Sat.Oct 27, 2018 - Fri.Nov 02, 2018

85 Millions of voter records available for sale ahead of the 2018 US Midterm Elections

Security Affairs

Ahead of the 2018 US midterm elections , sellers are flooding the cybercrime underground markets with data from voter databases. Experts at cybersecurity company Carbon Black found tens of different state voter databases available for sale on the dark web.

Sales 104

SMS Phishing + Cardless ATM = Profit

Krebs on Security

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

The Last Watchdog

Tel Aviv, Israel-based Silverfort continues to make inroads into proving the efficacy of its innovative approach to multi-factor authentication, or MFA, in corporate settings. Related: Why a ‘zero-trust’ approach to security is necessary.

Mirai Co-Author Gets House Arrest, $8.6 Million Fine

Data Breach Today

Paras Jha Launched DDoS Attacks Against Rutgers, Ran Click-Fraud Botnets One of the co-authors of the devastating Mirai botnet malware has been sentenced to home incarceration and community service, and ordered to pay $8.6

232
232

0x20k of Ghost Squad Hackers Releases ODay Exploit Targeting Apache Hadoop

Security Affairs

0x20k of Ghost Squad Hackers has released the full source code of the 0day exploit used to targeting Apache Hadoop and build the FICORA Botnet.

Equifax Has Chosen Experian. Wait, What?

Krebs on Security

More Trending

Crypto-Locking Kraken Ransomware Looms Larger

Data Breach Today

Ransomware-as-a-Service Operation Joins Forces With Fallout Exploit Kit A slick ransomware-as-a-service operation called Kraken Cryptor has begun leveraging the Fallout exploit kit to help it score fresh victims, researchers from McAfee and Recorded Future warn.

Iran hit by a more aggressive and sophisticated Stuxnet version

Security Affairs

Iran’s strategic network was hit by a new destructive and sophisticated version of the Stuxnet cyber weapon, the Hadashot TV reports.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month.

Cell Phone Security and Heads of State

Schneier on Security

Earlier this week, the New York Times reported that the Russians and the Chinese were eavesdropping on President Donald Trump's personal cell phone and using the information gleaned to better influence his behavior. This should surprise no one.

US Again Indicts Chinese Intel Agents Over Hacking

Data Breach Today

Scheme Sought to Steal Data on Turbofan Engines, Saving on Development Costs The Justice Department says two Chinese intelligence officers and eight others were indicted for stealing trade secrets that are intended to help the country shortcut technology research.

Data 221

A few hours after Apple released iOS 12.1, a researcher presented a Passcode Bypass issue

Security Affairs

A few hours after Apple released iOS 12.1 the iPhone bug hunter Jose Rodriguez has found a new passcode bypass issue that could be exploited to see all contacts’ private information on a locked iPhone.

List of data breaches and cyber attacks in October 2018 – 44,701,278 records leaked

IT Governance

Rather than posting the usual long list of data breaches and cyber attacks, I’ve decided to go down a new route. These monthly blogs will now look at three lesser-known stories in detail, as well as give a total number for all records exposed in the month.

Buying Used Voting Machines on eBay

Schneier on Security

This is not surprising : This year, I bought two more machines to see if security had improved.

Health Data Breach Tally: Analyzing the Latest Trends

Data Breach Today

Sorting Out What Kinds of Incidents Are Most Common This Year What kinds of health data breaches have been most common so far in 2018? An analysis of the official HHS breach tally reveals the latest trends, and security experts offer an analysis

Trends 206

CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks

Security Affairs

Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD).

3 cyber security tips every employee should know

IT Governance

Worried that you or someone in your organisation will be responsible for a data breach? Then take a look at these three basic tips for staying secure. Cyber security can feel overwhelming.

Tips 102

More on the Supermicro Spying Story

Schneier on Security

I've blogged twice about the Bloomberg story that China bugged Supermicro networking equipment destined to the US. We still don't know if the story is true, although I am increasingly skeptical because of the lack of corroborating evidence to emerge.

