Sat.Nov 10, 2018 - Fri.Nov 16, 2018

That Domain You Forgot to Renew? Yeah, it’s Now Stealing Credit Cards

Krebs on Security

If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others.

IT 230

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Troy Hunt

Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices.

New IoT Security Regulations

Schneier on Security

Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to lightbulbs to major appliances­ -- to the internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare.

IoT 87

Romanian Hacker 'Guccifer' Extradited to US

Data Breach Today

256

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

A California man who pleaded guilty Tuesday to causing dozens of swatting attacks — including a deadly incident in Kansas last year — now faces 20 or more years in prison. Tyler Raj Barriss, in an undated selfie.

Google Services down due to BGP leak, traffic hijacked through Russia, China, and Nigeria

Security Affairs

Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria.

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Troy Hunt

You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really don't like?

Demo 103

More Trending

Patch Tuesday, November 2018 Edition

Krebs on Security

Microsoft on Tuesday released 16 software updates to fix more than 60 security holes in various flavors of Windows and other Microsoft products. Adobe also has security patches available for Flash Player , Acrobat and Reader users.

Tools 180

Nginx server security flaws expose more than a million of servers to DoS attacks

Security Affairs

Nginx developers released security updates to address several denial-of-service (DoS) vulnerabilities affecting the nginx web server. nginx is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server, it is used by 25.28% busiest sites in October 2018.

Chip Cards Fail to Reduce Credit Card Fraud in the US

Schneier on Security

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold.

Sales 102

Magecart Cybercrime Groups Mass Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, involving payment card data being stolen from e-commerce sites via injected attack code.

Groups 233

The GDPR: Everything you need to know about data controllers and data processors

IT Governance

Data controllers and data processors are an integral part of the GDPR. This article explains what those roles involve and helps you understand if you are a controller, processor or both.

GDPR 102

Expert found a way to bypass Windows UAC by mocking trusted Directory

Security Affairs

David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. .

Course 108

Hidden Cameras in Streetlights

Schneier on Security

Both the US Drug Enforcement Administration (DEA) and Immigration and Customs Enforcement (ICE) are hiding surveillance cameras in streetlights.

Video 99

Congress Approves New DHS Cybersecurity Agency

Data Breach Today

Bill Creating Cybersecurity and Infrastructure Security Agency Awaits President's Signature The United States will soon officially have a single agency that takes the lead role for cybersecurity.

Lessons from the Eurostar hack

IT Governance

Last month, cross-Channel rail service Eurostar discovered that it had suffered a hacking attempt between 15 and 19 October 2018. However, unlike other players in the travel industry that recently suffered breaches, such as BA and Cathay Pacific , Eurostar has emerged relatively unscathed.

Symantec shared details of North Korean Lazarus’s FastCash Trojan used to hack banks

Security Affairs

North Korea-linked Lazarus Group has been using FastCash Trojan to compromise AIX servers to empty tens of millions of dollars from ATMs.

New DigiCert poll shows companies taking monetary hits due to IoT-related security missteps

The Last Watchdog

Even as enterprises across the globe hustle to get their Internet of Things business models up and running, there is a sense of foreboding about a rising wave of IoT-related security exposures. And, in fact, IoT-related security incidents have already begun taking a toll at ill-prepared companies. Related: How to hire an IoT botnet — for $20. That’s the upshot of an extensive survey commissioned by global TLS, PKI and IoT security solutions leader DigiCert.

IoT 138

Who Hijacked Google's Web Traffic?

Data Breach Today

Data Routes Through Russia, Nigeria and China, Raising Security Concerns Google is investigating the unorthodox routing of traffic bound for its cloud services that instead traveled via internet service provides in Nigeria, Russia and China.

Cloud 194

BA data breach: 565,000 customers may have been affected

IT Governance

In September, British Airways announced it had suffered a data breach that compromised the personal and financial data of more than 380,000 customers. However, the airline has since admitted that an extra 185,000 people may have been affected. Then and now.

Hacking the hackers – IOT botnet author adds his own backdoor on top of a ZTE router backdoor

Security Affairs

The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies. A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers.

IoT 104

Guest Blog: Why it’s Critical to Orchestrate PKI Keys for IoT

Thales Data Security

According to statistica the number of Internet of Things (IoT) devices connected will rise to 23 billion this year. From industrial machinery and intelligent transportation to health monitoring and emergency notification systems, a broad range of IoT devices are already being deployed by enterprises.

