The Last Watchdog

APRIL 18, 2019

A dozen years after Apple launched the first iPhone, igniting the smartphone market, the Bring Your Own Device to work phenomenon is alive and well. Related: Stopping mobile device exploits. The security issues posed by BYOD are as complex and difficult to address as ever. Meanwhile, the pressure for companies to proactively address mobile security is mounting from two quarters.

MDM 183

MDM Phishing Security Access 183

Troy Hunt

APRIL 15, 2019

Do you ever hear those stories from your parents along the lines of "when I was young." and then there's a tale of how risky life was back then compared to today. You know, stuff like having to walk themselves to school without adult supervision, crazy stuff like that which we somehow seem to worry much more about today than what we did then. Never mind that far less kids go missing today than 20 years ago and there's much less chance of them being hit by a car , circumstances are such today tha

Passwords 111

Passwords Privacy Security Access 111

Data Breach Today

APRIL 17, 2019

Cisco Talos Researchers Describe Group's Methods A nation-state sponsored espionage campaign dubbed "Sea Turtle" has been manipulating the domain name system to target more than 40 organizations, including intelligence agencies - especially in North Africa and the Middle East, Cisco Talos warns. Experts say defenses against DNS hijacking lag.

217

217

Krebs on Security

APRIL 17, 2019

I’m not a huge fan of stories about stories, or those that explore the ins and outs of reporting a breach. But occasionally I feel obligated to publish such accounts when companies respond to a breach report in such a way that it’s crystal clear they wouldn’t know what to do with a data breach if it bit them in the nose, let alone festered unmolested in some dark corner of their operations.

Data breaches 277

Data breaches Phishing Retail Access 277

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Last Watchdog

APRIL 17, 2019

It’s edifying what you can find shopping in the nether reaches of the dark web. Related: Why government encryption backdoors should never be normalized. Academic researchers from Georgia State University in the U.S. and the University of Surrey in the U.K. recently teamed up and found evidence of an emerging market for stolen and spoofed machine identities.

Marketing 133

Marketing Digital transformation Sales Encryption 133

Data Breach Today

APRIL 15, 2019

Report: Hacker Could Spoof Child's Location, View Personal Information An Australian company that markets a smartwatch designed to let parents monitor their child has taken its service offline after researchers revealed hackers could listen in on and spy on a child's location. The finding marks another damaging security finding for smartwatches.

Marketing 263

Marketing Security IT 263

Krebs on Security

APRIL 15, 2019

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. Wipro has refused to respond to questions about the alleged incident.

IT 270

IT Insurance Communications Phishing 270

The Last Watchdog

APRIL 16, 2019

A recent poll of some 300 senior executives from U.S.-based life sciences and high-tech manufacturing companies sheds light on how digital transformation – and the rising role of third-party partners – have combined to create unprecedented operational challenges in the brave new world of digital commerce. Related: AI one-upsmanship prevails in antivirus field.

Digital transformation 133

Digital transformation Manufacturing Healthcare Compliance 133

Security Affairs

APRIL 19, 2019

Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig , APT34 , and HelixKitten. OilRig is an Iran-linked APT group that has been around since at least 2014, it targeted mainly organizations in the financial, government, energy, telecoms and chemical

Phishing 111

Phishing Government IT Security 111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

APRIL 19, 2019

Millions of Instagram Users Affected by Plain-Text Password Storage Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.

Passwords 249

Passwords Security 249

Krebs on Security

APRIL 14, 2019

Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “ Land Lordz ,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings. The ne’er-do-well who set up the account below has been paying $550 a month for a Land Lordz “basic plan” subscription at landlordz[.]site that helps him manage more than

Phishing 249

Phishing Authentication Paper Security 249

The Last Watchdog

APRIL 18, 2019

Imposing just the right touch of policies and procedures towards mitigating cyber risks is a core challenge facing any company caught up in digital transformation. Related: Data breaches fuel fledgling cyber insurance market. Enterprises, especially, tend to be methodical and plodding. Digital transformation is all about high-velocity innovation and on-the-fly change.

