March, 2019

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

Tools 255

Cover Your NAS Against Nasty Cr1ptT0r Ransomware

Data Breach Today

Crypto-Locking Extortion Targets Internet-Exposed D-Link Devices Criminals wielding a new strain of ransomware called Cr1ptT0r are targeting network-attached storage users.

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

DARPA Is Developing an Open-Source Voting System

Schneier on Security

This sounds like a good development: a new $10 million contract the Defense Department's Defense Advanced Research Projects Agency (DARPA) has launched to design and build a secure voting system that it hopes will be impervious to hacking.

These Cookie Warning Shenanigans Have Got to Stop

Troy Hunt

This will be short, ranty and to the point: these warnings are getting ridiculous: I know, tell you something you don't know! The whole ugly issue reared its head again on the weekend courtesy of the story in this tweet: I’m not sure if this makes it better or worse.

Mining 113

MY TAKE: What the Ethiopian 737 Max 8 crash should tell us about the safety of ‘smart’ jetliners

The Last Watchdog

When news broke about the crash of a Ethiopian Airlines Boeing 737, the first question that popped into my head was whether an older 737 model, still using the flawed rudder actuator, might have been involved. Related: Historical context of the rudder flaws on older model 737s. Of course it was actually the newest iteration of the 737, the Max 8. I’m no longer covering aviation.

Course 155

More Trending

Georgia County Pays $400,000 to Ransomware Attackers

Data Breach Today

Cybercrime Gang Wielding Ryuk Eyed as Culprit Officials in Jackson County, Georgia, along with the FBI are investigating a ransomware attack that crippled IT systems over a two-week period and reportedly led local officials to pay a bitcoin ransom worth $400,000 to restore systems and infrastructur

Severe RCE vulnerability affected popular StackStorm Automation Software

Security Affairs

The security researcher Barak Tawilyhas discovered a severe vulnerability, tracked as CVE-2019-9580, in the popular, open source event-driven platform StackStorm.

Critical Flaw in Swiss Internet Voting System

Schneier on Security

Researchers have found a critical flaw in the Swiss Internet voting system.

Citrix Hack Exposes Customer Data

Adam Levin

Citrix, a major network software company, had its internal network compromised by what appears to be an international hacking campaign. The company was alerted to the cyberattack by the FBI earlier this month.

MY TAKE: Why consumers are destined to play a big role in securing the Internet of Things

The Last Watchdog

There are certain things we as consumers have come to do intuitively: brushing our teeth in the morning; looking both ways before crossing a city street; buckling up when we get into a car. Related: What needs to happen to enable driverless transportation — safely. In the not too distant future, each one of us will need to give pause, on a daily basis, to duly consider how we purchase and use Internet of Things devices and services. This is coming.

IoT 152

Insert Skimmer + Camera Cover PIN Stealer

Krebs on Security

Very often the most clever component of your typical ATM skimming attack is the hidden pinhole camera used to record customers entering their PINs.

Video 208

Citrix Hacked by Password-Spraying Attackers, FBI Warns

Data Breach Today

Cyber-Espionage Campaign Appears Separate to Recent Credential-Stuffing Breach Citrix Systems is investigating a suspected hack attack, resulting in the theft of business documents, after being tipped off by the FBI.

FBI informed software giant Citrix of a security breach

Security Affairs

The American multinational software company Citrix disclosed a security breach, according to the firm an international cyber criminals gang gained access to its internal network.

Cybersecurity for the Public Interest

Schneier on Security

The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals.

With Privacy as Its Shield, Facebook Hopes To Conquer the Entire Internet.

John Battelle's Searchblog

Never mind that man behind the privacy curtain. I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition.

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

The Last Watchdog

There’s a frantic scramble going on among those responsible for network security at organizations across all sectors. Related: Why we’re in the Golden Age of cyber espionage. Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy. But this hasn’t done the trick.

Ad Network Sizmek Probes Account Breach

Krebs on Security

Online advertising firm Sizmek Inc. [ NASDAQ: SZMK ] says it is investigating a security incident in which a hacker was reselling access to a user account with the ability to modify ads and analytics for a number of big-name advertisers.

