Tuesday, October 23, 2018

Have Cybersecurity Training, Will Travel

Have Cybersecurity Training, Will Travel Late last week, members of the congressional staff had an opportunity to engage in cybersecurity training through the hands-on exercises brought to them, quite literally, by IBM's X-Force command cyber-tactical operations center (C-TOC) – a first-of-its-kind...

Facebook Is in Retail Therapy, Shopping for Security Firms

Facebook Is in Retail Therapy, Shopping for Security FirmsFacebook is apparently heeding the wisdom in the old adage, “When things get tough, the tough go shopping.” According to The Information, Facebook is currently shopping for a major cybersecurity...

75K Files Accessed in Insurance Exchanges Breach

75K Files Accessed in Insurance Exchanges BreachEarly last week, the Centers for Medicare & Medicaid Services (CMS) announced some suspicious activity in the Federally Facilitated Exchanges (FFE), an agent and broker exchanges portal. On October 13, 2018, a CMS staffer...

US Indicts Another Russian for Role in Info Warfare Campaign

US Indicts Another Russian for Role in Info Warfare CampaignThe US authorities have charged another Russian national as part of the ongoing conspiracy to interfere in its political system and attempt to undermine democracy. Elena Alekseevna Khusyaynova, 44, of St. Petersburg...

PM Urges Sanctions in Response to Cyber-Attacks

PM Urges Sanctions in Response to Cyber-AttacksTheresa May has urged the EU to adopt a new sanctions regime to punish nation states that engage in persistent cyber-attacks. The move comes as the bloc signed up to new chemical weapons sanctions...

Anthem in Record $16m HIPAA Settlement

Anthem in Record $16m HIPAA Settlement Healthcare insurance giant Anthem has agreed to pay a record $16m settlement to the US government after a major 2015 breach affecting nearly 79 million customers. The Blue Cross and Blue Shield Association licensee...

Yale Faces Additional Lawsuit After 2011 Breach

Yale Faces Additional Lawsuit After 2011 BreachDespite its reputation as having the top law school in the country, Yale University is facing a second lawsuit after the personal information of more than 100,000 students was stolen by hackers in...

Fin Firms: Look to Mobile, Social for Comms Risks

Fin Firms: Look to Mobile, Social for Comms RisksA survey of nearly 200 financial services compliance individuals conducted throughout February and March 2018 found that organizations are struggling to keep pace with evolving technologies and have fallen behind when it...

Flaw in Libssh Grants Admin Control to Servers

Flaw in Libssh Grants Admin Control to ServersSecurity researcher Peter Winter-Smith discovered a four-year-old authentication bypass vulnerability in the server code of libssh versions 0.6 and above. According to Winter-Smith’s tweet, “The root cause is that the libSSH server...

US Voter Leak Hits Tea Party Organization

US Voter Leak Hits Tea Party OrganizationThe personal details of over half a million American voters has been leaked after yet another cloud database misconfiguration, this time by a right-wing fundraising organization. Researchers at UpGuard found a publicly readable Amazon...

Experts Question ‘Official’ Drop in Cybercrime

Experts Question 'Official' Drop in CybercrimeThe latest Office of National Statistics (ONS) report on UK cybercrime reveals “computer misuse” has fallen 30% over the past year, but the body itself has cautioned against drawing too many conclusions from the...

Secret Comment Crew Code Spotted in New Attack

Secret Comment Crew Code Spotted in New AttackResearchers have spotted the first stage of a new advanced persistent threat (APT) campaign targeting mainly South Korean victims and borrowing code from the notorious Chinese hacking group Comment Crew. Operation Oceansalt is...

GreyEnergy Potential Successor of BlackEnergy

GreyEnergy Potential Successor of BlackEnergyGreyEnergy, a subgroup of the advanced persistent threat (APT) group known as BlackEnergy, has been attacking the energy sector for the past three years, according to ESET. Back in December of 2015, when approximately 230,000 people...

Consumers Forgive Post-Breach, Want Privacy Rules

Consumers Forgive Post-Breach, Want Privacy RulesIn a recent survey of more than 1,000 consumers, nearly half of the respondents said that when a company immediately discloses a data breach, they are open to forgiving the brand. The Consumer Attitudes Toward...

Amid Fears of Election Security, SEO Poisons URLs

Amid Fears of Election Security, SEO Poisons URLsA recent poll from the University of Chicago Harris School of Public Policy and the Associated Press–NORC Center for Public Affairs Research found that a wide majority of Americans are concerned about election security...
SecurityWeek

Japan Orders Facebook to Improve Data Protection

The Japanese government on Monday ordered Facebook to improve protection of users' personal information following data breaches affecting tens of millions of people worldwide. read more

If Facebook buys a security company, how will it retain the staff who absolutely hate Facebook?

According to reports, Facebook is planning to acquire a cybersecurity firm. But what will the security boffins think of working for Mark Zuckerberg of all people?
The Register

jQuery? More like preyQuery: File upload tool can be exploited to hijack at-risk websites

Flaw present for the past eight years, easy to exploit, and there are thousands of forks A serious vulnerability in a widely used, and widely forked, jQuery file upload plugin may have been exploited for years by hackers to...

Watch how a Tesla Model S was stolen with just a tablet

Criminals were able to dupe the Tesla’s passive entry system into giving them access, and letting them drive away. (But only after they struggled to unplug it.)

Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition

Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.