Krebs on Security

AUGUST 2, 2018

A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. And with good reason — sex sells (the second most-read piece here was my 2015 scoop about the Ashley Madison hack ). But beneath the lurid allure of both stories lies a more unsettling reality: It has never been easier for scam artists to launch convincing, targeted phishing and

Phishing 173

Phishing Passwords Data breaches Personal data 173

Thales Cloud Protection & Licensing

JULY 31, 2018

The newest CipherTrust Cloud Key Manager capability. CipherTrust Cloud Key Manager is a multi-cloud encryption key management solution ideal for customers using Microsoft Azure Key Vault , Amazon Web Services Key Management Service , Microsoft Office365 or Salesforce Shield Platform Encryption. Before I talk about the importance of the newest feature of Cipher Trust Key Manager let’s define some terms to get everyone thinking similarly about keys and key management.

Encryption 54

Encryption Cloud Compliance Security 54

WIRED Threat Level

AUGUST 1, 2018

The tech community has known about the risk of using SMS in two-factor authentication for years. Reddit appears to have missed the memo.

Authentication 132

Authentication Risk Security 132

Security Affairs

AUGUST 1, 2018

Google recently removed 145 applications from the official Google Play store because they were found to carry malicious Windows executables inside. Researchers from Palo Alto Networks revealed that Google removed more than 145 apps from the Play store because they were carrying a Windows malware, The apps were uploaded to the Google Play store between October and November 2017, this means that for months Android users were exposed to the attack.

File names 238

File names Passwords Security IT 238

Advertiser: ZoomInfo

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

Sales

Krebs on Security

AUGUST 1, 2018

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showcases once again why relying on mobile text messages (SMS) for two-factor authentication (2FA) can lull companies and end users into a false sense of security.

Authentication 226

Authentication Passwords Phishing Data breaches 226

WIRED Threat Level

JULY 29, 2018

Inside Cloudflare's San Francisco office, 100 units of Edward Craven Walker’s groovy hardware help guard the internet.

Security 279

Security 279

Security Affairs

AUGUST 1, 2018

Reddit Warns Users of Data Breach. Reddit is warning its users of a security breach, an attacker broke into the systems of the platform and accessed user data. Reddit is warning its users of a security breach, a hacker broke into the systems of the platform and accessed user data. The hacker accessed user data, email addresses, and a 2007 backup database containing hashed passwords managed by the platform.

Data breaches 198

Data breaches Access Passwords Authentication 198

Krebs on Security

AUGUST 3, 2018

TCM Bank , a company that helps more than 750 small and community U.S. banks issue credit cards to their account holders, said a Web site misconfiguration exposed the names, addresses, dates of birth and Social Security numbers of thousands of people who applied for cards between early March 2017 and mid-July 2018. TCM is a subsidiary of Washington, D.C.

Data breaches 193

Data breaches Retail Risk Marketing 193

The Last Watchdog

JULY 30, 2018

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. One of more fascinating innovators in this space is 11-year-old DataLocker, based in Overland Park, Kansas. Related: How DataLocker got its start h. Co-founder Jay took a business trip to South Korea in the fall of 2007.

Encryption 203

Encryption Military Passwords Authentication 203

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

Data Breach Today

JULY 31, 2018

UnityPoint Health Says Hackers' Likely Goal Was Business Email Compromise Fraud A large Midwestern health network says a successful phishing campaign exposed a raft of personal and medical data stored in its email systems. The count of affected victims numbers 1.4 million, although investigators believe stealing personal data was not the attackers' goal.

Data breaches 169

Data breaches Personal data Phishing IT 169

Security Affairs

JULY 31, 2018

The security experts from Sophos have published a report on the multimillion-dollar black market business for crooks, they analyzed the SamSam ransomware case as a case study. The researchers that have tracked Bitcoin addresses managed by the crime gang discovered that crooks behind the SamSam ransomware had extorted nearly $6 million from the victims since December 2015 when it appeared in the threat landscape. “SamSam has earned its creator(s) more than US$5.9 Million since late 2015. 74

Ransomware 197

Ransomware Encryption Marketing Data breaches 197

WIRED Threat Level

JULY 31, 2018

The company removed 32 pages and accounts from Facebook and Instagram for “coordinated inauthentic behavior.”.

Security 154

Security 154

The Last Watchdog

AUGUST 2, 2018

The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training. The National Cyber Security Alliance is a non-profit group, underwritten by the top tech companies and biggest banks, that has been out there since 2001 promoting best practices and supplying pr

Cybersecurity 160

Cybersecurity Security Cleanup Education 160

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Data Breach Today

AUGUST 3, 2018

Marketing Cloud Data Potentially Accessed or Corrupted Over 6-Week Period Cloud-based CRM giant Salesforce.com is warning some of its Marketing Cloud users that any data they stored may have been accessed by third parties or inadvertently corrupted because of an API error that persisted for six weeks.

