September, 2019

NY Payroll Company Vanishes With $35 Million

Krebs on Security

MyPayrollHR , a now defunct cloud-based payroll processing firm based in upstate New York, abruptly ceased operations this past week after stiffing employees at thousands of companies.

Microsoft Patches 2 Windows Flaws Already Being Exploited

Data Breach Today

September's Patch Tuesday Addresses Elevation of Privileges Flaws As part of its September Patch Tuesday security update, Microsoft issued software fixes for two vulnerabilities in several versions of Windows that it says are being exploited by attackers in the wild.

SHARED INTEL: How digital certificates could supply secure identities for enterprise blockchains

The Last Watchdog

Blockchain gave rise to Bitcoin. But blockchain is much more than just the mechanism behind the cryptocurrency speculation mania.

The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite

WIRED Threat Level

At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory. Security Security / Security News

Contact Center Cloud Migration Done Right

Speaker: Sheila McGee-Smith, Founder and Principal Analyst, McGee-Smith Analytics

Many companies are in the midst of migrating their contact center to the cloud. Understanding how best to execute the transition of premises to cloud is part of that process. Join contact center industry analyst and No Jitter blogger Sheila McGee-Smith as she discussed tried and true best practices for avoiding the potential pitfalls of CX migration.

SimJacker attack allows hacking any phone with just an SMS

Security Affairs

SimJacker is a critical vulnerability in SIM cards that could be exploited by remote attackers to compromise any phones just by sending an SMS.

More Trending

Secret Service Investigates Breach at U.S. Govt IT Contractor

Krebs on Security

The U.S. Secret Service is investigating a breach at a Virginia-based government technology contractor that saw access to several of its systems put up for sale in the cybercrime underground, KrebsOnSecurity has learned.

IT 226

Attacks Targeting IoT Devices and Windows SMB Surge

Data Breach Today

IoT 236

SHARED INTEL: Mobile apps are riddled with security flaws, many of which go unremediated

The Last Watchdog

The convergence of DevOps and SecOps is steadily gaining traction in the global marketplace. Some fresh evidence of this encouraging trend comes to us by way of shared intelligence from WhiteHat Security. Related: The tie between DevOps and SecOps.

New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction

WIRED Threat Level

A fresh look at the 2016 blackout in Ukraine suggests that the cyberattack behind it was intended to cause far more damage. Security Security / Cyberattacks and Hacks

IT 109

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

A flaw in LastPass password manager leaks credentials from previous site

Security Affairs

A flaw in LastPass password manager leaks credentials from previous site. An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user.

The Doghouse: Crown Sterling

Schneier on Security

A decade ago, the Doghouse was a regular feature in both my email newsletter Crypto-Gram and my blog. In it, I would call out particularly egregious -- and amusing -- examples of cryptographic " snake oil.".

Spam In your Calendar? Here’s What to Do.

Krebs on Security

Many spam trends are cyclical: Spammers tend to switch tactics when one method of hijacking your time and attention stops working.

Events 222

A Ransomware Tale: Mayor Describes City's Decisions

Data Breach Today

Mayor of New Bedford, Mass., Offers Details at a Press Conference The mayor of New Bedford, Massachusetts, took the unusual step this week of holding a press conference to describe a recent ransomware attack and explain why the city decided not to pay the $5.3 million ransom that was demanded

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

MY TAKE: How advanced automation of threat intel sharing has quickened incident response

The Last Watchdog

Threat intelligence sharing is such a simple concept that holds so much promise for stopping threat actors in their tracks. So why hasn’t it made more of an impact stopping network breaches?

Voice Deepfake Scams CEO out of $243,000

Adam Levin

The CEO of a UK-based energy firm lost the equivalent of $243,000 after falling for a phone scam that implemented artificial intelligence, specifically a deepfake voice.

InnfiRAT Trojan steals funds from Bitcoin and Litecoin wallets

Security Affairs

Researchers at Z s caler have spotted a new malware dubbed InnfiRAT that infects victims’ systems to steal cryptocurrency wallet data. .

The Windows 10 Privacy Settings You Should Check Right Now

WIRED Threat Level

Whether you're new to Windows 10 or have been using it for years, take a minute to lock down your privacy. Security Security / Security Advice

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Man Who Hired Deadly Swatting Gets 15 Months

Krebs on Security

An Ohio teen who recruited a convicted serial “swatter “to fake a distress call that ended in the police shooting an innocent Kansas man in 2017 has been sentenced to 15 months in prison. Image: FBI.gov.

Hey Jack, How Was Your Account Hacked?

Data Breach Today

NEW TECH: Baffin Bay Networks takes a ‘cloud-first’ approach to securing web applications

The Last Watchdog

Hear about the smart toaster that got attacked three times within an hour after its IP address first appeared on the Internet? That experiment conducted by a reporter for The Atlantic crystalizes the seemingly intractable security challenge businesses face today.

Cloud 139

Another Side Channel in Intel Chips

Schneier on Security

Cloud 96

A bug in Instagram exposed user accounts and phone numbers

Security Affairs

Facebook addressed a vulnerability in Instagram that could have allowed attackers to access private user information. The security researcher @ZHacker13 discovered a flaw in Instagram that allowed an attacker to access account information, including user phone number and real name.

Access 100

What will be your decisive moment to secure your cloud applications in a Zero Trust world?

Thales eSecurity

Access management is increasingly the answer to #TrustedAccess. With two decades of cloud computing now under the belt, this question is increasingly more relevant in our hyper-connected world.

eBook 101

Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

Krebs on Security

Federal prosecutors in California have filed criminal charges against four employees of Adconion Direct , an email advertising firm, alleging they unlawfully hijacked vast swaths of Internet addresses and used them in large-scale spam campaigns.

Researchers: Emotet Botnet Is Active Again

Data Breach Today

New Surge in Activity Spotted After Four-Month Absence Emotet, one of the most powerful malware-spreading botnets, is active again after a four-month absence, according to several security researchers who noticed a surge in activity primarily against U.S., and German targets starting on Monday

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

The Last Watchdog

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature. Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago. Related: Here’s how Capital One lost 100 million customer records SOAR holds the potential to slow – and, ultimately, to help reverse – the acute and worsening cybersecurity skills shortage.

After Six Years in Exile, Edward Snowden Explains Himself

WIRED Threat Level

In a new memoir and interview, the world’s most famous whistle-blower elucidates as never before why he stood up to mass surveillance—and his love for an internet that no longer exists. Backchannel Security

Experts found Joker Spyware in 24 apps in the Google Play store

Security Affairs

Security experts at Google have removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” ” Google has removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.”

Massive iPhone Hack Targets Uyghurs

Schneier on Security

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone.

Groups 101

‘Satori’ IoT Botnet Operator Pleads Guilty

Krebs on Security

A 21-year-old man from Vancouver, Wash.

IoT 171