Sat.Jan 12, 2019 - Fri.Jan 18, 2019

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown.

Ransomware Claims to Fund Child Cancer Treatments

Data Breach Today

Separately, Texas City's Operations Disrupted by Crypto-Locking Ransomware Ransomware attacks continue, with the city of Del Rio, Texas, saying its operations have been disrupted by crypto-locking malware.

Q&A: Here’s why robust ‘privileged access management’ has never been more vital

The Last Watchdog

Malicious intruders have long recognized that getting their hands on privileged credentials equates to possessing the keys to the kingdom. This is because privileged accounts are widely deployed all across modern business networks — on-premises, in the cloud, across DevOps environments and on endpoints. Related: California enacts pioneering privacy law.

Access 129

“Stole $24 Million But Still Can’t Keep a Friend”

Krebs on Security

Unsettling new claims have emerged about Nicholas Truglia , a 21-year-old Manhattan resident accused of hijacking cell phone accounts to steal tens of millions of dollars in cryptocurrencies from victims.

Start Your Information Journey With A Step Backwards

Weissman's World

You say you’re tired of not being able to find the information you’re looking for. You say you’re concerned the information you do find is reliable. You say you’re worried about security breaches. And you say you’re ready to do something about it.

Groups 181

Cybercrime Gangs Advertise Fresh Jobs, Hacking Services

Data Breach Today

Offerings Abound on Darknet Forums; The Dark Overlord Seeks Multilingual Hackers Numerous cybercrime gangs continue to use darknet forums to seek fresh recruits, sell stolen data or advertise hacking services.

Data 284

More Trending

Courts Hand Down Hard Jail Time for DDoS

Krebs on Security

Seldom do people responsible for launching crippling cyberattacks face justice, but increasingly courts around the world are making examples of the few who do get busted for such crimes.

IoT 183

Z-WASP attack: hackers used Zero-Width spaces to bypass Office 365 protections

Security Affairs

Z-WASP attack: Phishers are using a recently fixed flaw in Office 365 that allows them to bypass protections using zero-width spaces and deliver malicious messages to recipients.

Airline Booking System Exposed Passenger Details

Data Breach Today

GUEST ESSAY: What your company should know about addressing Kubernetes security

The Last Watchdog

Kubernetes is one of many key enabling technologies of digital transformation that has tended to remain obscure to non-technical company decision makers. Related podcast: Securing software containers. Kubernetes is an administration console — an open source project from Google that makes containerized software applications easy to deploy, scale, and manage.

Evaluating the GCHQ Exceptional Access Proposal

Schneier on Security

The so-called Crypto Wars have been going on for 25 years now. Basically, the FBI -- and some of their peer agencies in the U.K.,

Fallout Exploit Kit now includes exploit for CVE-2018-15982 Flash zero-day

Security Affairs

Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability.

UK Sentences Man for Mirai DDoS Attacks Against Liberia

Data Breach Today

Daniel Kaye Was Paid to Disrupt Liberia's Largest Telecommunications Firm A U.K. court has sentenced Daniel Kaye, 30, after he admitted launching DDoS attacks against Liberia's largest telecommunications company in 2015 and 2016.

230
230

Encryption trends and predictions over 50 years

Thales eSecurity

Modern encryption can trace its root back to before WWII when Alan Turing built a modern computer in order to break the Enigma. Much has changed since then but the core goals remain the same: limit who has access to certain information and prove the authenticity of who sent a message.

5 information security policies your organisation must have

IT Governance

Information security policies are essential for tackling organisations’ biggest weakness : their employees. Everything an organisation does to stay secure, from implementing state-of-the-art technological defences to sophisticated physical barriers, relies on people using them properly.

TA505 Group adds new ServHelper Backdoor and FlawedGrace RAT to its arsenal

Security Affairs

Proofpoint analyzed two strains of malware tracked as ServHelper and FlawedGrace distributed through phishing campaigns by the TA505 crime gang.