Ursnif Banking Trojan Variant Steals More Than Financial Data

Data Breach Today

Researchers Say Latest Version Evades Detection A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report

Data 218

Vulnerabilities in car alarm systems exposed 3 million cars to hack

Security Affairs

Security experts at Pen Test Partners discovered several vulnerabilities in two smart car alarm systems put three million vehicles globally at risk of hack.

Demo 112

The Latest in Creepy Spyware

Schneier on Security

The Nest home alarm system shipped with a secret microphone , which -- according to the company -- was only an accidental secret : On Tuesday, a Google spokesperson told Business Insider the company had made an "error." "The

Take your GDPR project to the next level with our compliance packages

IT Governance

For many organisations, last year’s GDPR (General Data Protection Regulation) compliance deadline was a whirlwind of privacy policy updates, data protection training courses and hours spent online researching exactly what a ‘controller’ and ‘processor’ are.

GDPR 95

MY TAKE: Memory hacking arises as a go-to tactic to carry out deep, persistent incursions

The Last Watchdog

A common thread runs through the cyber attacks that continue to defeat the best layered defenses money can buy. Related: We’re in the midst of ‘cyber Pearl Harbor’ Peel back the layers of just about any sophisticated, multi-staged network breach and you’ll invariably find memory hacking at the core.

Hackers Sell Access to Bait-and-Switch Empire

Krebs on Security

Cybercriminals are auctioning off access to customer information stolen from an online data broker behind a dizzying array of bait-and-switch Web sites that sell access to a vast range of data on U.S.

Access 187

Prosecutors Probe Facebook's Data Deals

Data Breach Today

New York Grand Jury Subpoenas Records in Criminal Probe - Report Facebook's data deals continue to be probed.

Data 212

More than billion records exposed online by email validation biz Verifications.io

Security Affairs

Experts found an unprotected server exposing online 4 MongoDB databases belonging to the email validation company Verifications.io. A new mega data leak made the headlines, an unprotected MongoDB database (150GB) belonging to a marketing company exposed up to 809 million records.

Judging Facebook's Privacy Shift

Schneier on Security

Facebook is making a new and stronger commitment to privacy. Last month, the company hired three of its most vociferous critics and installed them in senior technical positions.

International Women’s Day: Supporting gender diversity in cybersecurity, putting the skills gap into the history books

Thales eSecurity

Last year was the first time companies in Great Britain had to disclose their gender pay gap figures.

NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app

The Last Watchdog

The conundrum companies face with the Bring Your Own Device phenomenon really has not changed much since iPhones and Androids first captured our hearts, minds and souls a decade ago. Related: Malvertising threat lurks in all browsers. People demand the latest, greatest mobile devices, both to be productive and to stay connected to their personal lives. But big organizations move methodically and in general struggle mightily when it comes to balancing productivity and security.

MDM 128

Patch Tuesday, March 2019 Edition

Krebs on Security

Microsoft on Tuesday pushed out software updates to fix more than five dozen security vulnerabilities in its Windows operating systems, Internet Explorer , Edge , Office and Sharepoint. If you (ab)use Microsoft products, it’s time once again to start thinking about getting your patches on.

Tips 166

Anti-Virus on Android: Beware of Low-Quality Apps

Data Breach Today

More Than Half of AV Apps are Ineffective, Testing Firm Finds More than half of 250 antivirus applications available in Google's Play Store offer insufficient protection against malicious software, according to a new study by testing organizations AV Comparatives.

Study 210

Evading AV with JavaScript Obfuscation

Security Affairs

A few days ago, Cybaze-Yoroi ZLAB researchers spotted a suspicious JavaScript file that implemented several techniques to evade detection of all AV solutions. Introduction.

Digital Signatures in PDFs Are Broken

Schneier on Security

Researchers have demonstrated spoofing of digital signatures in PDF files. This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software.

One Step Closer to Saudi Vision 2030 | General Auditing Bureau Conclude the Fourth stage of SHAMEL with Everteam

Everteam

Riyadh, KSA – March 2019 – An event was held at the General Auditing bureau to conclude the fourth stage of linking the government entities under GAB’s supervision to the Smart Electronic Auditing Platform “SHAMEL” project with Everteam.