Wednesday, June 19, 2019

Ars Technica

The clever cryptography behind Apple’s “Find My” feature

Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar. (credit: Samuel Axon) When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation...

Windows 10 May 2019 Update now rolling out to everyone… slowly

Enlarge (credit: David Holt / Flickr) To avoid a replay of the problems faced by the Windows 10 October 2018 Update, version 1809, Microsoft has taken a very measured approach to the release of the May 2019 Update, version 1903, with both a long spell as release candidate...

33 Linksys router models leak full historic record of every device ever connected

(credit: US Navy) More than 20,000 Linksys wireless routers are regularly leaking full historic records of every device that has ever connected to them, including devices' unique identifiers, names, and the operating systems they use. The data can be used by snoops or hackers in either targeted or...

Computerworld

What the latest iOS passcode hack means for you

A mobile device forensics company now says it can break into any Apple device running iOS 12.3 or below.Israeli-based Cellebrite made the announcement on an updated webpage and through a tweet where it asserted it can unlock and extract data from all iOS and "high-end Android" devices.On the webpage...

How the Huawei ban could become a security threat | TECH(feed)

We’ve already talked about how the Huawei ban may affect business, but how will it affect security? Google has already warned of security threats should the company be unable to send updates to Huawei’s Android-powered devices. And even if Huawei responds with its own OS, will people trust it?...

Time-Machine Tuesday: Get a room!

This security pilot fish is a big believer in automated systems. And he’s very impressed when his company moves into new offices where the meeting rooms take the manual labor out of scheduling meetings.“There are room wizards outside every door to assist in scheduling,” fish says. “And there’s full...

CSO

8 steps to make sure Microsoft Windows 10 1903 is ready for deployment

The May 2019 release of Microsoft Windows 10 1903 is now available to all who click on “check for updates” as long as there is no blocking issue with the machine. Microsoft is no longer using the term "semi annual targeted" in respect to Windows releases. Nor will it...

Cybersecurity pros’ haphazard participation in data privacy raises concern

Before the General Data Protection Regulation (GDPR) became official in May 2018, I heard a similar story from many CISOs. Data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which...

New MongoDB field-level encryption can help prevent data breaches

MongoDB has released a new version today featuring field-level encryption (FLE), a new mechanism that protects sensitive information stored in a database even if attackers compromise the database itself or the server it runs on.MongoDB 4.2’s FLE implementation does not involve storing keys or performing any encryption and decryption...

Dark Reading

How Hackers Emptied Church Coffers with a Simple Phishing Scam

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.

Come to Black Hat USA for the Latest Hardware Hacks

Cars. Vending machines. Hotel suites. Security experts will share the tools and techniques they've used to break into all these things and more at Black Hat USA in October.

Insecure Home IoT Devices a Clear and Present Danger to Corporate Security

Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.

As Cloud Adoption Grows, DLP Remains Key Challenge

As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.

Errata Security

Censorship vs. the memes

The most annoying thing in any conversation is when people drop a meme bomb, some simple concept they've heard elsewhere in a nice package that they really haven't thought through, which takes time and nuance to rebut. These memes are often bankrupt of any meaning.When discussing censorship, which is...

Some Raspberry Pi compatible computers

I noticed this spreadsheet over at r/raspberry_pi reddit. I thought I'd write up some additional notes.https://docs.google.com/spreadsheets/d/1jWMaK-26EEAKMhmp6SLhjScWW2WKH4eKD-93hjpmm_s/edit#gid=0Consider the Upboard, an x86 computer in the Raspberry Pi form factor for $99. When you include storage, power supplies, heatsinks, cases, and so on, it's actually pretty competitive. It's not ARM, so many...

Your threat model is wrong

Several subjects have come up with the past week that all come down to the same thing: your threat model is wrong. Instead of addressing the the threat that exists, you've morphed the threat into something else that you'd rather deal with, or which is easier to understand.PhishingAn example...

F-Secure

Live Coverage Of A Disinformation Operation Against The 2019 EU Parliamentary Elections

I recently worked with investigative journalists from Yle, attempting to uncover disinformation on social media around the May 2019 European elections. This work was also part of F-Secure’s participation in the SHERPA project, which involves developing an understanding of adversarial attacks against machine learning systems – in this case,...

