Trending Now
LATEST
LINE Launches Public Bug Bounty Program on HackerOne
Japan-based communications company LINE Corporation today announced the launch of a public bug bounty program on hacker-powered pentest and bug bounty platform HackerOne.
Launched in 2011, LINE has grown to become one of the largest social platforms in the world,...
Try as they might, ransomware crooks can’t hide their tells when playing hands
Sophos sees common behavior across various infections Common behaviors shared across all families of ransomware are helping security vendors better spot and isolate attacks.…
Google Chrome experiment crashes browser tabs, impacts companies worldwide
In what looks to be the Chrome team's biggest misstep, companies report massive outages caused by unannounced Chrome experiment.
Threat actor impersonates German, Italian and American gov’t agencies to spread malware
Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan.
Business and...
ISC StormCast for Friday, November 15th 2019
LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/TPM Leaks
GitHub launches ‘Security Lab’ to help secure open source ecosystem
Fourteen companies unite get together to search, find, and fix security flaws in GitHub-hosted open source projects.
Symantec, McAfee Patch Privilege Escalation Bugs
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.
iOS App Tries to Warn You of iPhone Hacking Attempts
iVerify will periodically scan your iPhone to sniff out certain 'side effects' that exploited iOS vulnerabilities tend to generate.
I’m Setting Up My Company’s First Bug-Bounty Program. What Should I Be Thinking About?
Here are some important points to factor into your vulnerability disclosure policy.
I’m Setting Up a Bug-Bounty Program. What Should I be Thinking About?
Here are some important points to factor into your vulnerability disclosure policy.
How to use per-host SSH configuration
Learn how to make your SSH use more efficient and convenient with per-host configurations.
AnteFrigus ransomware leaves C alone, goes after other drives
Security researchers
have come across and analyzed an oddly behaving ransomware variant that
bypasses the victim’s C drive instead targeting the device’s other drives.
An analyst
who tweets under Mol69 and Bleeping
Computer took a look at the odd behavior presented by AnteFrigus ransomware....
Web payment card skimmers add anti-forensics capabilities
Researchers have detected compromises on ecommerce sites with a new JavaScript-based payment card skimmer that uses anti-forensics techniques, including the ability to remove itself from the web page’s code after execution. Dubbed Pipka, the malicious script was found by...
What a pair of Massholes! New England duo cuffed over SIM-swapping cryptocoin charges
Account takeovers allegedly used to plunder digital wallets Two men from Massachusetts have been arrested and charged with 11 criminal counts stemming from a string of account takeovers and cryptocurrency thefts.…
How to manage site settings in Vivaldi for Android
Find out how to enable or disable permissions on a site-by-site basis in the Vivaldi browser.
Corellium: Apple Sued Us After Failed Acquisition Attempt
Florida-based virtualization company Corellium claims that the copyright infringement lawsuit filed by Apple comes in response to a failed acquisition attempt.
read more
Balancing patient security with healthcare innovation | TECH(talk)
Healthcare organizations are one of the most targeted verticals when it comes to cyberattacks. While those organizations must work to secure patients' sensitive data, it can also be helpful to analyze that data to improve patient outcomes. Jason James,...
BSIMM10 Shows Industry Vertical Maturity
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
Open database exposes 93M files on patients of substance abuse facilities
A misconfigured AWS s3 storage bucket reportedly exposed roughly 93 million billing files that contain information on patients of three drug and alcohol addiction facilities operated by San Juan Capistrano, California-based Sunshine Behavioral Health, LLC.
Patients at SBH’s Monarch Shores...
Do You Need To Marie Kondo Your Security Infrastructure?
Implementing cybersecurity can be a lot like the cluttered homes Marie Kondo has turned from messy to ones that inspire joy. Whether you’re a Marie Kondo fan or not, she makes you realize that at some point the ‘stuff’...
PureLocker ransomware. APT33 update. Hong Kong and information war, in the courts and on PornHub. Facebook content takedowns. Alleged criminals prepare to face the court.
PureLocker is a new ransomware strain available in the black market. APT33 is showing a surge of activity. Lawfare and information operations in and around Hong Kong. Facebook takes down content for violating its Community Standards. And two alleged...
The Pursuit Of API-ness
Ray Pompon, Principal Threat Research Evangelist at F5 Networks, examines the ongoing challenge of API visibility and security The word is out. Organisations across the world are finally waking up to the potential of application program interfaces (APIs) transforming business...
Officials warn about the dangers of using public USB charging stations
Travelers should use only AC charging ports, use USB no-data cables, or "USB condom" devices.
Capture the Flag Planned to Find Missing Persons Information
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
Arkansas AG reiterates need to report medical data breaches
Arkansas Attorney General (AG) Leslie Rutledge has advised the state’s medical practitioners of their responsibilities regarding when to report a data breach under the federal state’s Personal Information Protection Act (PIPA).
Meanwhile, in neighboring Tennessee the state-run medical service TennCare...
LEADERS
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I'm speaking on "Securing a World of Physically Capable Computers" at the Indian Institute of Science in Bangalore, India on December 12, 2019.The list is maintained...
Only after running out of hard disk space did firm realise hacker had stolen one million users’ details
Yet another company has been found woefully lacking when it comes to securing consumers’ data.
Read more in my article on the Tripwire State of Security blog.
Technology and Policymakers
Technologists and policymakers largely inhabit two separate worlds. It's an old problem, one that the British scientist CP Snow identified in a 1959 essay entitled The Two Cultures. He called them sciences and humanities, and pointed to the split...
About the “easy to hack” EU Exit: ID Document Check app
The British Home Office’s app for EU citizens applying to live and work in the UK post-Brexit “could allow hackers to steal phone numbers, addresses and passport details.”
But is this something worth losing any sleep over?
Smashing Security #154: A buttock of biometrics
The UK’s Labour Party kicks off its election campaign with claims that it has suffered a sophisticated cyber-attack, Apple’s credit card is accused of being sexist, and what is Google up to with Project Nightingale?
All this and much more...
