Sat.Nov 10, 2018 - Fri.Nov 16, 2018

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others.

IT 228

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices.

New IoT Security Regulations

Schneier on Security

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to lightbulbs to major appliances­ -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

IoT 109

Romanian Hacker 'Guccifer' Extradited to US

Data Breach Today

248
248

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie.

Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria

Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria.

More Trending

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 232

Patch Tuesday, November 2018 Edition

Krebs on Security

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe also has security patches available for Flash Player , Acrobat and Reader users.

Tools 182

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper. Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers.

Chip Cards Fail to Reduce Credit Card Fraud in the US

Schneier on Security

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold.

Sales 113

Texas Hospital Hit With Dharma Ransomware Attack

Data Breach Today

Altus Baytown Hospital Among Latest Healthcare Cyberattack Victims An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Troy Hunt

You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really don't like?

Demo 105

Nginx server security flaws expose more than a million of servers to DoS attacks

Security Affairs

Nginx developers released security updates to address several denial-of-service (DoS) vulnerabilities affecting the nginx web server. nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, it is used by 25.28% busiest sites in October 2018.

Hiding Secret Messages in Fingerprints

Schneier on Security

This is a fun steganographic application : hiding a message in a fingerprint image. Can't see any real use for it, but that's okay. academicpapers encryption fingerprints steganography

IT 106

Congress Approves New DHS Cybersecurity Agency

Data Breach Today

Bill Creating Cybersecurity and Infrastructure Security Agency Awaits President's Signature The United States will soon officially have a single agency that takes the lead role for cybersecurity.

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

Data controllers and data processors are an integral part of the GDPR. This article explains what those roles involve and helps you understand if you are a controller, processor or both.

GDPR 103

Expert found a way to bypass Windows UAC by mocking trusted Directory

Security Affairs

David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. .

Course 113

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies. Related: How to hire an IoT botnet — for $20. That’s the upshot of an extensive survey commissioned by global TLS, PKI and IoT security solutions leader DigiCert.

IoT 138

Who Hijacked Google's Web Traffic?

Data Breach Today

Data Routes Through Russia, Nigeria and China, Raising Security Concerns Google is investigating the unorthodox routing of traffic bound for its cloud services that instead traveled via internet service provides in Nigeria, Russia and China.

Cloud 183

Lessons from the Eurostar hack

IT Governance

Last month, cross-Channel rail service Eurostar discovered that it had suffered a hacking attempt between 15 and 19 October 2018. However, unlike other players in the travel industry that recently suffered breaches, such as BA and Cathay Pacific , Eurostar has emerged relatively unscathed.

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs.

Guest Blog: Why it’s Critical to Orchestrate PKI Keys for IoT

Thales Data Security

According to statistica the number of Internet of Things (IoT) devices connected will rise to 23 billion this year. From industrial machinery and intelligent transportation to health monitoring and emergency notification systems, a broad range of IoT devices are already being deployed by enterprises.

IoT 93

Breach of Obamacare Site Spilled Sensitive Data

Data Breach Today

Data 179

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. However, the airline has since admitted that an extra 185,000 people may have been affected. Then and now.

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies. A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers.

IoT 112

A Record Destruction Policy Is a Business and Environmental Win-Win

InfoGoTo

Why exactly does an organization — even a small one — need a record destruction policy? Like so many other relationships, an enterprise’s relationship with its own records is complicated.

Magecart Cybercrime Groups Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code.

Groups 178

Shopping safely over Black Friday and Cyber Monday

IT Governance

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, the flurry of purchases and the data that represents means cyber criminals will also be looking to cash in.

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

Most people prefer using proxies over VPN services because they are easy to use and mostly available for free, but can it be relied on for anonymity? Now and then, we get to hear news about data breaches and cyber attacks.

UK Publication Names Thales eSecurity Global CISO to 2018 Top 25 Women in Tech List

Thales Data Security

Thales eSecurity Global CISO Bridget Kenyon was recently named one of the ‘Top 25 Women in Tech 2018’ by UK publication PCR.

The Privacy Penalty for Voting in America

Data Breach Today

States Shouldn't Serve Up on a Platter Voters' Email Addresses and Phone Numbers Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible

Subject Access Requests in Scotland: Do you know what data is held about you?

IT Governance

The impact of the GDPR (General Data Protection Regulation) in Scotland is greater than most realise. Not only does it affect the way organisations process personal data, but also extends data subjects rights in terms of how their data is processed.

tRat is a new modular RAT used by the threat actor TA505

Security Affairs

The threat actor TA505 behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT) dubbed tRat.

Speaking Of: (Not Your Father’s) Capture

Weissman's World

Information capture has come a long way, baby! From stuffing paper through a scanner to taking pictures in the literal blink of an eye, it’s so much more than what we grew up with. Here, the illustrious Bob Larrivee and I talk about the “latest-and-greatest” in the world of capture, and the need to update […]. The post Speaking Of: (Not Your Father’s) Capture appeared first on Holly Group. capture Capture infogov information governance