July, 2018

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico.

UK to Establish Court for Cybercrime in London

Data Breach Today

The Facility Will Also Handle Economic Crime And Fraud Cases The U.K. has approved a plan to build a cutting-edge court complex in London designed to handle cybercrime, fraud and economic crime. The facility is expected to be a growth driver for the country's legal industry, despite the U.K.'s

4 Basic Principles to Help Keep Hackers Out

Dark Reading

The most effective hackers keep things simple, something organizations must take into account

67

Cryptojacking Displaces Ransomware as Top Malware Threat

Data Breach Today

Criminals' Quest for Cryptocurrency Continues If 2017 was the year of ransomware innovation, 2018 is well on its way to being known as the year of cryptocurrency mining malware. Numerous studies have found that the most seen malware attacks today are designed for cryptojacking.

Tokenization: Ready for Prime Time

Thales Data Security

The digital transformation has changed how the world does business. It has created whole new enterprises and industries, but it has also left many organizations vulnerable to new and destructive threats.

UK government cracks down on cyber security

IT Governance

To improve cyber risk governance among public-sector departments and their suppliers, the UK government has issued a series of minimum cyber security standards that will be incorporated into the Government Functional Standard for Security.

LifeLock Bug Exposed Millions of Customer Email Addresses

Krebs on Security

Identity theft protection firm LifeLock — a company that’s built a name for itself based on the promise of helping consumers protect their identities online — may have actually exposed customers to additional attacks from ID thieves and phishers.

More Trending

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.

California's New Privacy Law: It's Almost GDPR in the US

Data Breach Today

But Tech Giants are Taking Aim at the Law, Which Can Be Amended Until 2020 California's legislature has quickly introduced and passed new privacy legislation, making the state's laws the strongest in the U.S.

Warm words for the UK's intelligence privacy practices from the UN

Data Protector

I t’s not often that the UK is praised for the manner in which its intelligence agencies adopt appropriate data protection standards. So let's give due acknowledgement to Joe Cannataci, the UN’s Special Rapporteur on the right to privacy, who has recently used some very warm words to comment on these privacy practices.

On Leaving the Bay Area

John Battelle's Searchblog

I first moved to the Bay area in 1983. I graduated from high school, spent my summer as an exchange student/day laborer in England (long story), then began studies at Berkeley, where I had a Navy scholarship (another long story). 35 years ago.

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Krebs on Security

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.

Here's Why Your Static Website Needs HTTPS

Troy Hunt

Demo 114

How ‘digital transformation’ gave birth to a new breed of criminal: ‘machine-identity thieves’

The Last Watchdog

There’s a new breed of identity thief at work plundering consumers and companies. However, these fraudsters don’t really care about snatching up your credentials or mine. By now, your personal information and mine has been hacked multiple times and is readily on sale in the Dark Web. This has long been true of the vast majority of Americans. Related article: 7 hacks signaling a coming global cyber war. The identities most sought after by cyber criminals today are those associated with machines.

Bank Hackers Exploit Outdated Router to Steal $1 Million

Data Breach Today

Groups 210

A Landmark Legal Shift Opens Pandora’s Box for DIY Guns

WIRED Threat Level

Cody Wilson makes digital files that let anyone 3-D print untraceable guns. The government tried to stop him. He sued—and won. Backchannel Security

List of data breaches and cyber attacks in July 2018 – 139,731,894 million records leaked

IT Governance

Another month passes where I’m left thinking ‘I should really create a Healthcare category’. So, from next month – I’ll be doing exactly that. There were some incredibly sensitive breaches this month, the majority of which were caused by human error.

State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Krebs on Security

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned.

Tips for your corporate file move: Seize the opportunity to improve

TAB OnRecord

A move is a great time to make changes to your records management program and a chance to improve the way your records are stored and handled. If you have had a big project in mind, now is the time, just follow these simple steps! Read More.

Tips 98

MY TAKE: Here’s why identities are the true firewalls, especially as digital transformation unfolds

The Last Watchdog

Was it really that long ago that company networks were comprised of a straightforward cluster of servers, data bases, applications and user devices corralled largely on premises? Related article: Taking a ‘zero-trust’ approach to authentication. In today’s digitally transformed environment, companies must monitor and defend systems housed on-premises and in overlapping public and private clouds.

Trump's DNC 'Server' Conspiracy Rebutted

Data Breach Today

President Continues to Dismiss Russian Hacking Attribution, Backs Putin's Denials Asked in a press conference if he would denounce Russia for interfering in U.S. elections, President Trump responded with a conspiracy theory about a missing DNC server.

Identifying People by Metadata

Schneier on Security

Interesting research: " You are your Metadata: Identification and Obfuscation of Social Media Users using Metadata Information ," by Beatrice Perez, Mirco Musolesi, and Gianluca Stringhini.

CCTV and the GDPR – an overview for small businesses

IT Governance

As of 25 May 2018, organisations that use CCTV to capture images of individuals are processing personal data as defined by the GDPR (General Data Protection Regulation) and must comply with the Regulation’s requirements.

GDPR 92

‘LuminosityLink RAT’ Author Pleads Guilty

Krebs on Security

Tools 179

How Cloudflare Uses Lava Lamps to Guard Against Hackers

WIRED Threat Level

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet. Security

GUEST ESSAY: Theft of MQ-9 Reaper docs highlights need to better protect ‘high-value assets’

The Last Watchdog

The discovery of sensitive U.S. military information for sale on the Dark Web for a nominal sum, in and of itself, is unfortunate and unremarkable. However, details of the underlying hack , ferreted out and shared by researchers of the Insikt Group, an arm of the security research firm Recorded Future, are most welcomed. They help frame wider questions, and pave the way for improved best practices.

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

The Tragedy of the Data Commons

John Battelle's Searchblog

Before, and after? A theme of my writing over the past ten or so years has been the role of data in society. I tend to frame that role anthropologically: How have we adapted to this new element in our society?

Data 85

Researchers show how to manipulate road navigation systems with low-cost devices

Security Affairs

Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers and manipulate road navigation systems. Researchers have developed a tool that poses as GPS satellites to deceive nearby GPS receivers.

Paper 82

Notorious ‘Hijack Factory’ Shunned from Web

Krebs on Security

Apple's China-Friendly Censorship Caused an iPhone-Crashing Bug

WIRED Threat Level

The bug serves as a reminder of China-friendly censorship code hidden in all iOS devices. Security

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

The Last Watchdog

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021. Related article: SIEMs strive for a comeback. Costanzo.

The Need to Look Beyond Endpoint Security

Data Breach Today

Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent.

Reasonably Clever Extortion E-mail Based on Password Theft

Schneier on Security

Imagine you've gotten your hands on a file of e-mail addresses and passwords. You want to monetize it, but the site it's for isn't very valuable. How do you use it? You convince the owners of the password to send you money. I recently saw a spam e-mail that ties the password to a porn site.

Director of National Intelligence warns of devastating cyber threat to US infrastructure

Security Affairs

The Director of the National Intelligence Dan Coats warned last week of a devastating cyber threat to US infrastructure, he said that “warning lights are blinking red again.”.

ExxonMobil Bungles Rewards Card Debut

Krebs on Security

Energy giant ExxonMobil recently sent snail mail letters to its Plenti rewards card members stating that the points program was being replaced with a new one called Exxon Mobil Rewards+.

Facebook Gave Russian Internet Giant Special Data Extension

WIRED Threat Level

also ran hundreds of apps on Facebook at a time when the platform’s policies allowed app developers to collect their users' friends' data. Security

Data 87