities affecting the nginx web server. nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, it is used by 25.28% busiest sites in October 2018.

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies. Related: How to hire an IoT botnet — for $20. That’s the upshot of an extensive survey commissioned by global TLS, PKI and IoT security solutions leader DigiCert.

IoT 138

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S.

Two Iranians Charged in SamSam Ransomware Attacks

Data Breach Today

US Prosecutors Allege Pair Targeted More Than 200 Victims, Including Cities, Hospitals A federal grand jury has indicted two Iranians for allegedly waging SamSam ransomware attacks on more than 200 entities, including Atlanta and other municipalities and six healthcare organizations.

10 things you must do to become cyber secure

IT Governance

Preparing your organisation for cyber attacks and data breaches is complicated, and you should look for advice wherever you can get it. One of the most trusted resources is the NCSC’s (National Cyber Security Centre) ten-step guide.

Risk 102

Distributing Malware By Becoming an Admin on an Open-Source Project

Schneier on Security

The module "event-steam" was infected with malware by an anonymous someone who became an admin on the project.

Experts detailed how China Telecom used BGP hijacking to redirect traffic worldwide

Security Affairs

Security researchers revealed in a recent paper that over the past years, China Telecom used BGP hijacking to misdirect Internet traffic through China. Security researchers Chris C.

Paper 114

GUEST ESSAY: The privacy implications of facial recognition systems rising to the fore

The Last Watchdog

Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. A string of advances in biometric authentication systems has brought facial recognition systems, in particular, to the brink of wide commercial use. Related: Drivers behind facial recognition boom. Adoption of facial recognition technology is fast gaining momentum, with law enforcement and security use cases leading the way.

Marriott: Data on 500 Million Guests Stolen in 4-Year Breach

Krebs on Security

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.

Data 257

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 233

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

Data controllers and data processors are an integral part of the GDPR. This article explains what those roles involve and helps you understand if you are a controller, processor or both.

GDPR 102

FIFA Hacked Again

Adam Levin

The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017.

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs.

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations.

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

Marriott's Starwood Reservation Hack Could Affect 500 Million

Data Breach Today

Database Intrusion Dates Back to 2014 The Marriott hotel chain has announced its Starwood guest reservation database has been hacked, potentially exposing up to 500 million accounts. The unauthorized access to the database started in 2014, the company says

Access 226

3 cyber security tips every employee should know

IT Governance

Worried that you or someone in your organisation will be responsible for a data breach? Then take a look at these three basic tips for staying secure. Cyber security can feel overwhelming.

Tips 102