Spam Trends: Top attachments and campaigns

Malware authors tend to prefer specific types of file attachments in their campaigns to distribute malicious content.  During our routine threat landscape monitoring in the last three months, we observed some interesting patterns about the attachment types that are being used in various campaigns. In February and March, we saw...

Discovering Hidden Twitter Amplification

As part of the Horizon 2020 SHERPA project, I’ve been studying adversarial attacks against smart information systems (systems that utilize a combination of big data and machine learning). Social networks fall into this category – they’re powered by recommendation algorithms (often based on machine learning techniques) that process large...

FireEye

Hunting COM Objects (Part Two)

Background As a follow up to Part One in this blog series on COM object hunting, this post will talk about taking the COM object hunting methodology deeper by looking at interesting COM object methods exposed in properties and sub-properties of COM objects. ...

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

FireEye Labs recently observed an attack against the government sector in Central Asia. The attack involved the new HAWKBALL backdoor being delivered via well-known Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. HAWKBALL is a backdoor that attackers can use to collect information from the victim, as...

Hunting COM Objects

COM objects have recently been used by penetration testers, Red Teams, and malicious actors to perform lateral movement. COM objects were studied by several other researchers in the past, including Matt Nelson (enigma0x3), who published a blog post about it in 2017. Some of these...

Forbes

Facebook’s $660,000 Cambridge Analytica Fine Is Almost Meaningless — But That Misses The Point

Facebook's record stock levels show how well it's managed the Cambridge Analytica crisis, despite perennial privacy concerns.

Analytics Are Empowering Next-Gen Access And Zero Trust Security

Employee identities are the new security perimeter of any business. 80% of IT security breaches involve privileged credential access according to a Forrester study. According to the Verizon Mobile Security Index 2018 Report, 89% of organizations are relying on just a single security strategy.

Catalyzing Innovation via Centers, Labs, and Foundries

Collaboration can involve combinations of government, industry and academia working together to meet difficult challenges and cultivate new ideas. A growing trend for leading companies is creating technology specific innovation centers, labs and foundries to accelerate collaboration and invention.

Google Security

Helping organizations do more without collecting more data

Posted by Amanda Walker - Engineering Director, Sarvar Patel - Software Engineer, and Moti Yung - Research Scientist, Private ComputingWe continually invest in new research to advance innovations that preserve individual privacy while enabling valuable insights from data. Earlier this year, we launched Password Checkup, a Chrome extension that...

New Chrome Protections from Deception

Posted by Emily Schechter, Chrome Product Manager Chrome was built with security in mind from the very beginning. Today we’re launching two new features to help protect users from deceptive websites. The Suspicious Site Reporter Extension will improve security for Chrome users by giving power users an easy way...

Improving Security and Privacy for Extensions Users

No, Chrome isn’t killing ad blockers -- we’re making them saferPosted by Devlin Cronin, Chrome Extensions TeamThe Chrome Extensions ecosystem has seen incredible advancement, adoption, and growth since its launch over ten years ago. Extensions are a great way for users to customize their experience in Chrome and on...

Graham Cluley

645,000 people warned their personal health data at risk after phishing attack

The Oregon Department of Human Services has started notifying more than 600,000 people that their personal details have been put at risk after staff were tricked into granting hackers access to millions of emails. Read more in my article on the Hot for Security blog.

NHS service accidentally reveals identities of HIV patients in email blunder

An NHS health board has found itself in the awkward position of apologising to 37 HIV patients, after accidentally disclosing their identities.

Bella Thorne releases her own topless photos after hacker threats

Actress refuses to play into hacker’s hands, and publishes topless images of herself.

IBM Security

Application Security Takeaways From the Ai4 Cybersecurity Conference

I recently had the good fortune to attend the Ai4 Cybersecurity conference in New York City. This event brought together thought leaders, influencers and practitioners over two days to discuss the role of artificial intelligence (AI) and augmented intelligence in the cybersecurity industry. Here are some of the key...

Massachusetts Amends Data Breach Law — What to Know for Your Incident Response Strategy

On Jan. 10, 2019, the governor of Massachusetts finalized the legislative changes to the state data breach law by placing his signature on HB 4806. The amended law, which includes several new requirements and raises the bar for businesses collecting data on Massachusetts residents, is driving organizations to review...

Third-Party Risks Need New Approaches

Businesses in all sectors are adopting new technologies and operating models to digitize processes, leverage more business partners, and widen their ecosystems of suppliers, software-as-a-service (SaaS) providers and cloud service providers (CSPs). There is also a greater number of interconnections between businesses, more interdependency between companies and their vendors,...

