Sat.Oct 06, 2018 - Fri.Oct 12, 2018

Hackers can compromise your WhatsApp account by tricking you into answering a video call

Security Affairs

Hackers can compromise your WhatsApp account by tricking you into answering a video call, the company fixed the flaw in September.

Video 98

MY TAKE: Cyber attacks on industrial controls, operational technology have only just begun

The Last Watchdog

“May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war. In today’s geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries’ business and industrial sectors, using more and more sophisticated weaponry to do so.

Amazon Employee Fired for Leaking Customer Data, Exposing a Search Flaw or Both?

Adam Levin

Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer emailed addresses were leaked by an employee to an online reseller in exchange for money.

Sales 106

Hackers Hold Instagram Influencers’ Accounts Hostage with Ransomware

Adam Levin

High-profile Instagram accounts are being targeted by ransomware attacks and phishing schemes, with evidence suggesting that many account holders are paying the attackers.

GandCrab Ransomware Partners With Crypter Service

Data Breach Today

Gang's Cult Status and Marketing Savvy Belies Shoddy Attack Code, McAfee Says The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships.

Supply Chain Security 101: An Expert’s View

Krebs on Security

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency.

More Trending

Security in a World of Physically Capable Computers

Schneier on Security

It's no secret that computers are insecure. Stories like the recent Facebook hack , the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg.

Facebook Clarifies Extent of Data Breach

Data Breach Today

30 Million Affected; 14 Million Had Extensive Information Exposed Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act?

Will Digital Healthcare Technology Disrupt Independent Physicians

Perficient Data & Analytics

Why fear change? Change is good and has developed the world into what it is today. Change partners with adaptation, to promote a new way of doing things. However, is change in the healthcare industry putting independent physicians at risk? With the increased usage of digital healthcare technology, will the independent physician still be able to maintain the walk-in base of customers?

The US National Cyber Strategy

Schneier on Security

Last month the White House released the " National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities.

Medtronic Cardiac Devices Recalled Due to Cyber Concerns

Data Breach Today

FDA Announces 'Voluntary Recall' Related to Vulnerabilities The FDA has announced a "voluntary recall" by Medtronic of certain internet-connected programmers for implantable cardiac devices due to cybersecurity vulnerabilities.

Patch Tuesday, October 2018 Edition

Krebs on Security

Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

Tips 185

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Security Affairs

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers.

Mining 102

Security Vulnerabilities in US Weapons Systems

Schneier on Security

The US Government Accounting Office just published a new report: " Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities " (summary here ). The upshot won't be a surprise to any of my regular readers: they're vulnerable.

Super Micro Trojan: US and UK Back Apple and Amazon Denials

Data Breach Today

Government Agencies Have 'No Reason to Doubt' Supply Chain Tampering Refutation U.S. and U.K.

6 tools to help you prevent and respond to data breaches

IT Governance

There are few things organisations fear more than data breaches. They cause immediate delays, cost money to put right and could lead to long-term reputational damage. The stakes were raised with the introduction of the EU GDPR (General Data Protection Regulation) in May 2018.

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America.

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

Schneier on Security

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I

Magecart Card-Stealing Gang Hits 'Shopper Approved' Plug-In

Data Breach Today

Groups 179

Amazon And The Bridge Too Far

John Battelle's Searchblog

Yesterday, I lost it over a hangnail and a two-dollar bottle of hydrogen peroxide. You know when a hangnail gets angry, and a tiny red ball of pain settles in for a party on the side of your finger? Well, yeah. That was me last night.

Juniper Networks provides dozens of fix for vulnerabilities in Junos OS

Security Affairs

Juniper Networks has released security updates to address serious vulnerabilities affecting the Junos operating system. This week, Juniper Networks has patched dozens of serious security provided security patches for each of them, the security advisories are available on the company website.

AI – Four Key Ingredients

OpenText Information Management

Artificial intelligence (AI) is the great hope of software today: It can do everything. At OpenText, we have developed a low cost, easy to use AI tool called OpenText Magellan. We want to make its application practical, so that it adds value instantly.

Tools 92

Heathrow Airport Fined £120,000 for Lost USB Storage Drive

Data Breach Today

Privacy Regulator Cites Data Protection 'Catalog of Shortcomings' Heathrow, the U.K.'s

Cybersecurity Awareness Month Blog Series: Alright boys, it’s time we have “The Talk”

Thales Data Security

As a father of two teenage boys, I should have seen this coming. It was time to have the talk about the right, wrong, and applying good judgement of things found on the Web.

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Security Affairs

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware.

How the US Halted China’s Cybertheft—Using a Chinese Spy

WIRED Threat Level

For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while. Security Backchannel

IT 87

Report: Remote Access Is No. 1 Healthcare Tech Hazard

Data Breach Today

ECRI Institute Calls Attention to Cyber Risks for Second Consecutive Year Hackers remotely accessing medical devices and systems - potentially disrupting care and putting patients at risk - is the No.

Access 166

A new era for customer data – could security be ‘the new green’ for businesses?

Thales Data Security

There was a tipping point not so long ago in the realm of environmental responsibility for businesses. For some time, curbing emissions and waste was simply something the corporate world did if it had to, in order to comply with governmental regulations and avoid a hefty fine.

GDPR 84

Expert presented a new attack technique to compromise MikroTik Routers

Security Affairs

Experts from Tenable Research have devised a new attack technique to fully compromise MikroTik Routers. MikroTik routers continue to be under attack, and the situation is getting worse because of the availability of a new PoC code.

How to Check If Your Facebook Account Got Hacked—And How Badly

WIRED Threat Level

Facebook Friday offered more details about its recent breach. Here's how to see if you were affected. Security

HHS OIG Launches Cybersecurity Web Page

Data Breach Today

Site Highlights Watchdog Agency's Cyber Activities A Department of Health and Human Services watchdog agency has launched a new web page to draw attention to the growing importance of its cybersecurity-related activities, ranging from security audits to fraud investigations

Kanye’s Password

Roger's Information Security

Everyone and his brother, inside of infosec and outside has been chortling at Kanye’s iPhone password. Its 00000. Not everyone is in on the joke. Some express OUTRAGE. “how how dare you share that man’s password” (it was on CNN, its out there now).

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector.