Sat.Sep 01, 2018 - Fri.Sep 07, 2018

article thumbnail

Five-Eyes Intelligence Services Choose Surveillance Over Security

Schneier on Security

The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a " Statement of Principles on Access to Evidence and Encryption " where they claim their needs for surveillance outweigh everyone's needs for security and privacy.the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security.

Security 110
article thumbnail

Hardware security still essential at the heart of the payments infrastructure

Thales Cloud Protection & Licensing

In my recent blog on the evolving PCI SSC initiatives in 2018, “ Minor on PCI DSS, major on almost everything else ,” I outlined how the organisation is covering new areas to reflect the migration from physical card payments to online digital payments. Much of the latest innovation involves the use of mobile devices (for both initiation and acceptance ) to provide greater flexibility in how payments can be made and offer additional methods to authenticate transactions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Does size matter? The repercussions of data breaches for small and large organisations

IT Governance

Data breaches can happen to anybody. Incidents at large organisations – such as Dixons Carphone and Superdrug – might be reported on more often, giving you the impression that they are the most frequent targets, but these are actually the exception. Breaches occur most often at SMEs (small and medium-sized enterprises), if only because there are a lot more of them.

article thumbnail

An untold story of a memory corruption bug in Skype

Security Affairs

Security expert discovered that S kype has a malloc(): memory corruption vulnerability that could be triggered while users share some media/file with someone during a call. . Tested on: Linux zero 4.15.0-29-generic #31-Ubuntu SMP Tue Jul 17 15:39:52 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux (Ubuntu 18.04 LTS). Product affected: Skype for linux (skypeforlinux_8.27.0.85_amd64.deb) Steps to reproduce this issue: 1.

Security 246
article thumbnail

How to Achieve High-Accuracy Results When Using LLMs

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

article thumbnail

For 2nd Time in 3 Years, Mobile Spyware Maker mSpy Leaks Millions of Sensitive Records

Krebs on Security

mSpy , the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Passwords 213

More Trending

article thumbnail

NEW TECH: Critical Start applies ‘zero-trust’ security model to managed security services

The Last Watchdog

All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks. That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more.

Security 189
article thumbnail

MEGA Chrome browser extension hacked, bogus version stole users’ credentials

Security Affairs

The MEGA Chrome browser extension had been hacked and replaced with a one that steals users’ credentials for popular web services. Are you using the MEGA Chrome browser extension? Uninstall it now because the Chrome extension for MEGA file storage service had been hacked and replaced with a one that steals users’ credentials for popular web services (i.e.

Passwords 213
article thumbnail

Leader of DDoS-for-Hire Gang Pleads Guilty to Bomb Threats

Krebs on Security

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was “Feds Can’t Touch Us” pleaded guilty this week to making bomb threats against thousands of schools. On Aug. 31, officers with the U.K.’s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

Security 190
article thumbnail

Popular Mac App Adware Doctor Actually Acts Like Spyware

WIRED Threat Level

Adware Doctor has long been one of the top-selling apps in the Mac App Store. But researchers say it harvested browsing data, and sent it to China.

IT 190
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

NEW TECH: WhiteSource leverages automation to mitigate lurking open-source vulnerabilities

The Last Watchdog

Just like the best sourdough bread derives from a “mother” yeast that gets divided, passed around, and used over and over, open-source software applications get fashioned from a “mother” library of code created and passed around by developers. Related: Equifax hack highlights open source attack vectors. In today’s world, quick innovations are a necessity, and software developers would rather not lose valuable time reinventing the wheel.

article thumbnail

USB Drives shipped with Schneider Solar Products were infected with malware

Security Affairs

Schneider Electric announced that some of the USB drives it has shipped with its Conext ComBox and Conext Battery Monitor products were infected with malware. Schneider Electric has found a malicious code on the USB drives that have been shipped with Conext ComBox and Conext Battery Monitor products. Both products are part of the solar energy offering of the vendor.

article thumbnail

Business Email Compromise Schemes Most Seek Wire Transfers

Data Breach Today

'CEO Fraud' Social-Engineering Attacks Continue to Surge Business email compromise attacks continue to be lucrative, for the criminally inclined. With the FBI reporting that reports of such attacks have recently doubled, researchers find that tricking victims into making fraudulent wire transfers remains attackers' top goal.

