Sat.Feb 09, 2019 - Fri.Feb 15, 2019

Blockchain and Trust

Schneier on Security

In his 2008 white paper that first proposed bitcoin , the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain , the system behind bitcoin cryptocurrency.

Malicious PDF Analysis

Security Affairs

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?”

How to Create a Dream Team for the New Age of Cybersecurity

Dark Reading

When each member of your security team is focused on one narrow slice of the pie, it's easy for adversaries to enter through the cracks. Here are five ways to stop them

Email Provider VFEmail Suffers ‘Catastrophic’ Hack

Krebs on Security

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States.

With Doctored Photos, Thieves Try to Steal Bitcoin

Data Breach Today

Deep Fakes' May Eventually Complicate Identity Verification Cryptocurrency exchanges are seeing fraudsters submit doctored photos in an attempt to reset two-step verification on accounts.

235
235

Docker runc flaw opens the door to a ‘Doomsday scenario’

Security Affairs

Security experts found a serious flaw tracked CVE-2019-5736 affecting runc , the default container runtime for Docker, containerd , Podman, and CRI-O.

Cloud 114

More Trending

Bomb Threat Hoaxer Exposed by Hacked Gaming Site

Krebs on Security

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits.

Report: Facebook Faces Multibillion Dollar US Privacy Fine

Data Breach Today

FTC and Social Network Are Negotiating Record Penalty, Washington Post Reports The Federal Trade Commission is reportedly negotiating a settlement with Facebook that includes a multibillion dollar fine for its privacy failures.

620 million accounts stolen from 16 hacked websites available for sale on the dark web

Security Affairs

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web. The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web.

Sales 110

The Queen of the Skies and Innovation

Adam Shostack

The Seattle Times has a story today about how “ 50 years ago today, the first 747 took off and changed aviation.” ” It’s true. The 747 was a marvel of engineering and luxury. The book by Joe Sutter is a great story of engineering leadership.

Patch Tuesday, February 2019 Edition

Krebs on Security

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system.

Tips 168

Japan's Credit Card Fraud Debacle

Data Breach Today

Fraudsters Received 20 Percent Cashback for Fraudulent Purchases A convergence of events in December in Japan led to an unprecedented spike in card-not-present fraud. New statistics from a dark web monitoring firm explains how a promotion by PayPay, a third-party payments service, slid sideways

Cryptojacking Coinhive Miners for the first time found on the Microsoft Store

Security Affairs

Symantec discovered eight potentially unwanted applications (PUAs) into the Microsoft Store that were dropping cryptojacking Coinhive miners.

Mining 104

Phishing Campaign Hits Credit Unions

Adam Levin

A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers.

Cyberinsurance and Acts of War

Schneier on Security

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing.

Risk 88

Major Flaw in Runc Poses Mass Container Takeover Risk

Data Breach Today

Attackers Could 'Break Out' via Runc Flaw to Compromise All Containers on Host Red Hat, Amazon and Google have issued fixes for a serious container vulnerability.

Risk 215

Ubuntu snapd flaw allows getting root access to the system.

Security Affairs

Expert discovered a privilege escalation vulnerability in default installations of Ubuntu Linux that resides in the snapd API.

Access 105

Blockchain is Real, But Still Not for Everybody

Weissman's World

I have conversations every day with people who believe either (a) blockchain is just another overhyped new technology being foisted upon us by unscrupulous vendors, or (b) it’s the solution to all their problems. Neither of these, of course, is correct. As written and discussed before in this space (and plenty of ‘elsewheres,’ too), blockchain […]. The post Blockchain is Real, But Still Not for Everybody appeared first on Holly Group. Blockchain infogov records

USB Cable with Embedded Wi-Fi Controller

Schneier on Security

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer. implants sidechannelattacks usb wifi

IT 87

No-Deal Brexit Threatens British Crime-Fighting

Data Breach Today

Police Say Data-Sharing Alternatives 'Will Not Be As Efficient Or Effective' British police say they're doing their best to cope with the possibility that the U.K. will crash out of the EU in 45 days and lose access to joint policing resources.