IoT 93

Magecart Cybercrime Groups Harvest Payment Card Data

Data Breach Today

Card-Scraping Code Has Infiltrated Over 100,000 E-Commerce Sites Over the past year, there's been a surge in so-called Magecart attacks, which involve payment card data being stolen from e-commerce sites via injected attack code.

Groups 185

Shopping safely over Black Friday and Cyber Monday

IT Governance

Black Friday and Cyber Monday are almost upon us, kickstarting what retailers hope will be a successful trading period. However, the flurry of purchases and the data that represents means cyber criminals will also be looking to cash in.

Using Microsoft Powerpoint as Malware Dropper

Security Affairs

Marco Ramilli, founder and CEO at cyber security firm Yoroi has explained how to use Microsoft Powerpoint as Malware Dropper. Nowadays Microsoft office documents are often used to propagate Malware acting like dynamic droppers.

UK Publication Names Thales eSecurity Global CISO to 2018 Top 25 Women in Tech List

Thales Data Security

Thales eSecurity Global CISO Bridget Kenyon was recently named one of the ‘Top 25 Women in Tech 2018’ by UK publication PCR.

Breach of Obamacare Site Spilled Sensitive Data

Data Breach Today

Data 184

OpenText Extended ECM for Microsoft Dynamics 365 by Contesto has arrived with Release 16 EP5

OpenText Information Management

“If it’s not in CRM, it doesn’t exist.” ” How many times do sales professionals hear this phrase during a forecast meeting or call with their sales managers?

ECM 84

VPN vs. proxy: which is better to stay anonymous online?

Security Affairs

Most people prefer using proxies over VPN services because they are easy to use and mostly available for free, but can it be relied on for anonymity? Now and then, we get to hear news about data breaches and cyber attacks.

Speaking Of: (Not Your Father’s) Capture

Weissman's World

Information capture has come a long way, baby! From stuffing paper through a scanner to taking pictures in the literal blink of an eye, it’s so much more than what we grew up with. Here, the illustrious Bob Larrivee and I talk about the “latest-and-greatest” in the world of capture, and the need to update […]. The post Speaking Of: (Not Your Father’s) Capture appeared first on Holly Group. capture Capture infogov information governance

The Privacy Penalty for Voting in America

Data Breach Today

States Shouldn't Serve Up on a Platter Voters' Email Addresses and Phone Numbers Voting in the United States carries a huge privacy cost: states give away or sell voters' personal information to anyone who wants it. In this era of content micro-targeting, rampant misinformation and identity theft schemes, this trade in voters' personal data is both dangerous and irresponsible

Surveillance Kills Freedom By Killing Experimentation

WIRED Threat Level

When we're being watched, we conform. We don't speak freely or try new things. But social progress happens in the gap between what’s legal and what’s moral. Security

tRat is a new modular RAT used by the threat actor TA505

Security Affairs

The threat actor TA505 behind many Dridex and Locky campaigns have been using a new Remote Access Trojan (RAT) dubbed tRat.

8 Proven Social Media Tips for Startups

AIIM

Social media marketing is a great way to help launch your startup. It’s cheap and effective -- if you have a strategy. Where do you start? How do you attract customers through platforms like Twitter and Instagram? This guide will help you answer these questions and more.

Tips 84

Chinese Cyber Threat: NSA Confirms Attacks Have Escalated

Data Breach Today

Defending Forward' Is New Military Mantra for Defending Government Networks With cyber espionage attacks from China escalating over the past year, the NSA's Rob Joyce says the U.S.

NEW TECH: Cequence Security launches platform to shield apps, APIs from malicious botnets

The Last Watchdog

Cyber criminals are deploying the very latest in automated weaponry, namely botnets, to financially plunder corporate networks. The attackers have a vast, pliable attack surface to bombard: essentially all of the externally-facing web apps, mobile apps and API services that organizations are increasingly embracing, in order to stay in step with digital transformation. Related: The ‘Golden Age’ of cyber espionage is upon us.

B2C 120

Cyber espionage group used CVE-2018-8589 Windows Zero-Day in Middle East Attacks

Security Affairs

Kaspersky revealed that the CVE-2018-8589 Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East.