Tuesday, March 19, 2019

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.

The Case of the Missing Data

The latest twist in the Equifax breach has serious implications for organizations.

Norsk Hydro Shuts Plants Amid Ransomware Attack

The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.

Stealing Corporate Funds Still Top Goal of Messaging Attacks

Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.

Crowdsourced vs. Traditional Pen Testing

A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.

New Mirai Version Targets Business IoT Devices

The notorious Internet of Things botnet is evolving to attack more types of devices - including those found in enterprises.

New IoT Security Bill: Third Time’s the Charm?

The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.

New Europol Protocol Addresses Cross-Border Cyberattacks

The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.

Dragos Buys ICS Firm with US Dept. of Energy Roots

NexDefense ICS security tool will be offered for free by Dragos.

Are You Prepared for a Zombie (Domain) Apocalypse?

When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.

Don’t Miss these Intriguing Black Hat Asia Briefings

With two weeks to go, organizers would like to quickly highlight some Black Hat Asia Briefings that you may have overlooked!

Don’t Miss these Intriguing Black Hat Asia Briefings

With two weeks to go, organizers would like to quickly highlight some Black Hat Asia Briefings that you may have overlooked!

7 Low-Cost Security Tools

Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.

Could Beto O’Rourke Become the First Hacker President?

New report details the Democratic candidate's time as a member of Cult of the Dead Cow.

Proof-of-Concept Tracking System Finds RATs Worldwide

Using a combination of Shodan scans and data from partners, Recorded Future finds nearly 500 malware controllers for 14 different families of remote-access Trojans, as well as the corporate networks they have infected.

On Norman Castles and the Internet

When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?

Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites

New JavaScript Sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.

Ransomware’s New Normal

GandCrab's evolution underscores a shift in ransomware attack methods.

Anomaly Detection Techniques: Defining Normal

The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.

US Prosecutors Investigate Facebook’s Data-Sharing Deals

The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.