Tools 208

Bank of Valletta shut down its operations after a cyber attack

Security Affairs

Bank of Valletta, the largest bank of Malta was hit by a cyber attack, attackers attempted to steal 13 million euros ($14.7 million).

IT 104

Digital Transformation Examples: How Data Is Transforming the Hospitality Industry

erwin

The rate at which organizations have adopted data-driven strategies means there are a wealth of digital transformation examples for organizations to draw from.

Truth or DAR? (Or the Truth about DAR Security)

Thales eSecurity

It’s Valentine’s Day. Chocolates. Romantic dinners. Little conversation hearts with affectionate messages. A special gift for someone special. Or if we flash back to high school, maybe even, a game of Truth or Dare. But in the data-security world, we might play “Truth or DAR,” as in data at rest.

US Air Force Veteran Charged in Iran Hacking Scheme

Data Breach Today

Monica Witt Allegedly Aided Spear-Phishing Attacks Against US Military A former U.S. Air Force counterintelligence agent was indicted for disclosing classified information and helping Iran compromise the computers of other U.S. intelligence agents.

New Linux coin miner kills competing malware to maximize profits

Security Affairs

Security experts from Trend Micro have discovered a new strain of coin miner that targets the Linux platform and installs the XMR-Stak Cryptonight cryptocurrency miner.

Don’t Get Your Valentine an Internet-Connected Sex Toy

WIRED Threat Level

Mozilla expands its “Privacy Not Included” gift guide to the bedroom: It’s all sexy fun and games until someone hacks a WiFi-enabled butt plug. Security

MY TAKE: What it takes to beat cybercrime in the age of DX and IoT: personal responsibility

The Last Watchdog

Back in 2004, when I co-wrote this USA TODAY cover story about spam -spreading botnets, I recall advising my editor to expect cybersecurity to be a headline-grabbing topic for a year or two more, tops. Related: A primer on machine-identity exposures. I was wrong. Each year over the past decade-and-a-half, a cause-and-effect pattern has spread more pervasively into the fabric of modern society.

IoT 113

Roses are Red, Romance Scammers Make You Blue

Data Breach Today

Don't Fall for Fraudsters or You'll Be Poor and Brokenhearted Too This Valentine's Day, authorities are once again warning individuals to watch out for anyone perpetrating romance scams. The FTC says Americans lost $143 million to romance scams in 2017 while in the U.K.,

194
194

Experts found a way to create a super-malware implanted in SGX-enclaves

Security Affairs

Researchers devised a new technique to hide malware in the security Intel SGX enclaves, making it impossible to detect by several security technologies. Security researchers devised a new technique to hide malware in the security Intel SGX enclaves.

Trump Declared an Emergency Based on Data That Doesn’t Exist

WIRED Threat Level

As he declared a national emergency Friday, President Trump repeatedly dismissed statistics and reports produced by his own government. Security

The Who, What and Why of Micro Focus

Micro Focus

Over the past decade, through a combination of organic growth and M&A, Micro Focus has grown precipitously. Today, the company has thousands of employees in 43 countries worldwide, and is one of the largest pure-play enterprise software companies in the world. Yet, despite this size and growth, and likely because the company is headquartered in. View Article. Corporate DevOps Digital Transformation Hybrid IT IT Security predictive analytics

US Intensifies Pressure on Allies to Avoid Huawei, ZTE

Data Breach Today

Secretary of State Pompeo Tours Europe to Discuss Countering China, Russia The Trump administration is leading a broadside against Chinese telecommunications giants Huawei and ZTE.

189
189

A mysterious code prevents QNAP NAS devices to be updated

Security Affairs

Users of QNAP NAS devices are reporting through QNAP forum discussions of mysterious code that adds some entries that prevent software update.

Risk 102

MY TAKE: Can Project Furnace solve DX dilemma by combining serverless computing and GitOps?

The Last Watchdog

Assuring the privacy and security of sensitive data, and then actually monetizing that data, — ethically and efficiently — has turned out to be the defining challenge of digital transformation. Today a very interesting effort to address this complex dilemma is arising from the ferment, out of the UK. It’s called Project Furnace , an all-new open source software development platform.