Sat.Dec 22, 2018 - Fri.Dec 28, 2018

It’s Not Facebook’s Fault: Our Shadow Internet Constitution

John Battelle's Searchblog

Those of us fortunate enough to have lived through the birth of the web have a habit of stewing in our own nostalgia. We’ll recall some cool site from ten or more years back, then think to ourselves (or sometimes out loud on Twitter ): “Well damn, things were way better back then.”

IT 101

The Rise of Self-Concealing Steganography

Data Breach Today

Tool Hides Virtual Volumes But Leaves Linux Looking 'Bit-for-Bit' Normal Digital steganography is the practice of hiding information in plain sight, especially inside other data or images.

GUEST ESSAY: The case for engaging in ‘threat hunting’ — and how to do it effectively

The Last Watchdog

Modern cyber threats often are not obvious – in fact it is common for them to lurk inside a business’ systems for a long time without anyone noticing. This is referred to as ‘dwell time’, and a recent report from the Ponemon Institute indicates that the average dwell time is 191 days. Related podcast: The re-emergence of SIEMs. In an ideal world there would no dwell time at all, and threats would be identified before they can penetrate business’ defenses.

How To 144

Serial Swatter and Stalker Mir Islam Arrested for Allegedly Dumping Body in River

Krebs on Security

Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

Security Affairs

Since November, a new ransomware called JungleSec has been infecting servers through unsecured IPMI (Intelligent Platform Management Interface) cards.

Web Portals: More Breaches Illustrate the Vulnerabilities

Data Breach Today

Credit Card Information Exposed in Latest Portal Incident Web portals designed to provide convenient service to consumers can pose substantial security risks, as numerous breaches in recent years have clearly illustrated. What steps can be taken to reduce those risks

Risk 192

More Trending

Massive Ad Fraud Scheme Relied on BGP Hijacking

Schneier on Security

This is a really interesting story of an ad fraud scheme that relied on hijacking the Border Gateway Protocol: Members of 3ve (pronounced "eve") used their large reservoir of trusted IP addresses to conceal a fraud that otherwise would have been easy for advertisers to detect.

Tools 108

Cisco ASA is affacted by a privilege escalation flaw. Patch it now!

Security Affairs

Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. .

Data Breach Leaks 1,000 North Korean Defectors' Details

Data Breach Today

South Korean Resettlement Agency Breach Traces to Malware-Laden Email Personal information for 1,000 North Korean defectors, including their names and addresses, has been stolen via a malware attack, officials in South Korea warn.

Retail in 2019 needs security precautions

Thales eSecurity

As the retail industry follows suit with today’s digital transformation, customer expectations are at an all-time high. Retailers are looking to address these demands with interconnected experiences to give customers more personalized and immediate experiences both in-stores and online.

Retail 107

MD5 and SHA-1 Still Used in 2018

Schneier on Security

Groups 101

Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Security Affairs

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor.

Ron Ross of NIST on Protecting Critical Infrastructure

Data Breach Today

Sizing Up the Threats and Reviewing the Mitigation Effort In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology

180
180

Weekly Update 119

Troy Hunt

I'm home! And it's a nice hot Christmas! And I've got a new car! And that's where the discussion kinda started heading south this week.

Human Rights by Design

Schneier on Security

Good essay: " Advancing Human-Rights-By-Design In The Dual-Use Technology Industry ," by Jonathon Penney, Sarah McKune, Lex Gill, and Ronald J. Deibert: But businesses can do far more than these basic measures.

A new Shamoon 3 sample uploaded to VirusTotal from France

Security Affairs

A new sample of Shamoon 3 was uploaded on December 23 to the VirusTotal platform from France, it is signed with a Baidu certificate. A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France.

Report: Trump Weighs Executive Order Banning Huawei, ZTE

Data Breach Today

Move Would Prohibit All US Use of Chinese Manufacturers' Telecommunications Gear President Donald Trump is reportedly continuing to weigh an executive order that would ban all U.S. organizations from using telecommunications hardware built by China's Huawei and ZTE.