Info Security Buzz

What Is A VPN Protocol And Which One Should You Use?

VPN protocols define how data is running between the VPN server and your computer or smartphone. Each VPN protocols has its own specification that provides advantages (and sometimes disadvantages) in a wide variety of circumstances depending on your goals. For example, some VPN protocols focus on download speed, while...

Living On A Network That Must Not Die

The network is the backbone of almost every organisation today. When it is not available productivity falls, the business loses money and its reputation suffers. Typically, the network and its efficient operation is fundamental to the organisation’s success. And yet trends like remote working and virtualisation, while they help drive business flexibility and productivity,...

My Voice Is My Ultimate Password – How Biometrics Can Keep Hackers At Bay

Citrix, a company which works with the likes of the FBI and US military, recently hit the headlines when it fell victim to hackers. The cyber criminals allegedly used a technique called password spraying, which exploits weak passwords. This is just one example of why the traditional username and password combination...

Infosec Island

Influence Operation Uses Old News of New Purposes

A recently uncovered influence campaign presents old terror news stories as if they were new, likely in an attempt to spread fear and uncertainty, Recorded Future reports.  Dubbed Fishwrap, the operation uses 215 social media accounts that leverage a special family of URL shorteners to track click-through from the posts. At...

Spring Cleaning: Why Companies Must Spring Clean Out Their Social Media Accounts This Season

Every year around this time, we collectively decide to open the windows, brush off the dust, and kick the spring season off on a clean foot. But as you are checking off your cleaning to-dos, be sure to add your social media profiles to that list. It’s obvious that...

Building Modern Security Awareness with Experiences

Experiences and events, the way that I define them, are segments of time in which a learner is more actively engaging in an element of your program. At their best, “experiences” should be well, experiential, requiring active participation rather than passively watching or paging through a Computer Based Training...

Infosecurity Magazine

Hackers Gobble Up Data From EatStreet Diners and Partners

Hackers Gobble Up Data From EatStreet Diners and PartnersOnline food ordering service EatStreet has revealed a major data breach affecting customers and restaurant partners. Although the number of companies and individuals affected isn’t known, the firm claims to partner with over 15,000 restaurants in hundreds of US cities, so the...

AMCA Files for Bankruptcy Protection After Breach

AMCA Files for Bankruptcy Protection After BreachThe parent company of healthcare debt collection firm American Medical Collection Agency (AMCA) has filed for bankruptcy protection following a major breach which is thought to have affected as many as 20 million patients. Its Chapter 11 filing in the Southern District of New...

Only Quarter of IaaS Users Can Audit Config Settings

Only Quarter of IaaS Users Can Audit Config SettingsMost global organizations benefit from better security in the cloud than on-premise, with some key exceptions, including data loss prevention and configuration settings, according to McAfee. The security giant polled 1000 enterprises around the world and combined its findings with threat data...

Krebs on Security

Microsoft Patch Tuesday, June 2019 Edition

Microsoft on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by...

LabCorp: 7.7 Million Consumers Hit in Collections Firm Breach

Medical testing giant LabCorp. said today personal and financial data on some 7.7 million consumers were exposed by a breach at a third-party billing collections firm. That third party — the American Medical Collection Agency (AMCA) — also recently notified competing firm Quest Diagnostics that an intrusion in its payments...

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

For almost the past month, key computer systems serving the government of Baltimore, Md. have been held hostage by a ransomware strain known as “Robbinhood.” Media publications have cited sources saying the Robbinhood version that hit Baltimore city computers was powered by “Eternal Blue,” a hacking tool developed by...

Naked Security

Netflix researcher spots TCP SACK flaws in Linux and FreeBSD

Three vulnerabilities in the FreeBSD and Linux kernels could allow attackers to induce a denial-of-service by clogging networking I/O.

Pass the salt! Popular CMSs aren’t securing passwords properly

A group of researchers has discovered that many of the web's most popular content management systems are using obsolete algorithms to protect their users' passwords.

Hospitals are being suffocated by robocalls

Some pretend to be hospitals to get patients' payment data. Others pose as the goverment and try to get confidential data from hospitals.

Millions of Venmo transactions scraped (again)

Not much has changed since a year ago, when a bot was tweeting out publicly visible Venmo "drug" deals from the public-by-default company.

