Researchers Find 87GB Trove of Breached Log-Ins
A leading security researcher has warned of a major trove of breached data being shared on hacking sites, containing over 772 million unique email addresses and more than 21 million unique passwords.
yesterday
WEF: Cyber Attacks a Major Global Risk for Next Decade
The vast majority of senior decision makers across the globe expect data theft and cyber-disruption to increase in 2019, according to the latest report from the World Economic Forum (WEF).
yesterday
The Millions Silicon Valley Spends on Security for Execs
Prominent Silicon Valley companies spend liberally to protect their intellectual property. Some also shell out considerable amounts to protect their executives. Apple’s most recent proxy statement, filed earlier this month, shows the company spent $310,000 on personal security for CEO Tim Cook. But that’s a fraction of other tech giants’ expenditures.
yesterday
Flaw in Telegram Reveals Awful OpSec from Malware Author
A weakness in the protection of messages delivered using the Telegram Bot API gave researchers access to the communication flow between a piece of malware and its operator.
yesterday
Over 140 International Airlines Affected by Major Security Breach
Potential attackers could view and change private information in flight bookings made by millions of customers of major international airlines because of a security issue in the Amadeus online booking system...
yesterday
How a Colombian I.T. Guy Helped U.S. Authorities Take Down El Chapo
[In the criminal world, insider threats sometimes favor the good guys.]
yesterday
United Airlines in damage control after revealing Apple spends $150M
...a photograph of a United Airlines banner went viral. The banner was shown at an internal event held by the company and revealed information about United’s biggest corporate clients. The banner particularly highlighted Apple, revealing it buys 50 business-class tickets for the San Francisco to Shanghai route every day.
3 days ago
A Worldwide Hacking Spree Uses DNS Trickery to Nab Data
Iranian hackers have been busy lately, ramping up an array of targeted attacks across the Middle East and abroad. And a report this week from the threat intelligence firm FireEye details a massive global data-snatching campaign, carried out over the last two years, that the firm has preliminarily linked to Iran.
3 days ago
Yet Another Bypass: Is 2FA Broken
[Ultimately], the only way to address the issue from a technical perspective is to “entirely rely on 2FA hardware tokens, that are based on U2F protocol.”
3 days ago
Courts Hand Down Hard Jail Time for DDoS
A 34-year-old Connecticut man received a whopping 10-year prison sentence for carrying out distributed denial-of-service (DDoS) attacks against a number of hospitals in 2014. Also last week, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016.
ddos-for-hire  ne'er-do-well  news  bbc  cellcom  daniel  kaye  ddos  govrat  haaretz  lonestar  martin  gottesfeld  mirai  national  crime  agency 
4 days ago
Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’
The US food giant Mondelez is suing Zurich for $100 Million after the
insurance company rejected its claim to restore normal operations following the massive NotPetya ransomware attack.
breaking  news  malware  security  cyber  insurance  hacking  mondelez  notpetya  pierluigi  paganini  affaits  zurich 
4 days ago
Vanguard CEO: You Can Trust Us With All of Your Savings
...the company takes a multifaceted approach to managing risks and providing security, pointing to its operational risk team and heavy investment in IT security.
4 days ago
America’s Electric Grid Has a Vulnerable Back Door—and Russia Walked Through It
A Wall Street Journal reconstruction of the worst known hack into the nation’s power system reveals attacks on hundreds of small contractors.
8 days ago
Our Cellphones Aren’t Safe
Security flaws threaten our privacy and bank accounts. So why aren’t we fixing them?
8 days ago
When Google Classified the Entire Web as Malware
On 31 January 2009, a Google engineer manually updated its search engine’s blacklist of sites classified as malware to include the URL of ‘/’ ...
malware  google  security  history  entire-web-as-malware 
9 days ago
Yubico launches Security Key NFC, and offers preview of YubiKey for Lightning for iPhones, iPads and Macs
Yubico has announced the availability of the Security Key NFC by Yubico, and offered an early look at the YubiKey designed with a Lightning connector for use with iPhones and iPads.
9 days ago
What is Physical Security?
I’m a physical security guy in a IT security world. So why physical security for IT? Easy, you can not have a secure network without a secure environment around it...