QR Codes: The future with no security shake up

Thales eSecurity

( Originally posted on Cards International). To reach its tipping point, cashless payment technology has come on a long way since the first magnetic stripe card almost 50 years ago. The development of chip and PIN addressed concerns over security, before the emergence of contactless catered to consumer demands for greater convenience. Today, a new stage in the evolution of payments is growing in popularity.

How China Helped Make the Internet Less Free in 2018

WIRED Threat Level

Tech companies, democratic governments, and civil society need to work together to fight back against growing surveillance and censorship online. Security

Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Security Affairs

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. The campaign targeted organizations in the US and the UK, the attackers have been abusing Google Cloud Storage to deliver payload.

Cloud 102

Hacked Mt. Gox Bitcoin Exchange Chief Maintains Innocence

Data Breach Today

Prosecutors in Japan Seek 10-Year Embezzlement Sentence for Mark Karpeles Mark Karpeles, the former head of hacked Tokyo-based bitcoin exchange Mt. Gox, has continued to maintain his innocence during the closing arguments in an embezzlement trial against him, Japanese local media report.

173
173

Toxic Data: How 'Deepfakes' Threaten Cybersecurity

Dark Reading

The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did

Video 106

We’re all Just Starting to Realize the Power of Personal Data

WIRED Threat Level

This year revealed consumers have a lot more to learn about what happens to their information online. Security

Data 74

Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Security Affairs

Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not.

Feds Disrupt Top Stresser/Booter Services

Data Breach Today

DDoS-as-a-Service Providers Targeted by Arrests and Takedowns Fifteen of the world's biggest "stresser/booter" services, designed to enable users to launch DDoS attacks against sites on demand, have been shut down, and three men who allegedly ran such services have been charged

174
174

Digitalizing your content - How do you change employee behavior?

AIIM

You have led the pack in creating a digital transformation strategy but how do you get your employees to engage and help your organization realize its goals? Embracing new technology is not the major challenge – human behavior is a significant factor in the success or failure of such projects.

Does Your Business Depend on Stronger Election Security?

Adam Levin

This midterm election , a steady flow of headlines and heated controversy focused not on political leanings or flipping seats (at least directly), but rather on the security and integrity of the voting process itself.

Personal details of roughly 1000 North Korean defectors leaked in hacking case.

Security Affairs

Personal details of roughly 1,000 North Korean defectors living in South Korea have been leaked in a hacking case. Personal details of nearly 1,000 North Korean defectors were leaked as a result of a cyber attack exposing them to severe threats from Pyongyang.

Looking Ahead to 2019: Breaches, Regulations and More

Data Breach Today

A Summary of the Best Predictions for Next Year What's ahead for the cybersecurity landscape in 2019? We've received many lists of predictions from vendors and analysts for next year, and we've picked out five of the most interesting ones

5 trends that will impact digital transformation initiatives

Information Management Resources

As businesses continue to embrace innovation, the following five trends should remain top of mind for organizations looking to continue to drive their digital transformation initiatives in 2019. Hardware and software Data strategy Internet of things Data storage

Glitter Bomb against Package Thieves

Schneier on Security

Stealing packages from unattended porches is a rapidly rising crime, as more of us order more things by mail. One person hid a glitter bomb and a video recorder in a package, posting the results when thieves opened the box. At least, that's what might have happened.

Video 66

Thousands of BevMo customers impacted in payment card breach

Security Affairs

BevMo, the wine and liquor store, is warning customers of payment card breach and reported the incident to the authorities.

Monitoring the Dark Web for Fraud Trends

Data Breach Today

Jaclyn Blumenfeld of First Data on the Latest Developments What can be learned about evolving fraud trends by monitoring activity on the dark web? Jaclyn Blumenfeld of First Data provides insights on the latest developments

Trends 159

6 key areas that will separate the AI leaders from laggards

Information Management Resources

Here are the areas companies need to focus on in 2019 to be ahead of the competition when it comes to AI, according to the consulting firm PwC. Artificial intelligence Machine learning PriceWaterhouseCoopers

IT 95