PC Mag

Can Anything Protect Us From Deepfakes?

Along with fake news, forged videos have become a national security concern, especially as the 2020 presidential elections draw near. Researchers at the University of Surrey have developed a solution that might solve the problem.

This South Dakota Summer Camp Is All About CybHER Security

Dr. Pam Rowland, an assistant professor in cyber security at Dakota State University, is leading the charge to attract more women to the field through groups like CybHER, which kicks off its summer camp for teens this weekend in Madison, South Dakota.

Update Your Firefox Browser, Hackers Are Abusing a Serious Bug

Mozilla is warning about a critical 'type confusion vulnerability' in the Firefox browser when it processes certain Javascript code. 'This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw,' the company's security advisory said.

SC Magazine

ACLU tells Ga. Supreme Court Fourth Amendment should apply to personal data stored by cars

Fourth Amendment protections should apply to personal data in a car’s Event Data Recorder, the American Civil Liberties Union (ACLU) will argue before the Georgia Supreme Court today. The state’s high court is hearing oral arguments in Mobley v. State, which challenges law enforcement’s warrantless search and seizure of data gleaned from the so-called...

Report: Iran claims to have thwarted a U.S. cyber espionage operation

Iran is reportedly claiming that it successfully uprooted a CIA-led cyber espionage operation and arrested several U.S. spies in the process. “One of the most complicated CIA cyber espionage networks that had an important role in the CIA’s operations in different countries was exposed by the Iranian intelligence agencies a...

Harmonization of the NIST framework for risk, security and privacy

Amidst rising concern around consumer data privacy, NIST is currently developing a data privacy framework that is similar in spirit to the popular Cybersecurity Framework (CSF). Like the CSF, the upcoming privacy Framework will be a close inter-collaboration between public and private sector stakeholders to create a gold-standard, voluntary framework. The great challenge will likely...

Schneier on Security

Maciej Cegłowski on Privacy in the Information Age

Maciej Cegłowski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small...

Data, Surveillance, and the AI Arms Race

According to foreign policy experts and the defense establishment, the United States is caught in an artificial intelligence arms race with China -- one with serious implications for national security. The conventional version of this story suggests that the United States is at a disadvantage because of self-imposed restraints...

Friday Squid Blogging: Climate Change Could be Good for Squid

Basically, they thrive in a high CO2 environment, because it doesn't bother them and makes their prey weaker. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

SecureMac

Checklist 142: Panic! at the Drive-Thru

On this week’s episode: A four-year security breach at Checkers and Rally’s, Microsoft suggests killing off killing off passwords, and Apple leaves room to peek into MDM deployments The post Checklist 142: Panic! at the Drive-Thru appeared first on SecureMac.

Introducing MacScan 3.2 from SecureMac

New version improves privacy in Safari, offers significant UI/UX upgrades Las Vegas, Nevada — SecureMac is pleased to announce the latest version of its award-winning security software for macOS: MacScan 3.2. This release offers some significant improvements, including UI/UX enhancements as well as a big change for Safari users concerned...

AirPort Base Stations Receive Important Firmware Upgrade

Do you rely on an Apple AirPort for your home Wi-Fi needs, or an AirPort Time Capsule to keep your Mac always backed up? If so, you’ll want to make sure you’ve updated your device to the latest version. On May 30th, Apple released a substantial firmware update for...

Security Affairs

Mozilla fixed a Firefox Zero-Day flaw exploited in targeted attacks

Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild. Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild. The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion...

Yana Peel, chief executive of London’s Galleries, resigned after discovery of her links with NSO group

The head of London’s Serpentine Galleries resigned on Tuesday following a Guardian report about her links to the Israeli surveillance firm NSO Group. On Tuesday, the chief executive of London’s Serpentine Galleries, Yana Peel, resigned following the revelation of the Guardian newspaper about her links to the Israeli surveillance...

DHS also issued an alert for the Windows BlueKeep flaw

The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). After Microsoft and the US NSA, the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. DHS on Monday issued an alert for the BlueKeep Windows flaw (CVE-2019-0708). Experts...