9 days ago
An Astronaut Accidentally Dialed 911 From the International Space Station
Kuipers revealed that in trying to make a call—by pressing 9 and then 011 for an international line—he missed a crucial number, triggering an alert at NASA’s Johnson Space Center in Houston, Texas.
iss  nasa  astronauts  international  space  station  9  11  esa  european  agency  johnson  center  andre  kuipers  ip  phone 
9 days ago
Retirement Plans Need Cyber-Security Reporting
As plan sponsors push recordkeepers for details about their cyber-security practices, a trade group is calling for the industry to take a uniform reporting approach. Providing individual sponsors with responses to a litany of questions about internal systems and software could expose recordkeepers to hackers and other risks, a December white paper based on guidance from retirement industry group the Spark Institute notes. Much safer would be some type of third-party attestation that recordkeepers could provide describing their protocol for protecting participant data, it states.
10 days ago
Fake fonts used in phishing attacks
Web fonts are being used as a substitution cypher in a novel attack to bypass security scanners
10 days ago
Germany data breach: teenager being questioned by police
House in Heilbronn raided in connection with leaks that hit hundreds of public figures
11 days ago
Looking for China's spies
"Xu was expecting the American to hand over secrets, according to a US indictment. That was because, the US authorities allege, Xu was a spy for the Chinese Ministry of State Security (MSS). But he was in for a surprise. "
13 days ago
5G: The Complete Guide
This is a good overview of what 5G is--and isn't--and when it will be relevant.
14 days ago
Marriott says 25 million passport numbers, some unencrypted, involved in massive breach
Marriott International said Friday that 383 million customer records were stolen in a data breach last month, down from the hotel chain’s original estimate of 500 million. Roughly 25.5 million passport numbers also were compromised in the data breach affecting Starwood Hotels
technology  marriott  passport  data  breach  security  starwood 
14 days ago
The 25 Most Popular Passwords of 2018 Will Make You Feel Like a Security Genius
For the last seven years, SplashData has revealed its annual list of the most commonly used passwords of the year. This time around, the results reveal that, uh, we still have work to do.
14 days ago
Why We Need to Audit Algorithms
It is by now abundantly clear that, left unchecked, AI algorithms embedded in digital and social technologies can encode societal biases, accelerate the spread of rumors and disinformation, amplify echo chambers of public opinion, hijack our attention, and even impair our mental wellbeing.
14 days ago
Zero Trust and the Case for Application Microsegmentation
With companies increasingly adopting cloud models for application workflows, does it make sense to stick to a traditional security model where a perimeter is established at the network layer? Do we continue to assume we can create safe areas in our network? Where does the network start and end? Should we continue to assume that employees and their devices can be trusted?
14 days ago
Unlocking the Power of Biometric Authentication with Behavior Analytics
There is another form of biometrics that can be leveraged for authentication and is dynamic, changing continuously, but predictable over a long period of time. This is behavior biometrics, or the way users interact with their environment. Examples include the style and speed that users type a keyboard or the way they move and click their mouse.
14 days ago
Hackers Dump Data on Merkel, Hundreds of German Politicians
Hackers have released private data linked to Chancellor Angela Merkel and hundreds of other German politicians in the biggest data dump of its kind in the country. The information includes email addresses, mobile phone numbers, photos of IDs and personal chat transcripts...
hacker  dump  merkel  german 
14 days ago
Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret
Dozens of companies use smartphone locations to help advertisers and even hedge funds. They say it’s anonymous, but the data shows how personal it is.
privacy  mobile 
15 days ago
Popular Weather App From China Collects Too Much User Data
A popular weather app built by a Chinese tech conglomerate has been collecting an unusual amount of data from smartphones around the world and attempting to subscribe some users to paid services without permission, according to a London-based security firm’s research.
15 days ago
Inside PolySwarm's Decentralized Threat Intelligence Marketplace
PolySwarm is a new approach to suspect file threat intelligence sharing, using collective wisdom (or swarm intelligence) and blockchain to pronounce and disseminate judgement on suspicious files. It is similar to VirusTotal, but with major differences.
16 days ago
USB Type-C Authentication Program Officially Launches
The USB Type-C authentication standard is moving forward in an effort to help protect systems against malicious USB devices.
16 days ago
The State of UK Financial Crime, Fraud, and Money Laundering
The survey data provides industry-wide context on the risks to society and how banks and other financial institutions are choosing to respond. While financial firms’ fraud prevention strategies range from implementing the latest technologies to hiring financial crime professionals, the costs of fighting fraud are high — and growing.
16 days ago
Warby Parker alerts customers to cyber data breach
Eyewear retailer Warby Parker announced that it had suffered a cybersecurity breach that may have affected up to 198,000 customers.
