Trending Now
LATEST
ISC StormCast for Thursday, August 22nd 2019
KAPE vs. Commando VM: Red vs. Blue https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/Attacks against Exposed
Ready or Not, Here Comes FIDO: How to Prepare for Success
Planning and Preparation Are Key to Successfully Adopting FIDO Standards for “Simpler, Stronger Authentication”
read more
Amazon, Microsoft, May be Putting World at Risk of Killer AI, Says Report
Amazon, Microsoft and Intel are among leading tech companies that could spearhead a global AI arms race, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons.
read more
The Joy of Six… critical security patches: Cisco small biz switches open to hijacking via web UI
Turn it on, download these fixes, crank it up – and rip the KNOB off Cisco has emitted a fresh round of software updates to address security holes in its network switches and controllers.…
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
142: Mercedes secret sensors, smart cities, and ransomware runs riot
Darknet Diaries host Jack Rhysider joins us to discuss how cities in Texas are being hit by a wave of ransomware, how Mercedes Benz has installed a tracker in your car (but not for the reason you think), the...
A botnet has been cannibalizing other hackers’ web shells for more than a year
Neutrino botnet is hijacking servers by taking over other hackers' PHP and Java web shells.
Finally. Thanks so much, nerds. Google, Apple, Mozilla end government* internet spying for good
* Terms and conditions apply. Offer not valid outside Kazakhstan. Your home may be repossessed if you do not keep up payments On Wednesday, Google, Apple, and Mozilla said their web browsers will block the Kazakhstan root Certificate Authority...
Silence APT Group Broadens Attacks on Banks, Gets More Dangerous
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IP says.
Splunk Buys SignalFx for $1.05 Billion
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
MoviePass database exposes 161 million records
An exposed database on a MoviePass subdomain
housing 161 million records was left unsecured and exposed credit card and
customer card information on at least 60,000 of the ticket service’s
customers.
The database, which included expiration dates,
names and addresses on some users as...
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
‘Box Shield’ Brings New Security Controls
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
eSentire Blends Managed Detection Response With Machine Learning
While many infosec pros believe they're getting managed detection response (MDR) from their managed security service providers, that's not necessarily the case, according to Eldon Sprickerhoff, Founder and Chief Innovation Officer of eSentire. Adding machine learning to the mix...
Here’s a top tip: Don’t trust the new guy – block web domains less than a month old. They are bound to be dodgy
Better to be aggressive and safe than sorry IT admins could go a long way towards protecting their users from malware and other dodgy stuff on the internet if they ban access to any web domain less than a...
Companies Act to Defend Privacy of Kazakhstanis
Companies Act to Defend Privacy of Kazakhstanis Google and Mozilla today took action to protect the online security and privacy of internet users in Kazakhstan following credible reports that the Kazakhstan government was intercepting internet traffic within the country.
A report published...
China criticizes Twitter and Facebook. Silence expands internationally. A popular Ruby library was backdoored.
China says Twitter and Facebook are restricting its freedom of speech. The Silence criminal gang has expanded internationally. Google, Mozilla, and Apple are blocking the Kazakh government’s root certificate. A popular Ruby library was backdoored after a developer’s account...
Russian APT ‘Silence’ Steals $3.5 Million in One Year
A Russian-speaking threat group has managed to steal roughly $3.5 million since September 2018 by increasing the frequency of attacks, Singapore-based cybersecurity firm Group-IB reveals.
read more
China is Spying on Cancer Research
China is Spying on Cancer Research The healthcare industry has many ailments: financial pressures, a lack of skilled healthcare providers, uncertainties around reform and, in many cases, an increasingly unhealthy populace. But that’s not all it has...
IDG Contributor Network: How to become a cybersecurity RSO
What is an RSO? A “reliability seeking organization,” as described in Vanderbilt Professor Rangaraj Ramanujam’s book Organizing for Reliability. We tend to think of cybersecurity as black and white; breach or no breach. We often focus on architecture, threats...
Identity And Security: A Perfect Match
It is no secret that there has been a steep rise in the number of cybercriminals looking to target businesses to obtain personal data and intellectual property. Last year, the ICO issued a record breaking total of monetary penalties...
Capital One hacker to ask for release on bail
The person behind the massive Capital One data breach that
exposed more than 100 million records will go before a federal judge on Friday
and ask to be released on bail.
The transgender Paige Thompson, who identifies as female, is
expected to say...
Visa Tackles Payment Fraud with New Security Services
Visa this week announced a new set of capabilities aimed at improving fraud prevention and cybersecurity of payment systems.
The new payment security services are meant to detect and disrupt fraud threats targeting financial institutions and merchants, and are available...
CISA Insights: Ransomware Outbreak
Original release date: August 21, 2019The Cybersecurity and Infrastructure Security Agency (CISA) has released its first CISA Insights product, which discusses the rapid emergence of ransomware across our Nation’s networks. CISA Insights – Ransomware Outbreak includes steps in the...
Ransomware Hits Fortnite Players
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
LEADERS
Forced Password Reset? Check Your Assumptions
Almost weekly now I hear from an indignant reader who suspects a data breach at a Web site they frequent that has just asked the reader to reset their password. Further investigation almost invariably reveals that the password reset...
Google Finds 20-Year-Old Microsoft Windows Vulnerability
There's no indication that this vulnerability was ever used in the wild, but the code it was discovered in -- Microsoft's Text Services Framework -- has been around since Windows XP.
D’oh! Apple botches iOS update, leaves iPhones open to jailbreaking
For the first time in years, hackers have created a working exploit that can jailbreak the latest, fully-updated version of iOS.
And a goof by Apple has allowed them do it.
Read more in my article on the Hot for Security...
Surveillance as a Condition for Humanitarian Aid
Excellent op-ed on the growing trend to tie humanitarian aid to surveillance.
Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political...
20 month prison sentence for British hacker who made fortune helping SIM-swap fraudsters
A teenage British hacker, who previously played a role in the infamous TalkTalk data breach, has been sentenced to 20 months in prison after pleading guilty to selling hacking services and stolen personal data for cryptocurrency.
Read more in my...
