Sat.Sep 29, 2018 - Fri.Oct 05, 2018

Voice Phishing Scams Are Getting More Clever

Krebs on Security

Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams.

China planted tiny chips on US computers for cyber espionage

Security Affairs

China used tiny chips implanted on computer equipment manufactured for US companies and government agencies to steal secret information.

How to Preserve Your Old Documents While Growing Digitally

AIIM

Taking care of your old documents is a complicated process. On one hand, you need to keep them stored away so that they don’t obstruct your daily work and clutter up the workspace.

FDA Reveals Steps to Bolster Medical Device Cybersecurity

Data Breach Today

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Krebs on Security

A ridiculous number of companies are exposing some or all of their proprietary and customer data by putting it in the cloud without any kind of authentication needed to read, alter or destroy it.

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

Schneier on Security

From Kashmir Hill : Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising.

FBI IC3 warns of cyber attacks exploiting Remote Desktop Protocol (RDP)

Security Affairs

The FBI Internet Crime Complaint Center (IC3) warns of cyber attacks exploiting Remote Desktop Protocol (RDP) vulnerabilities. Remote Desktop Protocol (RDP) is a widely adopted protocol for remote administration, but it could dramatically enlarge the attack surface if it isn’t properly managed.

More Trending

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times.

IT 212

Chinese Supply Chain Hardware Attack

Schneier on Security

Bloomberg is reporting about a Chinese espionage operating involving inserting a tiny chip into computer products made in China. I've written ( alternate link ) this threat more generally. Supply-chain security is an insurmountably hard problem.

Z-LAB Report – Analyzing the GandCrab v5 ransomware

Security Affairs

Experts at the Cybaze Z-Lab have analyzed the latest iteration of the infamous GandCrab ransomware, version 5.0. Malware researchers at Cybaze ZLab analyzed the latest version of the infamous GandCrab ransomware, version 5.0.

Facebook Submits GDPR Breach Notification to Irish Watchdog

Data Breach Today

Report Into 50 Million Breached Accounts Is Incomplete, Privacy Watchdog Warns To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed.

GDPR 221

Document Automation: Having Your Cake…

AIIM

Having your cake and eating it, too, is a proverb that’s almost 500 years old, which means you cannot have two incompatible things at the same time. So many examples of situations exist where you face two mutually exclusive options. Let’s take document capture.

Conspiracy Theories Around the "Presidential Alert"

Schneier on Security

Noted conspiracy theorist John McAfee tweeted : The "Presidential alerts": they are capable of accessing the E911 chip in your phones - giving them full access to your location, microphone, camera and every function of your phone.

Estonia sues Gemalto for 152M euros over flaws in citizen ID cards issued by the company

Security Affairs

Estonian sues Gemalto for 152 million euros following the security flaws in the citizen ID cards issued by the company that caused their recall in 2017.

Report: Chinese Spy Chip Backdoored US Defense, Tech Firms

Data Breach Today

If Accurate, Bloomberg Report Would Mark a New Era of Mass Hardware Compromise Did the Chinese government pull off one of the most secretive hardware hacks of all time?

The Facebook Hack Is an Internet-Wide Failure

WIRED Threat Level

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse. Security

More on the Five Eyes Statement on Encryption and Backdoors

Schneier on Security

Earlier this month, I wrote about a statement by the Five Eyes countries about encryption and back doors. Short summary: they like them.)

DHS issued an alert on attacks aimed at Managed Service Providers

Security Affairs

The United States Department of Homeland Security (DHS) is warning of ongoing activity from an advanced persistent threat (APT) actor targeting global managed service providers (MSPs).

Bupa Fined $228,000 After Stolen Data Surfaces on Dark Web

Data Breach Today

Health Insurer Slammed by Regulator for Failing to Detect Bulk Theft of Records The U.K.'s s data protection regulator has fined Bupa Insurance Services £175,000 ($228,000) for failing to stop an employee from stealing 547,000 customer records, which were later offered for sale on the dark web.

How Russian Spies Infiltrated Hotel Wi-Fi to Hack Their Victims Up Close

WIRED Threat Level

A new indictment details how Russian agents camped outside hotels when remote hacking efforts weren't enough. Security

The Effects of GDPR's 72-Hour Notification Rule

Schneier on Security

The EU's GDPR regulation requires companies to report a breach within 72 hours. Alex Stamos, former Facebook CISO now at Stanford University, points out how this can be a problem: Interesting impact of the GDPR 72-hour deadline: companies announcing breaches before investigations are complete.

