Sat.Nov 03, 2018 - Fri.Nov 09, 2018

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed.

GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

The Last Watchdog

Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge.

Access 144

Ransomware Keeps Ringing in Profits for Cybercrime Rings

Data Breach Today

SamSam, Dharma, GandCrab and Global Imposter Make for Ongoing Bitcoin Paydays Criminals wielding crypto-locking ransomware - especially Dharma/CrySiS, GandCrab and Global Imposter, but also SamSam - continue to attack.

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S.

Experts detailed how China Telecom used BGP hijacking to redirect traffic worldwide

Security Affairs

Security researchers revealed in a recent paper that over the past years, China Telecom used BGP hijacking to misdirect Internet traffic through China. Security researchers Chris C.

Paper 110

Here's Why [Insert Thing Here] Is Not a Password Killer

Troy Hunt

These days, I get a lot of messages from people on security related things. Often it's related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture.

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

More Trending

Search is Becoming Everything, And Vice Versa

Weissman's World

I’ve just come out of a series of discussions on the issue of records preservation, and one of my take-aways is how similar at least one current approach to the issue is to what we nominally call “search.” And the more I think about it, the more I wonder whether search is on its way […].

Groups 156

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

HSBC Bank Alerts US Customers to Data Breach

Data Breach Today

Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry."

Who’s In Your Online Shopping Cart?

Krebs on Security

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye.

Data from ‘almost all’ Pakistani banks stolen, Pakistani debit card details surface on the dark web

Security Affairs

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach.

Sales 99

iOS 12.1 Vulnerability

Schneier on Security

This is really just to point out that computer security is really hard : Almost as soon as Apple released iOS 12.1

Bankers Life Hack Affects More Than 566,000

Data Breach Today

Company Says Medicare Supplemental Plan Policyholders Among Those Impacted Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident.

Bug Bounty Hunter Ran ISP Doxing Service

Krebs on Security

A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.

Sales 184

Crooks offered for sale private messages for 81k Facebook accounts

Security Affairs

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts. Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.

Sales 100

FIFA Hacked Again

Adam Levin

The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017.

Georgia Patches Voter Website, But Hacking Accusation Stands

Data Breach Today

Disclosure Flow Suggests Georgia's Secretary of State's Office May Have Erred Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information.

IT 203

The Pentagon is Publishing Foreign Nation-State Malware

Schneier on Security

Kraken ransomware 2.0 is available through the RaaS model

Security Affairs

The author of the infamous Kraken ransomware has released a new version of the malicious code and launched a RaaS distribution program on the Dark Web.

Make sure you trust your third-party vendor

Thales Data Security

Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common? They each suffered a data breach at the hands of a third-party vendor.

Pakistan: Banks Weren't Hacked, But Card Details Leaked

Data Breach Today

Card Details From 22 Banks Appeared On Underground Market Pakistan says the nation's banks have not been hacked, but are taking defensive steps after nearly 20,000 payment card details appeared for sale online.

Sales 198

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

Shellbot Botnet Targets IoT devices and Linux servers

Security Affairs

Security experts at Trend Micro have spotted an IRC bot dubbed Shellbot that was built using Perl Shellbot. The malware was distributed by a threat group called Outlaw, it was able to target Linux and Android devices, and also Windows systems.

IoT 98

How to Control What Websites Can Do on Your Computer

WIRED Threat Level

If you're not careful, websites can grab all kinds of permissions you don't realize or intend. Take back control in your browser. Security

FDA Reacts to Critique of Medical Device Security Strategy

Data Breach Today

Watchdog Agency Cited Deficiencies, But Agency Says Many Have Already Been Addressed The FDA's procedures for handling cybersecurity concerns in medical devices once they are on the market are deficient, according to a new federal watchdog agency report.

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

XSS flaw in Evernote allows attackers to execute commands and steal files

Security Affairs

Security expert discovered a stored XSS flaw in the Evernote app for Windows that could be exploited to steal files and execute arbitrary commands.

It's End of Life for ASafaWeb

Troy Hunt

A lot has changed in the Microsoft technology world in the last 7 years since I launched ASafaWeb in September 2011. Windows XP is no longer the dominant operating system ( Win 7 actually caught up the month I launched ASafaWeb ).

IT 84

Symantec Buys Javelin Networks and Appthority

Data Breach Today

Separately, Thoma Bravo Moves to Acquire Veracode Software From Broadcom Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority.

Your 3-step checklist for creating a business continuity plan

IT Governance

When you begin your BCP (business continuity plan) project, it’s a good idea to produce a checklist of tasks. This helps you stay on top of your progress during what will almost certainly be a long process.

Risk 84

SamSam ransomware continues to make damages. Call it targeted Ransomware

Security Affairs

According to the Symantec experts, the group behind the SamSam ransomware has continued to launch attacks against organizations during 2018.

Privacy and Security of Data at Universities

Schneier on Security

Smart Cities Challenge: Real-Time Risk Management

Data Breach Today

Risk 174

Your 3-step checklist for creating a business continuity plan

IT Governance

When you begin your BCP (business continuity plan) project, it’s a good idea to produce a checklist of tasks. This helps you stay on top of your progress during what will almost certainly be a long process.

Risk 84

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data.

Cryptojacking: Hackers Mining Bitcoin on Your Dime!

InfoGoTo

When cryptojacking, criminal hackers use enterprise computers to mine cryptocurrencies like bitcoin without the organization’s knowledge or consent, escaping the upfront costs of buying computers or computer processing power for the job. Meanwhile, the organization suffers productivity loss and infections of hardware and software. Affected organizations lose some of their return on investment in the electricity running those machines, too.