Marketing 167

Marketing Cloud Security Access 167

Security Affairs

AUGUST 3, 2018

Experts uncovered a massive cryptojacking campaign that is targeting MikroTik routers to inject a Coinhive cryptocurrency mining script in the web traffic. Security experts have uncovered a massive cryptojacking campaign that is targeting MikroTik routers, the hackers aim to change the configuration of the devices to inject a Coinhive cryptocurrency mining script in the users’ web traffic.

Mining 189

Mining Libraries Security IT 189

WIRED Threat Level

JULY 31, 2018

After five years, US lawmakers and law enforcement are starting to fight back against 3-D printed firearms and "ghost guns.".

Security 150

Security 150

The Last Watchdog

JULY 30, 2018

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

Analytics 140

Analytics Cybersecurity Data collection Security 140

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Data Breach Today

AUGUST 2, 2018

86 Percent of Bugs Patchable Within 24 Hours, Says Flexera's Alejandro Lavie One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.

Security 157

Security IT 157

Security Affairs

JULY 30, 2018

ICO platforms are becoming a privileged target for hackers, the last victim in order of time is KickICO, a Blockchain crowdfunding website for ICO. On Friday, KickICO disclosed a security breach, according to the platform attackers accessed to its wallets and stole over 70 million KICK tokens (roughly $7.7 million at the time). The incident occurred on July 26, at 09:04 UTC, KickICO CEO Anti Danilevski explained that its staff learned of the security breach from victims who complained to it. 

Security 189

Security Blockchain Data breaches Access 189

WIRED Threat Level

AUGUST 1, 2018

The Justice Department announced the arrest of three members of notorious cybercrime group Fin7—and detailed some of their methods in the process.

Security 145

Security 145

Dark Reading

JULY 31, 2018

The second installment in a series highlighting women who are driving change in cybersecurity but may not be on your radar - yet.

Cybersecurity 111

Cybersecurity Security 111

Advertiser: ZoomInfo

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

Marketing

Data Breach Today

AUGUST 1, 2018

Propaganda Efforts - and Adversary OPSEC - Continue to Improve, Experts Warn Facebook has suspended eight pages and 24 accounts for "coordinated inauthentic behavior" tied to apparent political influence campaigns ahead of an event in Washington. While Facebook declined to attribute the activities to specific individuals or groups, U.S. lawmakers are blaming the Kremlin.

154

154

Security Affairs

JULY 29, 2018

Cisco Talos researchers found tens of flaws in Samsung SmartThings Hub controller that potentially expose smart home devices to attack. Cisco Talos researchers have discovered 20 vulnerabilities in Samsung SmartThings Hub controller that potentially expose any supported third-party smart home devices to cyber attack. “Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub.” reads the analysis published by Talos. “These

IoT 188

IoT Authentication Communications IT 188

WIRED Threat Level

AUGUST 1, 2018

Defense Distributed has complied with a nationwide injunction issued against its 3-D printed gun files, but the matter is far from settled.

IT 131

IT Security 131

Schneier on Security

AUGUST 3, 2018

Humble Bundle sells groups of e-books at ridiculously low prices, DRM free. This month , the bundles are all Wiley titles, including three of my books: Applied Cryptography , Secrets and Lies , and Cryptography Engineering. $15 gets you everything, and they're all DRM-free. Even better, a portion of the proceeds goes to the EFF. As a board member, I've seen the other side of this.

IT 110

IT 110

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

AUGUST 1, 2018

Mikhail Malykhin's Schemes Drove Healthcare Benefits Firm Out of Business Russian national Mikhail Malykhin, who was illegally residing in the U.S., has received a 70-month prison sentence after admitting to hack attacks and conspiring to use fraudulent debit cards issued via a hacked healthcare benefits administrator.

150

150

Security Affairs

JULY 29, 2018

Several U.S. state and local government agencies have reported receiving suspicious letters via snail mail containing malware-laden CD. Crooks and cyberspies attempt to exploit any attack vector to compromise the targeted computers and the case we are going to discuss demonstrate it. The popular security expert Brian Krebs reported that several U.S. state and local government agencies have reported receiving suspicious letters via snail mail containing malware-laden compact discs (CDs).

Government 188

Government Archiving Phishing Security 188

WIRED Threat Level

JULY 31, 2018

The National Risk Management Center will give critical infrastructure companies much needed-support when under cyberattack.

Risk 118

Risk Security 118