Sat.Oct 06, 2018 - Fri.Oct 12, 2018

Hackers can compromise your WhatsApp account by tricking you into answering a video call

Security Affairs

Hackers can compromise your WhatsApp account by tricking you into answering a video call, the company fixed the flaw in September.

Video 99

MY TAKE: Cyber attacks on industrial controls, operational technology have only just begun

The Last Watchdog

“May you live in interesting times.” The old Chinese proverb–some consider it a blessing and others a curse–certainly describes the modern-day cyber landscape. Related: 7 attacks that put us at the brink of cyber war. In today’s geopolitical terrain, nation-state backed cyber criminals are widening their targets and starting to zero in on their adversaries’ business and industrial sectors, using more and more sophisticated weaponry to do so.

Amazon Employee Fired for Leaking Customer Data, Exposing a Search Flaw or Both?

Adam Levin

Amazon revealed a breach of customer data last week, but it wasn’t a data breach of the usual variety. Rather than falling prey to a cyberattack or having hackers exploit unsecured code, customer emailed addresses were leaked by an employee to an online reseller in exchange for money.

Sales 98

Hackers Hold Instagram Influencers’ Accounts Hostage with Ransomware

Adam Levin

High-profile Instagram accounts are being targeted by ransomware attacks and phishing schemes, with evidence suggesting that many account holders are paying the attackers.

GandCrab Ransomware Partners With Crypter Service

Data Breach Today

Gang's Cult Status and Marketing Savvy Belies Shoddy Attack Code, McAfee Says The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships.

Supply Chain Security 101: An Expert’s View

Krebs on Security

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency.

Researchers presented an improved version of the WPA KRACK attack

Security Affairs

Security researchers who devised last year the Key Reinstallation Attack, aka KRACK attack, have disclosed new variants of the attack.

More Trending

Facebook Clarifies Extent of Data Breach

Data Breach Today

30 Million Affected; 14 Million Had Extensive Information Exposed Facebook now says that 20 million fewer accounts were breached than it originally believed, but the attackers accessed extensive sensitive personal information on nearly half of those affected

Naming & Shaming Web Polluters: Xiongmai

Krebs on Security

What do we do with a company that regularly pumps metric tons of virtual toxic sludge onto the Internet and yet refuses to clean up their act?

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

Security Affairs

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers.

Mining 103

Breaking Azure Functions with Too Many Connections

Troy Hunt

For the most part, Have I Been Pwned (HIBP) runs very smoothly, especially given how cheaply I run many parts of the service for. Occasionally though, I screw up and get something wrong that interrupts the otherwise slick operation and results in some outage.

Medtronic Cardiac Devices Recalled Due to Cyber Concerns

Data Breach Today

FDA Announces 'Voluntary Recall' Related to Vulnerabilities The FDA has announced a "voluntary recall" by Medtronic of certain internet-connected programmers for implantable cardiac devices due to cybersecurity vulnerabilities.

Patch Tuesday, October 2018 Edition

Krebs on Security

Microsoft this week released software updates to fix roughly 50 security problems with various versions of its Windows operating system and related software, including one flaw that is already being exploited and another for which exploit code is publicly available.

Tips 168

Security in a World of Physically Capable Computers

Schneier on Security

It's no secret that computers are insecure. Stories like the recent Facebook hack , the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they're just the newsworthy tip of a very large iceberg.

APT28 group return to covert intelligence gathering ops in Europe and South America.

Security Affairs

Experts from Symantec collected evidence that APT28 group returns to covert intelligence gathering operations in Europe and South America.

Groups 100

Super Micro Trojan: US and UK Back Apple and Amazon Denials

Data Breach Today

Government Agencies Have 'No Reason to Doubt' Supply Chain Tampering Refutation U.S. and U.K.

Amazon And The Bridge Too Far

John Battelle's Searchblog

Yesterday, I lost it over a hangnail and a two-dollar bottle of hydrogen peroxide. You know when a hangnail gets angry, and a tiny red ball of pain settles in for a party on the side of your finger? Well, yeah. That was me last night.

The US National Cyber Strategy

Schneier on Security

Last month the White House released the " National Cyber Strategy of the United States of America. I generally don't have much to say about these sorts of documents. They're filled with broad generalities.

Juniper Networks provides dozens of fix for vulnerabilities in Junos OS

Security Affairs

Juniper Networks has released security updates to address serious vulnerabilities affecting the Junos operating system. This week, Juniper Networks has patched dozens of serious security provided security patches for each of them, the security advisories are available on the company website.

