Sat.Nov 03, 2018 - Fri.Nov 09, 2018

When Accounts are "Hacked" Due to Poor Passwords, Victims Must Share the Blame

Troy Hunt

It's just another day on the internet when the news is full of headlines about accounts being hacked. Yesterday was a perfect example of that with 2 separate noteworthy stories adorning my early morning Twitter feed.

GUEST ESSAY: Did you know these 5 types of digital services are getting rich off your private data?

The Last Watchdog

Now more than ever before, “big data” is a term that is widely used by businesses and consumers alike. Consumers have begun to better understand how their data is being used, but many fail to realize the hidden privacy pitfalls in every day technology. Related: Europe tightens privacy rules. From smart phones, to smart TVs, location services, and speech capabilities, often times user data is stored without your knowledge.

Sales 144

Ransomware Keeps Ringing in Profits for Cybercrime Rings

Data Breach Today

SamSam, Dharma, GandCrab and Global Imposter Make for Ongoing Bitcoin Paydays Criminals wielding crypto-locking ransomware - especially Dharma/CrySiS, GandCrab and Global Imposter, but also SamSam - continue to attack.

U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service

Krebs on Security

A year ago, KrebsOnSecurity warned that “Informed Delivery,” a new offering from the U.S.

Experts detailed how China Telecom used BGP hijacking to redirect traffic worldwide

Security Affairs

Security researchers revealed in a recent paper that over the past years, China Telecom used BGP hijacking to misdirect Internet traffic through China. Security researchers Chris C.

Paper 114

iOS 12.1 Vulnerability

Schneier on Security

This is really just to point out that computer security is really hard : Almost as soon as Apple released iOS 12.1

Access 113

More Trending

Busting SIM Swappers and SIM Swap Myths

Krebs on Security

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force , a team of law enforcement officers and prosecutors based in Santa Clara, Calif.

Data from ‘almost all’ Pakistani banks stolen, Pakistani debit card details surface on the dark web

Security Affairs

According to the head of the Federal Investigation Agency’s (FIA) cybercrime wing.almost all Pakistani banks were affected by a recent security breach.

Sales 112

Security of Solid-State-Drive Encryption

Schneier on Security

Interesting research: " Self-encrypting deception: weaknesses in the encryption of solid state drives (SSDs) ": Abstract: We have analyzed the hardware full-disk encryption of several SSDs by reverse engineering their firmware.

HSBC Bank Alerts US Customers to Data Breach

Data Breach Today

Unauthorized Entry' to Some Accounts Exposes Account Details and Statements HSBC bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry."

Who’s In Your Online Shopping Cart?

Krebs on Security

Crooks who hack online merchants to steal payment card data are constantly coming up with crafty ways to hide their malicious code on Web sites. In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye.

Crooks offered for sale private messages for 81k Facebook accounts

Security Affairs

Cybercriminals offered for sale private messages from at least 81,000 Facebook accounts claiming of being in possession of data from 120 million accounts. Crooks are offering for sale Criminals are selling the private messages of 81,000 hacked Facebook accounts for 10 cents per account.

Sales 112

The Pentagon is Publishing Foreign Nation-State Malware

Schneier on Security

Georgia Patches Voter Website, But Hacking Accusation Stands

Data Breach Today

Disclosure Flow Suggests Georgia's Secretary of State's Office May Have Erred Georgia quietly fixed two flaws in its voter registration website that could have exposed personal information.

IT 194

Bug Bounty Hunter Ran ISP Doxing Service

Krebs on Security

A Connecticut man who’s earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their Web sites secretly operated a service that leveraged these same flaws to sell their customers’ personal data, KrebsOnSecurity has learned.

Sales 193

Kraken ransomware 2.0 is available through the RaaS model

Security Affairs

The author of the infamous Kraken ransomware has released a new version of the malicious code and launched a RaaS distribution program on the Dark Web.

Here's Why [Insert Thing Here] Is Not a Password Killer

Troy Hunt

These days, I get a lot of messages from people on security related things. Often it's related to data breaches or sloppy behaviour on behalf of some online service playing fast and loose with HTTPS or passwords or some other easily observable security posture.

