Thursday, July 19, 2018

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

ThreatList: Popular Apps Get Enterprise Blacklisted

Apps most often blacklisted by enterprises provide messenger, VoIP and navigation services.

Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company.

LabCorp Investigates a Potential Breach that Could Affect Millions

The nation's largest blood test processor detected “suspicious activity” on its network this past weekend.

Oracle Sets All-Time Record with July Critical Patch Update

July's critical patch update addresses 334 security vulnerabilities (including 61 rated critical) covering a vast swathe of the Oracle enterprise portfolio.

Microsoft Bounty Program Offers Payouts for Identity Service Bugs

A high-quality multi-factor authentication bypass submission can win a bounty hunter up to $100,000.

Smaller Nation State Attacks: A Growing Cyber Menace

While there certainly remains a global hierarchy when it comes to cyber capabilities, smaller state and non-state actors are increasingly exploiting the asymmetric nature of cyberspace to achieve a broad range of objectives.

800K Patient Records At Issue in ProCare Health Snafu

IT companies allege that one of New Zealand’s largest networks of doctors and nurses has been storing hundreds of thousands of sensitive patient records, without express consent.

Peer-to-Peer Crypto-Exchanges: A Haven for Money Laundering

Buyers and sellers can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.

Recent Andariel Group ActiveX Attacks Point to Future Targets

Changes in the group's script may indicate that the hackers may start using attack vectors other than ActiveX.

DDoS Attacks Get Bigger, Smarter and More Diverse

DDoS attacks is relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet's oldest nemesis.

No Evidence of GandCrab Leveraging SMB Exploit – Yet

Researchers found a new version of GandCrab - but no evidence that the ransomware is using the same SMB exploit as Wannacry.

Newsmaker Interview: Bruce Schneier on ‘Going Dark’ and the Crypto Arms Race

Noted cryptographer waxes on the threats posed by physical cyber systems, 'going dark' and a crypto arms race.

DanaBot Trojan Targets Bank Customers In Phishing Scam

A new phishing scam purports to be MYOB invoices - but really contains a novel banking trojan.

Justice Department Indicts 12 Russian Nationals Tied to 2016 Election Hacking

Indictments are part of special counsel Robert Mueller's investigation of Russian interference in the 2016 elections.

Indian iPhone Spy Campaign Used Fake MDM Platform

Cyberattackers have used a bogus mobile device management (MDM) system to target a small – but presumably high-value – set of iPhones in India in a cyberespionage campaign that has some unusual hallmarks.

ThreatList: Bug Bounty Payouts Increase Six Percent for Critical Vulnerabilities

HackerOne’s 2018 Hacker-Powered Security Report showed that the average award for critical vulnerabilities has increased.

Sextortionists Shift Scare Tactics to Include Legit Passwords

The scam emails offer, as proof of compromise, a password associated with the target’s online accounts.

Unsanctioned Apps Invite Fox into Cybersecurity Hen House

In this InfoSec Insider, Tim Bandos looks at why network admins will want to keep a close watch on network traffic within the enterprise.

Hacker Compromises Air Force Captain to Steal Sensitive Drone Info

The thief also had a second dataset, including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course and documentation on improvised explosive device (IED) mitigation tactics.

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.