SecurityWeek

Cloud Security Firm Valtix Emerges From Stealth With $14 Million in Funding

Santa Clara, California-based Valtix emerged from stealth mode on Wednesday with a cloud-native network security platform and $14 million in initial funding. read more

Google Boosts Chrome Protection Against Deceptive Sites

Google is making web browsing with Chrome safer with a new option for reporting suspicious websites and a new warning mechanism for sites that use deceptive URLs. read more

645,000 Clients Affected in Oregon Department of Human Services Data Breach

Oregon Department of Human Services officials say they are notifying about 645,000 clients whose personal information is at risk from a January data breach. read more

TechRepublic

How AI-enhanced malware poses a threat to your organization

Malware controlled by artificial intelligence could create more convincing spam, avoid security detection, and better adapt itself to each target, says a new report from Malwarebytes.

Tech news roundup: HPE Discover 2019, Facebook’s Libra cryptocurrency, and Google Cloud’s debacle

This week's TechRepublic and ZDNet news stories include a look at the companies that hire the most data scientists, four significant impacts of a security breach, and a first-hand account of a major hack job.

How to prevent Android from displaying passwords

Don't let bystanders see your Android passwords as you type them. Find out how to disable this feature.

The Guardian

Australian National University hit by huge data breach

Vice-chancellor says hack involved personal and payroll details going back 19 yearsThe Australian National University is in damage control after discovering a major data breach a fortnight ago in which a “significant” amount of staff and student information was accessed by a “sophisticated operator”.In a message to staff and...

The Guardian view on cybercrime: the law must be enforced | Editorial

Governments and police must take crime on the internet seriously. It is where we all live nowAbout half of all property crime in the developed world now takes place online. When so much of our lives, and almost all of our money, have been digitised, this is not surprising...

Saudi Arabia accused of hacking London-based dissident

Kingdom targeted satirist Ghanem Almasarir with Israeli malware, letter of claim allegesSaudi Arabia has been accused of launching a sophisticated hacking attack against a prominent dissident in London who is allegedly living under police protection, according to a letter of claim that has been sent to the kingdom and...

The Hacker News

Firefox Releases Critical Patch Update to Stop Ongoing Zero-Day Attacks

If you use the Firefox web browser, you need to update it right now. Mozilla earlier today released Firefox 67.0.3 and Firefox ESR 60.7.1 versions to patch a critical zero-day vulnerability in the browsing software that hackers have been found exploiting in the wild. Discovered and reported by Samuel Groß, a...

5 Keys to Improve Your Cybersecurity

Cybersecurity isn't easy. If there was a product or service you could buy that would just magically solve all of your cybersecurity problems, everyone would buy that thing, and we could all rest easy. However, that is not the way it works. Technology continues to evolve. Cyber attackers adapt and...

GandCrab Ransomware Decryption Tool [All Versions] — Recover Files for Free

Cybersecurity researchers have released an updated version of GandCrab ransomware decryption tool that could allow millions of affected users to unlock their encrypted files for free without paying a ransom to the cybercriminals. GandCrab is one of the most prolific families of ransomware to date that has infected over 1.5...

The Register

NASA’s JPL may be able to reprogram a probe at the arse end of the solar system, but its security practices are a bit...

Office of the Inspector General brings lab back down to Earth NASA's Jet Propulsion Lab still has "multiple IT security control weaknesses" that expose "systems and data to exploitation by cyber criminals", despite cautions earlier this year.…

Spin the wheel and find today’s leaky cloud DB… *clack clack… clack* A huge trove of medical malpractice complaints

150,000 personal records on people, including US veterans, upset with their healthcare In what has become a depressingly common occurrence, the personal information of hundreds of thousands of people may have fallen into the wrong hands because yet another organization did not secure a cloud-hosted database.…

Awoogah! Awoogah! Firefox fans urged to update and patch zero-day hole exploited in the wild by miscreants

Just make sure you're running the latest version Mozilla has released an emergency critical update for Firefox to squash a zero-day vulnerability that is under active attack.…

The Security Ledger

Cognitive Bias is the Threat Actor you may never detect

Cognitive bias among workers can undermine security work and lead to critical misinterpretations of data, warns Forcepoint X-Labs research scientist, Dr. Margaret Cunningham. The post Cognitive Bias is the Threat Actor you may never detect appeared first on The Security Ledger.Related StoriesDark Web Looms Large as Enterprise ThreatEpisode 148:...

Episode 149: How Real is the Huawei Risk?