16 days ago
Amazon Slip-Up Shows How Much Alexa Really Knows
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
16 days ago
How 3ve’s BGP hijackers eluded the Internet—and made $29M
The Border Gateway Protocol (BGP) is abused to divert gigabytes, or possibly even petabytes, of high-value traffic to ISPs inside Russia or China, sometimes for years at a time, so that the data can be analyzed or manipulated. In one of the most sophisticated uses of BGP hijacking yet, criminals used the technique to generate $29 million in fraudulent ad revenue, in part by taking control of IP addresses belonging to the US Air Force and other reputable organizations.
16 days ago
How China’s Elite APT10 Hackers Stole the World’s Secrets
Imagine you're a burglar. You’ve decided to tackle a high-end luxury apartment. You could spend weeks or months casing the place, studying every resident’s schedule, analyzing the locks on all the doors. You could dig through trash for hints about which units have alarms, run through every permutation of what the codes might be. Or you could also just steal the super’s keys. According to a Justice Department indictment, that is effectively what China has done to the rest of the world since 2014.
16 days ago
Too soon to attribute cyberattack that disrupted U.S. newspapers
It’s too soon to tell whether North Korean hackers were responsible for a cyberattack that prevented multiple major U.S. newspapers from delivering weekend editions on time.
16 days ago
Malware Attack Crippled Production of Major U.S. Newspapers
A malware attack targeting Tribune Publishing Co. crippled the printing and deliveries of several major newspapers across the U.S. – including the Los Angeles Times and Wall Street Journal.
16 days ago
Equifax, others must secure apps as part of New York settlement
The New York attorney general’s office said five apps made by well-known companies could have leaked user data. The firms – Western Union, Priceline, Equifax, Spark Networks, and Credit Sesame – have agreed to revamp the security of their apps as part of a settlement.
government  technology  app  security  barbara  underwood  new  york  attorney  general  settlement  ssl  tls 
16 days ago
Android Pie introduces important security and privacy enhancements
The latest version, Android Pie, implements significant enhancements for cybersecurity, including a stronger encryption and authentication.
16 days ago
Google Beefs Up Android Key Security for Mobile Apps
Changes to how data is encrypted can help developers ward off data leakage and exfiltration.
16 days ago
Lessons to Learn from Armored Cars in the Era of Cloud Computing
When we talk about the future of IT, it’s hard not to think about cloud infrastructure, so when we’re exploring the growth of cloud resources, I’d suggest that it may also be worth having a look back to our past to see what lessons we can learn from the history of protecting our valuable technology assets.
16 days ago
Those are NOT your grandchildren! FTC warns of new scam
The FTC says that its Consumer Sentinel Network has noticed a “striking” increase in the median dollar amount that people 70 and older report losing to fraud. When they started to peel back the layers, the Commission found a number of stories that involve people of that age group having mailed “huge” amounts of cash to people who pretended to be their grandchildren.
16 days ago
Third-Party Investigation Finds No Malicious Chips on Supermicro Motherboards
Supermicro launched an investigation to see if any malicious chips were indeed added on its server motherboards as reported by Bloomberg at the start of October 2018 and the results were negative.
security 
16 days ago
A Chief Security Concern for Executive Teams
It is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer. [Where are the CSOs?]
16 days ago
Equifax Breach 'Entirely Preventable,' House Report Finds
Those findings are contained in a 96-page report issued by the committee's majority staff on Monday. Following its publication, however, two lawmakers criticized the report for being devoid of legislative proposals or oversight changes that would help to prevent these types of breaches, and they released their own set of recommendations.
16 days ago
Insight into the growing problem of highly sophisticated fraud
Sophisticated fraud campaigns are beginning to outwit machine learning solutions especially the ones that only detect known fraud patterns based on historic loss experience.
16 days ago
State Data Breach Notification Laws: 2018 in Review
Recent years have seen significant amounts of legislative activity related to state data breach notification laws, and 2018 was no exception.  Not only did South Dakota and Alabama enact new data breach notification laws in 2018, becoming the last of 50 U.S. states to enact such laws, but other states also enacted changes to existing data breach notification laws during 2018 to expand their scope and implement additional notification requirements.
16 days ago
Glitter bomb video was partially faked
Rober apologized for the misleading content and said he removed the false reactions.