Magecart Card-Stealing Gang Hits 'Shopper Approved' Plug-In

Data Breach Today

Groups 186

Cybersecurity Awareness Month Blog Series: Alright boys, it’s time we have “The Talk”

Thales Data Security

As a father of two teenage boys, I should have seen this coming. It was time to have the talk about the right, wrong, and applying good judgement of things found on the Web.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

The US Government Accounting Office just published a new report: " Weapons Systems Cyber Security: DOD Just Beginning to Grapple with Scale of Vulnerabilities " (summary here ). The upshot won't be a surprise to any of my regular readers: they're vulnerable.

Exaramel Malware Links Industroyer ICS malware and NotPetya wiper

Security Affairs

ESET researchers have spotted a new strain of malware tracked as Exaramel that links the dreaded not Petya wiper to the Industroyer ICS malware.

Heathrow Airport Fined £120,000 for Lost USB Storage Drive

Data Breach Today

Privacy Regulator Cites Data Protection 'Catalog of Shortcomings' Heathrow, the U.K.'s

AI – Four Key Ingredients

OpenText Information Management

Artificial intelligence (AI) is the great hope of software today: It can do everything. At OpenText, we have developed a low cost, easy to use AI tool called OpenText Magellan. We want to make its application practical, so that it adds value instantly.

Tools 92

Another Bloomberg Story about Supply-Chain Hardware Attacks from China

Schneier on Security

Bloomberg has another story about hardware surveillance implants in equipment made in China. This implant is different from the one Bloomberg reported on last week. That story has been denied by pretty much everyone else, but Bloomberg is sticking by its story and its sources. (I

Expert presented a new attack technique to compromise MikroTik Routers

Security Affairs

Experts from Tenable Research have devised a new attack technique to fully compromise MikroTik Routers. MikroTik routers continue to be under attack, and the situation is getting worse because of the availability of a new PoC code.

HHS OIG Launches Cybersecurity Web Page

Data Breach Today

Site Highlights Watchdog Agency's Cyber Activities A Department of Health and Human Services watchdog agency has launched a new web page to draw attention to the growing importance of its cybersecurity-related activities, ranging from security audits to fraud investigations

How to Check If Your Facebook Account Got Hacked—And How Badly

WIRED Threat Level

Facebook Friday offered more details about its recent breach. Here's how to see if you were affected. Security

A new era for customer data – could security be ‘the new green’ for businesses?

Thales Data Security

There was a tipping point not so long ago in the realm of environmental responsibility for businesses. For some time, curbing emissions and waste was simply something the corporate world did if it had to, in order to comply with governmental regulations and avoid a hefty fine.

GDPR 85

Fitmetrix fitness software company may have exposed millions of customer records

Security Affairs

Fitmetrix fitness software company exposed customer data online, a 119GB archive containing name, gender, email address, birth date, height, weight and more. A fitness software company Fitmetrix may have exposed a database hosted on AWS containing millions of customer records.

CEO Fraud: Barriers to Entry Falling, Security Firm Warns

Data Breach Today

How the US Halted China’s Cybertheft—Using a Chinese Spy

WIRED Threat Level

For years, China has systematically looted American trade secrets. Here's the messy inside story of how DC got Beijing to clean up its act for a while. Security Backchannel

IT 85

How Cyber Essentials can help secure your devices and software

IT Governance

The Cyber Essentials scheme is a world-leading assurance mechanism for organisations of all sizes to help demonstrate that the most critical cyber security controls have been implemented.

Group-IB: $49.4 million of damage caused to Russia’s financial sector from cyber attacks

Security Affairs

Security firm Group-IB has estimated that in H2 2017-H1 2018 cyber attacks caused $49.4 million (2.96 billion rubles) of damage to Russia’s financial sector.

Google Forced to Reveal Exposure of Private Data

Data Breach Today

Consumer Google+ Set For Shutdown; Google Hid the Data-Exposing Bug Google blames a bug in an API for its Google+ social networking service for exposing personal details for about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal

Data 169

Kanye’s Password

Roger's Information Security

Everyone and his brother, inside of infosec and outside has been chortling at Kanye’s iPhone password. Its 00000. Not everyone is in on the joke. Some express OUTRAGE. “how how dare you share that man’s password” (it was on CNN, its out there now).