GDPR 101

Telegram CVE-2018-17780 flaw causes the leak of IP addresses when initiating calls

Security Affairs

CVE-2018-17780 – Security researcher Dhiraj Mishra discovered that Telegram default configuration would expose a user’s IP address when making a call. Strangely tdesktop 1.3.14 and Telegram for windows (3.3.0.0 leaks end-user private and public IP address while making calls.

Feds Indict 7 Russians for Hacking and Disinformation

Data Breach Today

Russian Military Intelligence Team Allegedly Conducted Close-Access Operations The U.S.

Weekly Podcast: Russian cyber crimes, Facebook breach and Tory conference app

IT Governance

This week, we discuss Russian cyber crime, the Facebook breach affecting 90 million users and the Conservative Party’s conference app breach. Hello and welcome to the IT Governance podcast for Friday, 5 October. Here are this week’s stories.

Sophisticated Voice Phishing Scams

Schneier on Security

Brian Krebs is reporting on some new and sophisticated phishing scams over the telephone. I second his advice: "never give out any information about yourself in response to an unsolicited phone call." Always call them back, and not using the number offered to you by the caller. Always.

Hidden Cobra APT used the new ATM cash-out scheme FASTCash to hit banks worldwide

Security Affairs

A joint technical alert from the DHS, the FBI, and the Treasury warning about a new ATM cash-out scheme, dubbed “FASTCash,” used by Hidden Cobra APT.

Retail 100

Facebook Breach: Single Sign-On of Doom

Data Breach Today

Victims Need 'Single Sign-Off' in This Age of Hyper-Connected Services and Apps While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps

Access 201

6 ways your organisation can suffer a data breach

IT Governance

When you think of data breaches, you may well picture hackers infecting an organisation’s systems and stealing files. But that’s only one of six common ways a data breach can occur.

Detecting Credit Card Skimmers

Schneier on Security

Interesting research paper: " Fear the Reaper: Characterization and Fast Detection of Card Skimmers ": Abstract: Payment card fraud results in billions of dollars in losses annually.

Paper 92

APT38 is behind financially motivated attacks carried out by North Korea

Security Affairs

Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide.

Tesco Bank Hit With £16 Million Fine Over Debit Card Fraud

Data Breach Today

UK's Financial Conduct Authority Slams Bank for Series of Avoidable Errors Tesco Bank has been hit with a £16.4 million ($21.3 million) fine by the U.K.'s s Financial Conduct Authority for failing to prevent and more rapidly block thousands of fraudulent transactions that drained £2.3

201

Tips and advice for staying safe in the digital world

IT Governance

With an ever-increasing diversity of digital threats, it is important to understand the risks of going online. Graham Day, author of October’s book of the month, Security in the Digital World , says, “Attackers are slowly discovering all the ways that devices can be used to attack others.

Tips 86

New Pluralsight Course: Adapting to the New Normal: Embracing a Security Culture of Continual Change

Troy Hunt

I take more pleasure than I probably should in watching the bewilderment within organisations as the technology landscape rapidly changes and rushes ahead of them. Perhaps "pleasure" isn't the right word, is it more "amusement"? Or even "curiosity"?

Sales intel firm Apollo data breach exposed more than 200 million contact records

Security Affairs

The sales intelligence firm Apollo is the last victim of a massive data breach that exposed more than 200 million contact records.

Responding to Ransomware Attacks: Critical Elements

Data Breach Today

Experts Provide Tips for Smoother Recoveries A Canadian home healthcare provider says it was able to recover from a recent ransomware attack without paying a ransom, but it had to revert to manual processes for several days.

Will you survive a data breach?

IT Governance

In the last year alone, almost half of UK businesses suffered a cyber security breach. And that’s just the tip of the iceberg. From Butlins to British Airways, recent headlines have been dominated by high-profile digital disasters. With the?advent

Malware Has a New Way to Hide on Your Mac

WIRED Threat Level

By only checking a file's code signature when you install it—and never again—macOS gives malware a chance to evade detection indefinitely. Security

IT 80