Sat.Mar 16, 2019 - Fri.Mar 22, 2019

Why Phone Numbers Stink As Identity Proof

Krebs on Security

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities.

Tools 255

Mirai Botnet Code Gets Exploit Refresh

Data Breach Today

Users of Mirai Likely Seek Enterprise-Class Bandwidth, Says Palo Alto Networks Mirai, the powerful malware that unleashed unprecedented distributed denial-of-service attacks in 2016, has never gone away.

IT 191

Massive attacks bypass MFA on Office 365 and G Suite accounts via IMAP Protocol

Security Affairs

Threat actors targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA). Over the past months, threat actors have targeted Office 365 and G Suite cloud accounts using the IMAP protocol to bypass multi-factor authentication (MFA).

NEW TECH: SyncDog vanquishes BYOD risk by isolating company assets on a secure mobile app

The Last Watchdog

The conundrum companies face with the Bring Your Own Device phenomenon really has not changed much since iPhones and Androids first captured our hearts, minds and souls a decade ago. Related: Malvertising threat lurks in all browsers. People demand the latest, greatest mobile devices, both to be productive and to stay connected to their personal lives. But big organizations move methodically and in general struggle mightily when it comes to balancing productivity and security.

MDM 128

CAs Reissue Over One Million Weak Certificates

Schneier on Security

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed : they created random serial numbers with only 63 bits instead of the required 64.

UN Report: N. Korea Targets Cryptocurrency Exchanges, Banks

Data Breach Today

More Trending

NEW TECH: Exabeam retools SIEMs; applies credit card fraud detection tactics to network logs

The Last Watchdog

Security information and event management, or SIEM, could yet turn out to be the cornerstone technology for securing enterprise networks as digital transformation unfolds. Related: How NSA cyber weapon could be used for a $200 billion ransomware caper. Exabeam is a bold upstart in the SIEM space. The path this San Mateo, CA-based vendor is trodding tells us a lot about the unfolding renaissance of SIEMs – and where it could take digital commerce.

The Artificial Intelligence Yin Needs a Business Yang

AIIM

Seven (yes, seven!) years ago, AIIM published “The Big Data Balancing Act - Too much yin and not enough yang?” The author of the report was none other than Nuxeo’s David Jones, who worked as a business analyst for AIIM at the time.

Unsecure Fax Server Leaked Patient Data

Data Breach Today

Incident Highlights the Importance of Vendor Risk Management A medical software vendor's unsecured fax server leaked patients' medical information, highlighting yet again the importance of vendor risk management

Risk 183

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef.

BEST PRACTICES: 6 physical security measures every company needs

The Last Watchdog

It has never been more important to invest in proper security for your business. Laws surrounding the personal data of individuals such as the General Data Protection Regulation (GDPR) put the onus on companies to ensure that both digital and physical copies of data are secure at all times. Related: Shrinking to human attack vector.

Access 113

The Evidence That Could Impeach Donald Trump

WIRED Threat Level

Nancy Pelosi’s comments about impeachment acknowledge a political reality: Nothing the Mueller probe has revealed so far has moved the GOP substantially. Security

Bitcoin Exchange's CEO Gets Suspended Sentence

Data Breach Today

Gox's CEO, Mark Karpelès, Convicted on One Charge, Exonerated of Fraud, Embezzlement The former CEO of what was once the world's most popular bitcoin exchange, Mt. Gox, will not serve prison time.

Data 180

US-CERT warns of New Zealand mosque shooting scams and malware campaigns

Security Affairs

In the wake of the New Zealand mosque shooting, the CISA recommends users to remain vigilant on possible scams and malware attacks. Yesterday the horrible mass mosque shooting in New Zealand made the headlines, fifty people were killed.

Video 87

Employment Scams Increasingly Targeting Job Seekers

Adam Levin

Employment fraud is currently the most prevalent scam targeting consumers, according to Better Business Bureau report. The scams primarily target job-seekers with promises of great job opportunities and high pay.

Triton

Schneier on Security

Good article on the Triton malware which targets industrial control systems. cyberattack cybersecurity defense infrastructure malware zeroday

Steele Dossier Case: Expert Traces Spear-Phishing of DNC

Data Breach Today

XBT/Webzilla Hosting Infrastructure Used for Nation-State Hacking, Expert Finds Web hosting firm XBT/Webzilla's infrastructure was used to attack the U.S.

gnosticplayers offers 26 Million new accounts for sale on the Dark Web

Security Affairs

The hacker gnosticplayers is offering the fourth batch of millions of records stolen from 6 new websites for sale on the dark web. Gnosticplayers is back with the fourth round of hacked accounts offered for sale on the dark web.