Security 113

Security Digital transformation Risk Cloud 113

Security Affairs

APRIL 19, 2019

Other problems for Facebook that admitted to have stored m illions of Instagram users’ passwords in plaintext. Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission. In March, Facebook admitted to have stored the passwords of hundreds of millions of users in plain text, including “tens of thousands” passwords belong

Passwords 111

Passwords Privacy Authentication Access 111

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

APRIL 17, 2019

Facebook's Cryptocurrency Folly, Scaling Security and Why Doomsday Is Temporary From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

Blockchain 249

Blockchain GDPR Privacy Cybersecurity 249

Krebs on Security

APRIL 18, 2019

The crooks responsible for launching phishing campaigns that netted dozens of employees and more than 100 computer systems last month at Wipro , India’s third-largest IT outsourcing firm, also appear to have targeted a number of other competing providers, including Infosys and Cognizant , new evidence suggests. The clues so far suggest the work of a fairly experienced crime group that is focused on perpetrating gift card fraud.

IT 216

IT Retail Phishing Access 216

WIRED Threat Level

APRIL 15, 2019

Hackers spent months with full access to Outlook, Hotmail, and MSN email accounts—and got in through Microsoft's customer support platform.

Access 111

Access Security 111

Security Affairs

APRIL 16, 2019

Ecuador suffered 40 million cyber attacks on websites of public institutions since the arrest of Wikileaks founder Julian Assange. Last week, WikiLeaks founder Julian Assange has been arrested at the Ecuadorian Embassy in London. after Ecuador withdrew asylum after seven years. In response to the arrest acktivist communities launched several attacks against the Ecuador government.

Government 111

Government Data breaches Communications Access 111

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

APRIL 15, 2019

Blue Cross of Idaho and Palmetto Health Report Financial, Payroll Breaches Two recent data breaches at organizations in the healthcare sector illustrate that systems beyond those directly related to patient care can be at risk.

Data breaches 247

Data breaches Risk 247

Krebs on Security

APRIL 19, 2019

Marcus Hutchins, a 24-year-old blogger and malware researcher arrested in 2017 for allegedly authoring and selling malware designed to steal online banking credentials, has pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices. Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry worm.

Government 207

Government Manufacturing Communications Ransomware 207

Schneier on Security

APRIL 15, 2019

Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables: But now the Chinese conglomerate Huawei Technologies, the leading firm working to deliver 5G telephony networks globally, has gone to sea. Under its Huawei Marine Networks component, it is constructing or improving nearly 100 submarine cables around the world.

Communications 109

Communications Security IT 109

Security Affairs

APRIL 15, 2019

Experts at Imperva discovered a new type of large-scale DDoS attack that abuses the HTML5 Ping-based hyperlink auditing feature. Experts at Imperva Vitaly Simonovich and Dima Bekerman observed a large-scale DDoS attack abusing the HTML5 Ping-based hyperlink auditing feature. The DDoS attack peaked at a massive 7,500 requests per second and delivered more than 70 million requests over a four-hour period from around 4,000 user IPs. “We recently investigated a DDoS attack which was generated

Security 112

Security IT 112

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

APRIL 16, 2019

Boston Children's Hospital is pioneering the use of Amazon's Alexa voice assist technology in the healthcare sector. John Brownstein, the hospital's chief innovation officer, discusses the security measures involved.

Security 238

Security 238

Threatpost

APRIL 18, 2019

The U.S-focused eGobbler malvertising attacks are exploiting an unpatched Google Chrome bug.

Security 108

Security 108

WIRED Threat Level

APRIL 17, 2019

A mysterious new group called Sea Turtle targeted 40 organizations in a DNS hijacking spree.

Security 108

Security 108

Security Affairs

APRIL 19, 2019

Experts warn of security flaws in the Broadcom WiFi chipset drivers that could allow potential attackers to remotely execute arbitrary code and to trigger DoS. According to a DHS/CISA alert and a CERT/CC vulnerability note, Broadcom WiFi chipset drivers are affected by security vulnerabilities impacting multiple operating systems. The flaws could be exploited to remotely execute arbitrary code and to trigger a denial-of-service condition. “The CERT Coordination Center (CERT/CC) has release

IoT 111

IoT Security Risk Access 111

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

APRIL 17, 2019

But Does 'Flaw' in DICOM File Format Represent a Serious Risk? A "flaw" in the file format of the DICOM standard for communication of medical imaging information could be exploited to hide malware in MRI and CT scans alongside patient data, according to a new research report. But the developer of DICOM contends the feature isn't a flaw and any risks can be mitigated.

Communications 229

Communications Risk 229

Schneier on Security

APRIL 18, 2019

DNS hijacking isn't new, but this seems to be an attack of uprecidented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like.co.uk or.ru that end a foreign web address -- putting all the traffic of every domain in multiple co

Military 107

Military Risk IT Security 107

Threatpost

APRIL 18, 2019

The incident was the work of malicious cyberattackers.

105

105