In this episode of the podcast we're joined by Priscilla Moriuchi of the firm Recorded Future, which released a report this week analyzing the security risks posed by Huawei, the Chinese telecommunications and technology giant. The post Episode 149: How Real is the Huawei Risk? appeared first on The...

Expert: Patch Bluekeep Now or Face WannaCry Scenario

The flaw known as BlueKeep could be as dangerous as EternalBlue, the basis of recent malware like WannaCry, according to a report by BitSight. The post Expert: Patch Bluekeep Now or Face WannaCry Scenario appeared first on The Security Ledger.Related StoriesMicrosoft ‘Bluekeep’ Flaw threatens Medical Devices, IoTReport: with most...

Threatpost

EatStreet Hackers Chow Down on Diner Data

Gnosticplayers have reportedly taken credit for the breach, which they say consists of 6 million records.

Mozilla Patches Firefox Critical Flaw Under Active Attack

Mozilla released a new update for Firefox after discovering a critical flaw under active attack.

Consumers Urged to Junk Insecure IoT Devices

A security researcher who disclosed flaws impacting 2 million IoT devices in April - and has yet to see a patch or even hear back from the manufacturers contacted - is sounding off on the dire state of IoT security.

Linux Kernel Bug Knocks PCs, IoT Gadgets and More Offline

Four vulnerabilities could "SACK" connected devices with denial-of-service exploits.

Tripwire

Modular Plurox Backdoor Comes with Cryptomining, Worm-Like Plugins

A new modular backdoor detected as “Plurox” comes with multiple plugins that expand its capabilities to include cryptomining and worm-like behavior. In February 2019, Kaspersky Lab’s researchers first detected the backdoor. Their analysis revealed that the backdoor, written in C, arrived with debug lines. This suggests that the malware...

Researchers Release Decryptor that Works against GandCrab Version 5.2

Security researchers have released a decryptor that works against the latest variants of GandCrab ransomware, including version 5.2. On 17 June, Bitdefender announced that users can download the tool from the No More Ransom Project’s website. They can then use the utility to freely decrypt any and all files...

Oregon State University (OSU) Discloses Data Breach

Oregon State University (OSU) has disclosed a security incident that potentially affected the personally identifiable information of some students and their families. On 14 June, OSU announced that the security incident occurred back in May when external actors hacked a university employee’s email account. At the time of compromise,...

Troy Hunt

Weekly Update 143

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsWell this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the...

Hack Yourself First – The UK Tour by Scott Helme

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsIt's the Hack Yourself First UK Tour! I've been tweeting a bit about this over recent times and had meant to write about it earlier, but I've...

Project Svalbard: The Future of Have I Been Pwned

Presently sponsored by: Twilio: Learn what regulations like PSD2 mean for your business, and how Twilio can help you achieve secure, compliant transactionsBack in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping...

We Live Security

You’d better change your birthday – hackers may know your PIN

Are you in the 26% of people who use one of these PIN codes to unlock their phones? The post You’d better change your birthday – hackers may know your PIN appeared first on WeLiveSecurity

Instagram tests new ways to recover hacked accounts

Locked out and out of luck? The photo-sharing platform is trialing new methods to reunite you with your lost account The post Instagram tests new ways to recover hacked accounts appeared first on WeLiveSecurity

Malware sidesteps Google permissions policy with new 2FA bypass technique

ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions The post Malware sidesteps Google permissions policy with new 2FA bypass technique appeared first on WeLiveSecurity

Wired

Google Turns to Retro Cryptography to Keep Datasets Private

Google's Private Join and Compute will let companies compare notes without divulging sensitive information.

How Not To Prevent a Cyberwar With Russia

Former cybersecurity officials warn against a path of aggression that could inflame cyberwar rather than deter it.

A Plan to Stop Breaches With Dead Simple Database Encryption

Database giant MongoDB has a new encryption scheme that should help slow the scourge of breaches.

US to Russia on Nuke Experiments: Do as We Say, Not as We Do

The US is quietly ramping up its plutonium experiments even as Washington raises concerns about Russian testing.

ZDNet

Data breach forces medical debt collector AMCA to file for bankruptcy protection

The aftermath of the data breach seems to be too much for AMCA to bear.

Oracle patches another actively-exploited WebLogic zero-day

New wave of attacks against Oracle WebLogic servers using a brand new zero-day detected over the weekend.

Chrome extension caught hijacking users’ search engine results

Extension developer says he sold the extension weeks before; not responsible for the shady behavior.