Sales 83

Beto O'Rourke Belonged to an Infamous '90s Hacker Group

WIRED Threat Level

Facial recognition, DuckDuckGo on Chrome, and more security news this week. Security

Weekly Update 130

Troy Hunt

Well that was a hell of a week of travel. Seriously, the Denver situation was just an absolute mess but when looking at the video from the day I was meant to fly in, maybe being stuck in LA wasn't such a bad thing after all: As of 1:30 p.m.,

Can Machine Learning Systems 'Overlearn'?

Data Breach Today

Sam Curry of Cybereason on When to Trust ML Systems Machine learning systems adapt their behavior on the basis of a feedback loop, so they can overlearn and develop blind spots, which if not understood by practitioners can lead to dangerous situations, says Sam Curry of Cybereason

173
173

Experts uncovered a malspam campaign using Boeing 737 Max crashes

Security Affairs

Experts at the 360 Threat Intelligence Center uncovered a new malspam campaign that leverages the tragic Boeing 737 Max crash to spread malware. Crooks always attempt to exploit the attention of the people on the events that made the headlines.

Here's What It's Like to Accidentally Expose the Data of 230M People

WIRED Threat Level

The owner of Exactis, a 10-person firm that exposed a database including nearly every American, tells the story of his company's downfall. Security

IT 64

New IoT Security Bill: Third Time's the Charm?

Dark Reading

The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology

IoT 87

Telemetry: Monitoring Applications in Hostile Environments

Data Breach Today

Aaron Lint of Arxan on How Application Telemetry Can Guide Security Strategies Getting a telemetry stream back from applications can help organizations to "adjust much more quickly to see how practical attacks are happening on the endpoint and then go to mitigate," says Aaron Lint of Arxan

Hackers used Scanbox framework to hack Pakistani Govt’s passport application tracking site

Security Affairs

Experts uncovered a watering hole attack against the Pakistani Govt’s passport application tracking site, hackers used the Scanbox Framework to steal visitors’ data. Security experts at Trustwave have shared their findings of a recent data breach suffered by a Pakistani government website.

Sales 74

Most Android Antivirus Apps Are Garbage

WIRED Threat Level

Fraudulent and ineffective antivirus apps persist on the Google Play Store, and it's unclear whether they'll ever totally go away. Security

IT 68

Winning Tactics for Becoming a Certified Records Manager (CRM)

IG Guru

So you want to become a Certified Records Manager (CRM)? For those of us in Records and Information Management (RIM), becoming a Certified Records Manager (CRM) is a significant milestone. It takes intense focus, dedication, fortitude, endurance, and knowledge to become a CRM.

ISO 27001: The 14 control sets of Annex A explained

IT Governance

ISO 27001 is the international standard that describes best practice for an ISMS (information security management system). The Standard takes a risk-based approach to information security, requiring organisations to identify threats to their organisation and select appropriate controls to tackle them. Those controls are outlined in Annex A of the Standard. There are 114 in total, split into 14 sections (or ‘control sets’). Each section focuses on a specific aspect of information security.

EU adopts EU Law Enforcement Emergency Response Protocol for massive cyberattacks

Security Affairs

Europol announced the EU Law Enforcement Emergency Response Protocol new protocol for law enforcement agencies in the European Union and abroad to handle major cross-border cyberattacks.

Webinar: Taking the risk out of application modernization with integrated DevOps

Rocket Software

On February 27 th , Rocket VP of Solutions Sales, Dan Magid, alongside Senior Sales Engineer, Charles Jones, hosted a webinar about the risks of application modernization, and how to minimize them with integrated DevOps.

RSA Conference 2019: What You Need to Know by Dan Lohrmann

IG Guru

The 2019 version of RSA Conference in San Francisco has come and gone. Here are some of the product and session highlights, major themes and excellent resources to dig deeper into myriad cybersecurity and technology topics.

Emergence of Blockchain in Finance Requires Secure, Streamlined Data Management

InfoGoTo

Blockchain in finance is advancing as financial services providers and regulators look into the different ways cryptocurrencies will impact payments, value exchange and other elements of the financial landscape.

Could Beto O’Rourke become the first US President with a past of hacking?

Security Affairs

Democratic presidential candidate Beto O’Rourke, when teenager, was a member of the popular Cult of the Dead Cow hacker group.