Blog 112

Canada's Mandatory Breach Notification Rules Now in Effect

Data Breach Today

Organizations Must Comply With Data Breach Reporting Requirements or Face Fines Private sector organizations in Canada must now report all serious data breaches to the country's privacy watchdog as part of revised rules to Canada's PIPEDA privacy law.

Cyber attack exposes sensitive data about a nuclear power plant in France

Security Affairs

A cyber attack on a French firm Ingerop allowed attackers to access confidential documents related to nuclear power plant plans in France.

3 cyber security tips every employee should know

IT Governance

Worried that you or someone in your organisation will be responsible for a data breach? Then take a look at these three basic tips for staying secure. Cyber security can feel overwhelming.

Tips 102

Was There a New Stuxnet-like Attack in Iran?

Adam Levin

The Israeli evening news Hadashot reported that Iran “is again facing a [Stuxnet-like] attack, from a more violent, more advanced and more sophisticated virus than before.” According to sketchy reports, the attack hit infrastructure and strategic networks.

IT 101

Radisson Suffers Global Loyalty Program Data Breach

Data Breach Today

Hotel Giant Has Yet to Disclose Total Number of Affected Victims Radisson Hotel Group has suffered a data breach that resulted in the theft of data for its global loyalty program members. The company, which operates 1,400 hotels, says the breach touched data for "less than 10 percent" of all Radisson Rewards members, but it hasn't released a victim count

A few dollars to bring down sites with new Bushido-based DDoS-for-hire service

Security Affairs

Security researchers at FortiGuard Labs have discovered a new DDoS-for-hire service called “ 0x-booter” built with leaked code that implements an easy to use interface.

Ransomware, Leakware, Scareware… Oh My!

Thales eSecurity

The unexplained and seemingly paranormal are actually a year-round phenomenon in IT Security. This year has been no exception. The shrieks and screams coming from CISOs and their staffs over malware has led to zombie-like stares.

Chinese Government Agents Charged with Hacking, IP Theft

Adam Levin

The U.S. Justice Department announced charges against ten Chinese intelligence agents for hacking into computer systems belonging to U.S. and international companies to steal aerospace technology and data.

Sextortion Scam Wields Stolen Passwords, Demands Bitcoins

Data Breach Today

Attackers Send a Leaked Password as 'Proof' Victim Was Hacked Scammers behind an ongoing "sextortion" campaign have been emailing a legitimate password - likely from a publicly leaked list - to victims with a threat to release a compromising video of the recipient unless they pay up in bitcoins, Barracuda Networks warns

The Radisson Hotel Group has suffered a data breach

Security Affairs

The hotel chain Radisson Hotel Group suffered a security breach that exposed personal information of the members of its loyalty scheme.

Groups 105

How to Punish Cybercriminals

Schneier on Security

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

The United States has experienced the most cybersecurity breaches in the world and the Equifax Breach was one of the first to be considered a “mega breach.”. The headlines immediately attempted to lay the blame, in large part, on the fact that Equifax’s chief information security officer was a music major and did not have a background in technology. Equifax was not special in this regard. Related: How social media is used to spread malware, influence elections.

The Business Case for Better 'Cyber Hygiene'

Data Breach Today

The author of the Mirai botnet gets six months of house arrest

Security Affairs

Paras Jha (22), the author of the Mirai botnet has been sentenced to six months of house arrest and ordered to pay $8.6 million in compensation for DDoS attacks against the systems of Rutgers University.

3 reasons cyber security training is essential

IT Governance

Organisations are always looking for ways to improve their cyber security defences, but they often overlook the value of enrolling their employees on cyber security training courses. Here are three reasons to consider it: Reduce the risk of data breaches.

Essential Reading: The 2018 Gartner Magic Quadrant for Content Services Platforms

OpenText Information Management

Each year, the highly respected analysts at Gartner publish their assessment of the content management sector—the Gartner Magic Quadrant for Content Services Platforms. It’s highly recommended reading for everyone involved in the ECM/Content Services space.