Tuesday, May 21, 2019

Rats leave the sinking ship as hackers’ forum gets hacked

The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.
The Register

iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2

Cheapskate fandroids get a pass on this one, though Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by...
Bruce Schneier

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all...

DDoS Attacks on the Rise After Long Period of Decline

DDoS Attacks on the Rise After Long Period of DeclineThe number of DDoS attacks increased by 84% in the first quarter of 2019 compared to Q4 2018, according to new research from Kaspersky Lab. The global cybersecurity company’s findings, detailed...
SecurityWeek

Awareness Training Firm KnowBe4 Acquires Awareness Measurement Firm CLTRe

Tampa Bay, FL-based security awareness and simulated phishing firm KnowBe4 has acquired Oslo, Norway-based security culture measurement company CLTRe for an undisclosed sum. read more
Tripwire

HawkEye Attack Wave Sends Stolen Data to Another Keylogger Provider

A recent attack wave involving HawkEye malware sends data stolen from its victims to another keylogger provider’s website. On 21 May, My Online Security came across a new sample of HawkEye. The actual delivery mechanism itself wasn’t unique compared...

Washington Issues Temporary License to Huawei

Washington Issues Temporary License to Huawei The US government has issued a temporary license to Huawei and its affiliates, allowing American companies to supply the telecoms and handset giant until August. Despite reports emerging over the weekend of various chipmakers...
isBuzz

GDPR: The Best Strategy For International Businesses

The EU’s General Data Protection Regulation (GDPR) was created with the aim of homogenising data privacy laws across the EU. GDPR also applies to organisations outside the EU, if they monitor EU data subjects, or offer goods and services...
IBM Security

How Cyber-Secure Are Business Travelers? New Report Says Not Very

I travel frequently for business — to industry conferences such as RSA Conference and Black Hat and meeting with clients. Whenever I travel, I bring my work laptop, my personal cellphone enabled with work email and calendar, and, of...

Haas F1 team leans on service providers as security force multipliers

If today’s cars are smartphones on wheels, then race cars are supercomputers with engines attached. As the fastest racing sport in the world, Formula One cars come laden with over 100 sensors measuring every aspect of a car’s internal...

How to implement and use the MITRE ATT&CK framework

Mitigating security vulnerabilities is difficult. Attackers need to exploit just one vulnerability to breach your network, but defenders have to secure everything. That’s why security programs have been shifting resources toward detection and response: detecting when the bad guys...

WordPress plugin sees second serious security bug in six weeks

Researchers have uncovered another serious bug in WP Live Chat that could lead to the mass compromise of websites.
SecurityWeek

From APES to Bespoke Security Automated as a Service

Many of the most innovative security start-ups I come across share a common heritage - their core product evolved from a need to automate the delivery of an advanced service that had begun as a boutique or specialized consulting...

Aussie Government IT Worker Arrested for Cryptomining

Aussie Government IT Worker Arrested for CryptominingAn Australian government IT contractor has been arrested on suspicion of making thousands from an illegal cryptocurrency mining operation at work. The 33-year-old New South Wales man appeared in court today after allegedly earning...
SecurityWeek

Industrial Robotics – Are You Increasing Your Cybersecurity Risk?

There’s nothing fundamentally novel about the use of robots in industrial environments. For nearly half a century, they’ve been changing the way that we manufacture products and deal with risk in hazardous environments. From automotive assembly lines to mines,...

Fifth of Docker Containers Have No Root Passwords

Fifth of Docker Containers Have No Root PasswordsA fifth of the world’s most popular Docker containers contain a security issue which could make them vulnerable to attack in some circumstances, a researcher has discovered. Kenna Security principal security engineer, Jerry...

KnowBe4 Announces Acquisition of CLTRe

KnowBe4 Announces Acquisition of CLTReKnowBe4 has announced the acquisition of CLTRe, adding the capability to measure security culture into its portfolio. Led by Kai Roer, CLTRe is a Norwegian company focused on helping organizations assess, build, maintain and measure a...
SecurityWeek

LeakedSource Operator Pleads Guilty in Canada

Canadian authorities announced last week that Defiant Tech Inc., the company that ran LeakedSource, pleaded guilty to trafficking identity information and possession of property obtained through crime. read more

Think Data Security, Not Endpoint Security

A strong data protection strategy is essential to protect information as it moves across endpoints and in the cloud.
ZDNet

Some Elasticsearch security features are now free for everyone

Company makes TLS support and fine-grained user/role management free for everyone.
Cisco

Cisco Secure Boot Hardware Tampering Vulnerability

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects...
Cisco

Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability

A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user...

Staying Cyber Safe During Memorial Day

Original release date: May 20, 2019As Memorial Day approaches, the Cybersecurity and Infrastructure Security Agency (CISA) reminds users to stay cyber safe. Users should be cautious of potential scams, such as unsolicited emails that contain malicious links or attachments...

SB19-140: Vulnerability Summary for the Week of May 13, 2019

Original release date: May 20, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD...
Have I Been Pwned

OGUsers – 161,143 breached accounts

In May 2019, the account hijacking and SIM swapping forum OGusers suffered a data breach. The breach exposed a database backup from December 2018 which was published on a rival hacking forum. There were 161k unique email addresses spread...