16 days ago
Glitter bomb engineer exacts revenge on parcel thieves
Mark Rober, in his own words, “over-engineered the crap” out of a glitter bomb to sprinkle glee and regular emissions of aerosolized odor upon package thieves…
16 days ago
U.S. House Report Blasts Equifax Over Poor Security Leading to Massive 2017 Breach
Equifax Could Have Prevented Massive Data Breach, Report From U.S. House Says
news  &  industry  incident  response 
16 days ago
Equifax: A study in accountability but not authority responsibility
I have spent hours digesting the recently released U.S. House of Representatives Committee on Oversight and Government Reform report on the Equifax breach. I read the report with a mix of heartfelt empathy and fear-inducing understanding of some of the findings.
16 days ago
Quora data breach: 100 million users affected
Question-and-answer website Quora has suffered a data breach that may have affected approximately 100 million of its users.
16 days ago
Can we live without passwords?
Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve
16 days ago
Three Ways U.S. Commercial Banking is Adopting Software Authentication
For years, financial institutions (FIs) have relied on hardware authentication for their internal users and customers, but this is shifting as software authentication, also known as mobile authentication or soft token authentication, is gaining adoption.
authentication  apps  banking  hard  token  hardware  soft  software 
16 days ago
Fitness-tracking apps caught misusing Touch ID to steal money from iPhone users
Reddit users have shined a spotlight on an underhand user interface trick used by certain iOS fitness apps to trick iPhone owners into approving unwanted in-app payments with Touch ID.
16 days ago
Automated System Bypasses Google reCAPTCHA Again
The unCaptcha automated system can once again bypass Google’s reCAPTCHA challenges, despite major updates to the security service.
16 days ago
There Is No Perfect Time to Tackle Security Tasks, So Don't Wait
Procrastination is an obvious barrier to security success because it puts the business at unnecessary risk. With so much day-to-day work to accomplish, the predictable fires to put out and so on, it’s easy to get distracted and put off what’s most important in your security program.
16 days ago
Hackers Make a Fake Hand to Beat Vein Authentication
Security researchers show how hackers can bypass vein based authentication.
18 days ago
NASA notifies employees of a security intrusion
U.S. National Aeronautics and Space Administration (NASA) notifies employees of a data breach that exposed social security numbers and other personal information.
breaking  news  data  breach  hacking  nasa  pierluigi  paganini  security  affairs 
22 days ago
Marriott data breach losses could be over half a billion dollars
The data breach at Marriott could cost the hotel group as much as $600m, according to risk modelling firm AIR Worldwide.
22 days ago
Evidence in Marriott’s subsidiary Starwood hack points out to China intel
According to the Reuters, people investigating the Marriot data breach believe that it is the result of a cyberattack carried out by Chinese hackers.
breaking  news  cyber  warfare  data  breach  hacking  intelligence  marriot  pierluigi  paganini  security  affairs  state  sponsored  hackers 
22 days ago
Hackers Steal Thousands Of Files From M&A Giant Evercore
Thousands of sensitive documents have been stolen by hackers in a cyber-attack on the influential investment bank Evercore.
22 days ago
FBI Steps Up Efforts Against 'Money Mules' Online Fraud
The FBI and international law enforcement agencies have stepped up efforts against the fraud and say they're building bigger cases than before. Europol said this month it had identified 1,504 money mules, arresting 168, in a continent-wide bust. The FBI in June announced the arrests of 74 people, including 29 in Nigeria, for schemes targeting businesses and the elderly, and has launched a publicity campaign called "Don't Be a Mule."
22 days ago
The bleak picture of two-factor authentication adoption in the wild
...looking at the type of 2FA offered reveals that some verticals, including some that have widely adopted 2FA, solely rely on custom two-factor solutions, instead of using two-factor standards, such as U2F/FIDO and TOTP
27 days ago
Amazon uses dummy parcels to catch thieves
Amazon has teamed up with police in an effort to stop thieves who steal parcels left outside homes.
28 days ago
Madoff’s Victims Are Close to Getting Their $19 Billion Back
A decade after Bernard Madoff was arrested for running the world’s biggest Ponzi scheme, the bitter fight to recoup investors’ lost billions has astounded experts and victims alike.
28 days ago
Conflicted External Auditors at Heart of Equifax Data Breach
The US House Committee on Government Oversight and Reform published the results of its investigation into the Equifax breach, calling it “entirely preventable.” The report highlighted multiple problems, but two issues stand out: overall incompetence by Equifax’s IT security staff, and a reliance on “legacy” systems literally from the 1970’s.
28 days ago
The Future of Remote Work
Will remote work dramatically change the 2020s? Disruption is already beginning. Let’s explore future trends for digital nomads and everyone else — including the cybersecurity implications of our changing workforce habits.
