Sat.Sep 29, 2018 - Fri.Oct 05, 2018

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams.

China planted tiny chips on US computers for cyber espionage

Security Affairs

China used tiny chips implanted on computer equipment manufactured for US companies and government agencies to steal secret information.

How to Preserve Your Old Documents While Growing Digitally

AIIM

Taking care of your old documents is a complicated process. On one hand, you need to keep them stored away so that they don’t obstruct your daily work and clutter up the workspace.

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times.

IT 231

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising.

More Trending

North Korean Hackers Tied to $100 Million in SWIFT Fraud

Data Breach Today

FireEye Traces APT38 Attacks; US-CERT Issues ATM Cash-Out Malware Attack Alert A gang of North Korean government hackers, known as APT38, has stolen more than $100 million from banks in Asia and Africa via fraudulent SWIFT transfers, cybersecurity firm FireEye warns. Separately, the U.S.

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Krebs on Security

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it.

Chinese Supply Chain Hardware Attack

Schneier on Security

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I've written ( alternate link ) this threat more generally. Supply-chain security is an insurmountably hard problem.

The importance of knowing ‘where’ in digital forensic analysis

OpenText Information Management

With so many devices, file systems, operating systems, user artifacts, application artifacts, and more, keeping-up with relevant knowledge is a real struggle.

Facebook Submits GDPR Breach Notification to Irish Watchdog

Data Breach Today

Report Into 50 Million Breached Accounts Is Incomplete, Privacy Watchdog Warns To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed.

GDPR 215

6 ways your organisation can suffer a data breach

IT Governance

When you think of data breaches, you may well picture hackers infecting an organisation’s systems and stealing files. But that’s only one of six common ways a data breach can occur.

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. Short summary: they like them.)

The Facebook Hack Is an Internet-Wide Failure

WIRED Threat Level

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse. Security

Report: Chinese Spy Chip Backdoored US Defense, Tech Firms

Data Breach Today

If Accurate, Bloomberg Report Would Mark a New Era of Mass Hardware Compromise Did the Chinese government pull off one of the most secretive hardware hacks of all time?

iPhone Hack Allows Access to Contacts, Photos

Adam Levin

Apple’s iOS 12 update includes a workaround that can allow a hacker to access a device’s photos and contacts without having the passcode to unlock it. It does not, however, allow unauthorized users full access to the device, and executing the workaround isn’t exactly an easy thing to do.

Conspiracy Theories Around the "Presidential Alert"

Schneier on Security

Noted conspiracy theorist John McAfee tweeted : The "Presidential alerts": they are capable of accessing the E911 chip in your phones - giving them full access to your location, microphone, camera and every function of your phone.

How Russian Spies Infiltrated Hotel Wi-Fi to Hack Their Victims Up Close

WIRED Threat Level

A new indictment details how Russian agents camped outside hotels when remote hacking efforts weren't enough. Security

Bupa Fined $228,000 After Stolen Data Surfaces on Dark Web

Data Breach Today

Health Insurer Slammed by Regulator for Failing to Detect Bulk Theft of Records The U.K.'s s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web.

Tips and advice for staying safe in the digital world

IT Governance

With an ever-increasing diversity of digital threats, it is important to understand the risks of going online. Graham Day, author of October’s book of the month, Security in the Digital World , says, “Attackers are slowly discovering all the ways that devices can be used to attack others.

Tips 82

The Effects of GDPR's 72-Hour Notification Rule

Schneier on Security

The EU's GDPR regulation requires companies to report a breach within 72 hours. Alex Stamos, former Facebook CISO now at Stanford University, points out how this can be a problem: Interesting impact of the GDPR 72-hour deadline: companies announcing breaches before investigations are complete.

GDPR 104

Don’t Let Data Overwhelm You

AIIM

Are you finding yourself overwhelmed by the amount of data you have to manage? While it's great to stay up with the latest technology, digital transformation can sometimes leave people feeling like there was a document "explosion" in their department. Not to worry, we're here to help.

Facebook Breach: Single Sign-On of Doom

Data Breach Today

Victims Need 'Single Sign-Off' in This Age of Hyper-Connected Services and Apps While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps

Access 200

Weekly Podcast: Russian cyber crimes, Facebook breach and Tory conference app

IT Governance

This week, we discuss Russian cyber crime, the Facebook breach affecting 90 million users and the Conservative Party’s conference app breach. Hello and welcome to the IT Governance podcast for Friday, 5 October. Here are this week’s stories.

Sophisticated Voice Phishing Scams

Schneier on Security

Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. I second his advice: "never give out any information about yourself in response to an unsolicited phone call." Always call them back, and not using the number offered to you by the caller. Always.

Cybersecurity Awareness Month Blog Series: Leading the cybersecurity jobs of the future

Thales Data Security

Some might say the month of October is the official kickoff to the Holiday Season. There is one holiday this month which we are particularly passionate about (and it’s not Halloween).

Feds Indict 7 Russians for Hacking and Disinformation

Data Breach Today

Russian Military Intelligence Team Allegedly Conducted Close-Access Operations The U.S.

Will you survive a data breach?

IT Governance

In the last year alone, almost half of UK businesses suffered a cyber security breach. And that’s just the tip of the iceberg. From Butlins to British Airways, recent headlines have been dominated by high-profile digital disasters. With the?advent

Detecting Credit Card Skimmers

Schneier on Security

Interesting research paper: " Fear the Reaper: Characterization and Fast Detection of Card Skimmers ": Abstract: Payment card fraud results in billions of dollars in losses annually.

Paper 100

Malware Has a New Way to Hide on Your Mac

WIRED Threat Level

By only checking a file's code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely. Security

IT 78

Tesco Bank Hit With £16 Million Fine Over Debit Card Fraud

Data Breach Today

UK's Financial Conduct Authority Slams Bank for Series of Avoidable Errors Tesco Bank has been hit with a £16.4 million ($21.3 million) fine by the U.K.'s s Financial Conduct Authority for failing to prevent and more rapidly block thousands of fraudulent transactions that drained £2.3

195
195

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Security Affairs

The FBI Internet Crime Complaint Center (IC3) warns of cyber attacks exploiting Remote Desktop Protocol (RDP) vulnerabilities. Remote Desktop Protocol (RDP) is a widely adopted protocol for remote administration, but it could dramatically enlarge the attack surface if it isn’t properly managed.

Terahertz Millimeter-Wave Scanners

Schneier on Security

Interesting article on terahertz millimeter-wave scanners and their uses to detect terrorist bombers. The heart of the device is a block of electronics about the size of a 1990s tower personal computer. It comes housed in a musician's black case, akin to the one Spinal Tap might use on tour.

The Apollo Breach Included Billions of Data Points

WIRED Threat Level

Sales intelligence firm Apollo left a "staggering amount" of exposed online, including 125 million email addresses and nine billion data points. Security

Sales 75