Bankers Life Hack Affects More Than 566,000

Data Breach Today

Company Says Medicare Supplemental Plan Policyholders Among Those Impacted Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident.

Search is Becoming Everything, And Vice Versa

Weissman's World

I’ve just come out of a series of discussions on the issue of records preservation, and one of my take-aways is how similar at least one current approach to the issue is to what we nominally call “search.” And the more I think about it, the more I wonder whether search is on its way […].

Groups 156

Flaws in several self-encrypting SSDs allows attackers to decrypt data they contain

Security Affairs

The encryption system implemented by popular solid-state drives (SSDs) is affected by critical vulnerabilities that could be exploited by a local attacker to decrypt data.

Privacy and Security of Data at Universities

Schneier on Security

Pakistan: Banks Weren't Hacked, But Card Details Leaked

Data Breach Today

Card Details From 22 Banks Appeared On Underground Market Pakistan says the nation's banks have not been hacked, but are taking defensive steps after nearly 20,000 payment card details appeared for sale online.

Sales 187

FIFA Hacked Again

Adam Levin

The international soccer league FIFA announced it had been hacked earlier this year and is bracing itself for a potential data breach. This latest cyber incident marks the second major successful hack on the organization, the first reported in 2017.

Shellbot Botnet Targets IoT devices and Linux servers

Security Affairs

Security experts at Trend Micro have spotted an IRC bot dubbed Shellbot that was built using Perl Shellbot. The malware was distributed by a threat group called Outlaw, it was able to target Linux and Android devices, and also Windows systems.

IoT 109

Troy Hunt on Passwords

Schneier on Security

Troy Hunt has a good essay about why passwords are here to stay, despite all their security problems: This is why passwords aren't going anywhere in the foreseeable future and why [insert thing here] isn't going to kill them.

FDA Reacts to Critique of Medical Device Security Strategy

Data Breach Today

Watchdog Agency Cited Deficiencies, But Agency Says Many Have Already Been Addressed The FDA's procedures for handling cybersecurity concerns in medical devices once they are on the market are deficient, according to a new federal watchdog agency report.

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

Researcher discloses VirtualBox Zero-Day without reporting it to Oracle

Security Affairs

Security expert disclosed the details of a zero-day flaw affecting Oracle’s VirtualBox virtualization software without waiting for a patch from Oracle.

IT 109

How the General Data Protection Regulation (GDPR) Helps Improve RIM Policies and Processes

InfoGoTo

A good incentive to update and strengthen your organization’s records and information management (RIM) policies is the looming threat of fines upwards of 20 million euros, courtesy of the European Union’s General Data Protection Regulation (GDPR) , which became effective on May 25, 2018.

GDPR 91

Symantec Buys Javelin Networks and Appthority

Data Breach Today

Separately, Thoma Bravo Moves to Acquire Veracode Software From Broadcom Symantec has announced not one but two acquisitions of private cybersecurity firms: Javelin Networks and Appthority.

What’s the difference between business continuity and disaster recovery?

IT Governance

Disasters happen, whether it’s a cyber attack, flood, power outage, road closure or any other type of disruption. And when it strikes, your organisation needs to be ready to implement its business continuity and disaster recovery plans. .

USB drives are primary vector for destructive threats to industrial facilities

Security Affairs

USB removable storage devices are the main vector for malware attacks against industrial facilities, states Honeywell report. According to a report published on by Honeywell, malware-based attacks against industrial facilities mostly leverage USB removable storage devices.

Make sure you trust your third-party vendor

Thales Data Security

Best Buy, Panera Bread, Target and Under Armour. What do each of these companies have in common? They each suffered a data breach at the hands of a third-party vendor.

Georgia Election Further Complicated By Hacking Accusation

Data Breach Today

Secretary of State - and Republican Candidate - Probes State's Democratic Party Georgia's Republican gubernatorial candidate has accused the state's Democratic Party of attempting to hack the state's voter registration database. The accusation, from Brian S.