28 days ago
Why Threat Intelligence Should Make Businesses Smarter, Not More Scared
This increased awareness of attacks clearly has both a positive and negative impact for those tasked with protecting business infrastructure and data. While an increased profile encourages organizations to take addressing threats more seriously, it also risks creating unnecessary alarm among business users, especially when panic-inducing headlines are written to drive clicks rather than give any real indications of risk.
28 days ago
Justice Department hopes to disrupt 'dumbest tradition ever' with latest DDoS seizure
The sites involved in the takedown were known as “booter” and “stresser” websites, which enabled users to easily launch DDoS attacks like the kinds that have hit Sony’s PlayStation and Microsoft’s Xbox services in recent Christmas seasons.
technology  ddos  denial  of  service  department  justice  flashpoint  sony 
28 days ago
Financial institutions’ data at risk despite security spending
Digital transformation is driving turmoil among global financial services organizations and leaving sensitive data at risk.
28 days ago
Chinese Government Suspected in Marriott/Starwood Hack
...the hackers left behind some clues suggesting that the attack was part of an intelligence gathering operation conducted by the Chinese government. This assumption is based on the use of tools, techniques and procedures (TTPs) known to be associated with Chinese threat actors.
28 days ago
Unit of Equifax’s auditor EY certified the information security that was later breached
“The problem here seems to be that EY issued an Attest Opinion on the Equifax IT security controls that was apparently not supportable. That calls into question the quality and veracity of their work and that report. It also calls into question whether EY has support for any report issued on the adequacy of the internal controls of Equifax, issued in connection with their independent audit.”
28 days ago
Finra updates cybersecurity best practices report
The "Report on Selected Cybersecurity Practices – 2018" covers five topics addressing the evolving threat of cybercrime and the most frequent findings from its examination program.
28 days ago
« earlier      
#101 #2015 #2016 #2017 #2fa #60minutes #agile #ai #airlines #amazon #analysis #analytics #android #anonymous #anthem #antivirus #apple #apps #apt #arrest #ashleymadison #att #attacks #authentication #awareness #aws #banking #banks #barclays #behavior #bestpractice #bigdata #biometrics #bitcoin #blackberry #bloatware #bluetooth #botnet #bots #breach #breaches #bug #bundestag #byod #callcenter #cars #caselaw #ceo #certs #china #chrome #cisco #cloud #comcast #consumer #costs #crime #criminal #criminals #crypto #culture #cyber #cybercrime #cybersecurity #darkweb #datagov #ddos #dell #devops #dhs #dns #dod #doj #doxing #driveby #drones #ebay #edge #education #elections #email #encryption #espionage #extortion #facebook #fbi #fido #financialservices #fingerprints #fireeye #firmware #flash #flaw #forensics #forrester #fraud #fsps #ftc #future #germany #google #government #hack #hacker #hackers #hacking #hackingteam #hacks #hacktivism #healthcare #history #hsbc #html5 #https #humanfactors #ibm #icloud #idtheft #impact #incident #incidentresponse #infrastructure #insider #intel #investigation #investigations #ios #ios9 #iot #iphone #irs #isis #jailbreak #java #jpmorgan #kaspersky #keys #lastpass #lawsuit #linkedin #linux #lloyds #mac #macos #malvertising #malware #metrics #microsoft #mirai #mit #mna #mobile #monitoring #morganstanley #mrrobot #nfc #nist #notification #nsa #office365 #oops #opensource #opm #osx #ourmine #password #passwords #patch #patching #paypal #phishing #physical #pii #pokemon #pokemongo #pos #prc #predictions #privacy #process #ransomware #raytheon #regulation #research #response #retail #review #rsa #russia #samsung #schneier #sec #security #segmentation #settlement #sha1 #siri #smartphones #sms #snowden #social #socialengineering #socialmedia #sony #spam #ssl #stagefright #standards #statesponsored #strategy #sum #supplier #supplychain #swift #symantec #target #termination #theft #threatintel #threats #ti #tls #tools #tor #transportation #trendmicro #trends #trojan #twitter #uber #usb #ux #verizon #virtualization #voting #vulnerabilities #vulnerability #w10 #websense #wellsfargo #whitehouse #wifi #wikileaks #win10 #windows #windows10 #yahoo #zeroday & a affairs authentication breach breaking cyber data facebook government hacking hardware industry malware news of paganini pierluigi privacy security technology vulnerability

Copy this bookmark:



description:


tags: