Sat.Jan 19, 2019 - Fri.Jan 25, 2019

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents.

How Cybercriminals Clean Their Dirty Money

Dark Reading

By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning

108
108

GUEST POST: Six tangible ways ‘SOAR’ can help narrow the cybersecurity skills gap

The Last Watchdog

The cybersecurity talent shortage is here to stay. With an estimated 1.5-2 million unfulfilled cybersecurity positions, organizations are coming to terms with the fact that no amount of creative hiring initiatives will rid them of the need of figuring out how to protect their organizations despite being short staffed. Related: Addressing the cyber skills gap. This does not mean the creative staffing solutions do not serve their purpose.

Tools 116

FBI Agents Say Shutdown is Damaging Cyber Investigations

Data Breach Today

Funding Holdups for Subpoenas and Confidential Sources are Interrupting Probes FBI agents say the government shutdown is impeding their investigations, including cybersecurity probes, with the lack of funding compromising their ability to pay confidential informants, and obtain warrants or subpoena

Bomb Threat, Sextortion Spammers Abused Weakness at GoDaddy.com

Krebs on Security

Microsoft Exchange zero-day and exploit could allow anyone to be an admin

Security Affairs

The security expert Dirk- jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code.

More Trending

France Hits Google with $57 Million GDPR Fine

Data Breach Today

Record Privacy Fine Sends Strong Signal to Data-Processing Technology Companies France has hit Google with a 50 million euro ($57 million) fine for violating the EU's General Data Protection Regulation.

GDPR 228

Three Charged for Working With Serial Swatter

Krebs on Security

The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address.

Video 188

A flaw in MySQL could allow rogue servers to steal files from clients

Security Affairs

A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS).

70,000 affected in B&Q data breach

IT Governance

Home improvement retailer B&Q has suffered a data breach affecting 70,000 of its… well, not customers, exactly. The breached database contained a list of people who had been caught stealing products from B&Q stores.

Police Arrest €10 Million IOTA Cryptocurrency Theft Suspect

Data Breach Today

Scheme Offered 'Free' Website for Generating Cryptocurrency Wallet Seeds Police in England have arrested a 36-year-old man as part of an investigation into the theft of at least €10 ($11.3

206
206

Hacking the GCHQ Backdoor

Schneier on Security

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems.

Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

Security Affairs

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device.

Trojans and Spyware Are Making a Comeback

Adam Levin

Trojan horse-based malware attacks and spyware rose sharply in 2018 as ransomware-based attacks declined, according to a new report published by Malwarebytes.

Cisco Studies Global Impact of GDPR

Data Breach Today

Cisco is out with findings from its 2019 Data Privacy Benchmark Study, which shows the impact of GDPR compliance as well as how customers are asking more questions about how their data is secured. Cisco Chief Privacy Officer Michelle Dennedy analyzes the survey

Study 202

Clever Smartphone Malware Concealment Technique

Schneier on Security

This is clever : Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks.

PHP PEAR official site hacked, tainted package manager distributed for 6 months

Security Affairs

PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months.

Blog 110

One Man’s Obsessive Fight to Reclaim His Cambridge Analytica Data

WIRED Threat Level

David Carroll has been locked in a legal war to force the infamous company to turn over its files on him. He’s won a battle, but the struggle continues. Backchannel Security

IT 104

DHS Issues More Urgent Warning on DNS Hijacking

Data Breach Today

Government Agencies Should Audit DNS Settings Within 10 Days The U.S. Department of Homeland Security says executive branch agencies are being targeted by attacks aimed at modifying Domain Name System records, which are critical for locating websites and services.

The Evolution of Darknets

Schneier on Security

Sales 103

Expert shares PoC exploit code for remote iOS 12 jailbreak On iPhone X

Security Affairs

Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X.

Video 109

Google fined £44 million in landmark GDPR ruling

IT Governance

Google has been fined €50 million (about £44 million) by CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). .

GDPR 104

Life Under GDPR: Sizing Up the Long-Term Costs

Data Breach Today

GDPR has been in effect since May 2018, but organizations are still waiting to see what impact it will have on the costs organizations might face from breach cleanup, investigations, sanctions and class action lawsuits, says Ian Thornton-Trump of the financial services firm AMTrust International

Hacking Construction Cranes

Schneier on Security

Construction cranes are vulnerable to hacking: In our research and vulnerability discoveries, we found that weaknesses in the controllers can be (easily) taken advantage of to move full-sized machines such as cranes used in construction sites and factories.

Critical flaw in Linux APT package manager could allow remote hack

Security Affairs

Expert discovered a remote code execution vulnerability in the APT package manager used by several Linux distributions, including Debian and Ubuntu.

Video 109

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

This is an edited version of a series of talks I first gave in New York over the past week, outlining my work at Columbia. Many thanks to Reinvent, Pete Leyden, Cap Gemini, Columbia University, Cossette/Vision7, and the New York Times for hosting and helping me. Prelude.

Report: Federal Trade Commission Weighs Facebook Fine

Data Breach Today

Facebook Probed by FTC Over Failures that Enabled Cambridge Analytica Scandal The U.S.

IT 166

Securing data in the hybrid cloud

Thales Data Security

IDG’s 2018 Cloud Computing Study tells us: Seventy-three percent of organizations have at least one application, or a portion of their computing infrastructure already in the cloud – 17% plan to do so within the next 12 months.

Cloud 90

Hacker threatened a family using a Nest Camera to broadcast a fake missile attack alert

Security Affairs

Nest recommended the owners of its security cameras to use enhanced authentication to avoid being hacked as happened with a family living in the US. Over the weekend, a family living in California was terrified with a hoax nuclear missile attack. .

What is an ISMS and 8 reasons why you should implement one

IT Governance

An ISMS (information security management system) is a centrally managed framework for keeping an organisation’s information secure. It contains a set of policies, procedures and controls for protecting the confidentiality, integrity and availability of information.

Deal to Reopen U.S. Government Approved

Data Breach Today

President Trump Signs Measure to Fund Government for Three Weeks President Donald Trump late Friday signed a short-term funding bill to temporarily end the 35-day federal government partial shutdown. The bill does not include money for a border wall

Weekly Update 123

Troy Hunt

So it's been a bit of a crazy week. I got onto the plane in Australia on Thursday evening just as Europe was waking up to the news of the 773M email address credential stuffing list I loaded into HIBP. And then the flood began; blog comments, emails, tweets - it was an absolute deluge.

New Russian Language Malspam is delivering Redaman Banking Malware

Security Affairs

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware.

The PCI SSC’s new software security standards – what you need to know

IT Governance