Groups 103

Your Garage Opener Is More Secure Than Industrial Remotes

Data Breach Today

Trend Micro Says It Moved Cranes Using RF Software Flaws Radio controllers used in the construction, mining and shipping industries are dangerously vulnerable to hackers, Trend Micro says in a new report.

Collection #1 Mega Breach Leaks 773 Million Email Accounts

Adam Levin

A gigantic trove of email addresses and passwords containing over 2 billion records has been discovered online. The breached data, dubbed “Collection #1” by cybersecurity expert Troy Hunt , is more than 87 gigabytes and contains roughly 773 million email address and 21 million unique passwords.

Trump Must Be a Russian Agent; the Alternative Is Too Awful

WIRED Threat Level

We know a lot about the “what” of the Mueller probe’s findings. The crucial questions now focus on the “why.”. Security

Unsecured MongoDB archive exposed 202 Million private resumes

Security Affairs

Security expert discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people. Security expert Bob Diachenko discovered an unprotected MongoDB archive that has exposed personal and professional details of more than 202 million people.

Emotet Malware Returns to Work After Holiday Break

Data Breach Today

Fallout Exploit Kit Has Also Reappeared, Distributing GandCrab Ransomware Cybercrime outfits appeared to take a vacation around the December holidays.

Prices for Zero-Day Exploits Are Rising

Schneier on Security

Companies are willing to pay ever-increasing amounts for good zero-day exploits against hard-to-break computers and applications: On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5

Facebook's '10 Year Challenge' Is Just a Harmless Meme—Right?

WIRED Threat Level

Opinion: The 2009 vs. 2019 profile picture trend may or may not have been a data collection ruse to train its facial recognition algorithm. But we can't afford to blithely play along. Security Opinion

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Security Affairs

Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy.

Why Do Phishing Attacks Continue to Plague Healthcare?

Data Breach Today

Experts Offer Tips for How to Avoid Falling Victim Several health data breaches involving phishing attacks - including one that potentially exposed data on more than 100,000 individuals - have been added to the federal health data breach tally this month.

Why Internet Security Is So Bad

Schneier on Security

I recently read two different essays that make the point that while Internet security is terrible, it really doesn't affect people enough to make it an issue. This is true, and is something I worry will change in a world of physically capable computers.

An Astonishing 773 Million Records Exposed in Monster Breach

WIRED Threat Level

Collection #1 appears to be the biggest public breach yet, with millions of unique passwords sitting out in the open. Security

Too many issues in Pentagon networks expose it to cybersecurity risks

Security Affairs

Risk 94

Facebook Deletes More Bogus Accounts Linked to Russia

Data Breach Today

Sputnik News Agency in Russia Created 'Fake Accounts,' Facebook Alleges Facebook has removed hundreds of accounts, alleging that the account creators misrepresented their identity.

185
185

17 January Weekly podcast: US government websites, Liberia DDoS attacker and no-deal Brexit

IT Governance

This week, we discuss how the US government shutdown is affecting federal websites’ security, the sentencing of a man who knocked Liberia’s Internet offline with a botnet, and what a no-deal Brexit means for data protection.

GDPR 80

How Trump Could Wind up Making Globalism Great Again

WIRED Threat Level

OK, so it was never great in the first place. But the rise of rank nationalists could finally—perversely—spark an era of progress and cooperation for all humanity. Backchannel Security

IT 87

A flaw in vCard processing could allow hackers to compromise a Win PC

Security Affairs

A security expert discovered a zero-day flaw in the processing of VCard files that could be exploited by a remote attacker to compromise a Windows PC.

Insider Trading: SEC Describes $4.1 Million Hacking Scheme

Data Breach Today

Ukrainian Hacker Charged With Stealing Nonpublic 'Test Files' for 8 Traders The U.S.

The 773 Million Record "Collection #1" Data Breach

Troy Hunt

Many people will land on this page after learning that their email address has appeared in a data breach I've called "Collection #1".