170
170
article thumbnail

Twitter Finally Bans Alex Jones—Over a Publicity Stunt

WIRED Threat Level

After years of abuse and spreading conspiracy theories, Alex Jones finally went too far for Twitter with a relatively tame rant.

Security 190
article thumbnail

5 Ways You Can Win Faster with Gen AI in Sales

Incorporating generative AI (gen AI) into your sales process can speed up your wins through improved efficiency, personalized customer interactions, and better informed decision- making. Gen AI is a game changer for busy salespeople and can reduce time-consuming tasks, such as customer research, note-taking, and writing emails, and provide insightful data analysis and recommendations.

article thumbnail

Browser Extensions: Are They Worth the Risk?

Krebs on Security

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or

Risk 169
article thumbnail

Hackers can easily access 3D printers exposed online for sabotage and espionage

Security Affairs

Security researchers at the SANS Internet Storm Center discovered that thousands of 3D printers are exposed online without proper defense. The news is worrisome, thousands of 3D printers are exposed online to remote cyber attacks. According to the experts at SANS Internet Storm Center that scanned the internet for vulnerable 3D printers, a Shodan query has found more than 3,700 instances of OctoPrint interfaces exposed online, most in the United States (1,600).

Access 200
article thumbnail

Card-Skimming Malware Campaign Hits Dozens of Sites Daily

Data Breach Today

Lock Down Magento E-Commerce Software or See Card Details Get Routed to Moscow In the past six months, more than 7,000 sites that run Magento e-commerce software have been infected with malicious JavaScript designed to harvest customers' payment card details as they finalize their orders, a security researcher warns.

Security 169
article thumbnail

Fake Beto O'Rourke Texts Expose New Playground for Trolls

WIRED Threat Level

Someone hijacked a volunteer tool to make it look like Beto O'Rourke encouraged voter fraud—and that could just be the beginning.

IT 170
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

MY TAKE: The amazing ways hackers manipulate ‘runtime’ to disguise deep network breaches

The Last Watchdog

There is a concept in computing, called runtime, that is so essential and occurs so ubiquitously that it has long been taken for granted. Now cyber criminals have begun to leverage this heretofore innocuous component of computing to insinuate themselves deep inside of company networks. Related: The coming wave of ‘microcode’ attacks. They’ve figured out how to manipulate applications while in runtime and execute powerful and stealthy attacks that bypass conventional security tools.

article thumbnail

MagentoCore skimmer already infected 7,339 Magento stores

Security Affairs

MagentoCore skimmer already infected 7,339 Magento stores, according to the Willem de Groot who uncovered the campaign, it is the most aggressive to date. The cybersecurity researcher Willem de Groot has uncovered a massive hacking campaign aimed at Magento stores. The hackers have already infected 7,339 Magento stores with a skimmer script, dubbed MagentoCore, that siphons payment card data from users who purchased on the sites.

article thumbnail

Why the Midterm Elections Are Hackable

Data Breach Today

With the midterm elections just around the corner, Barbara Simons, author of the election security book "Broken Ballots," explains why some voting computers remain inherently flawed.

Security 167
article thumbnail

How Google Chrome Spent a Decade Making the Web More Secure

WIRED Threat Level

Ten years after Chrome debuted, a look back at how the browser redefined security online.

Security 151
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

MY TAKE: Can Hollywood’s highly effective ‘source-code’ security tools help make IoT safe?

The Last Watchdog

Over the past couple of decades, some amazing advances in locking down software code have quietly unfolded in, of all places, Hollywood. Related: HBO hack spurs cyber insurance market. Makes sense, though. Digital media and entertainment giants like Netflix, Amazon, Hulu, HBO, ESPN, Sony, and Disney are obsessive about protecting their turf. These Tinsel Town powerhouses retain armies of investigators and lawyers engaged in a never-ending war to keep piracy and subscription fraud in check.

IoT 133
article thumbnail

Group-IB UncoversAPT- attacks on Banks: The Sound of Silence

Security Affairs

Researchers at security firm Group-IB have exposed the attacks carried out by the Silence cybercriminal group, providing details on its tactics and tools. Experts at security firm Group-IB have exposed the attacks committed by Silence cybercriminal group. While the gang had previously targeted Russian banks, Group-IB experts also have discovered evidence of the group’s activity in more than 25 countries worldwide.

Phishing 193
article thumbnail

Google Promises Crackdown on 'Tech Support' Fraudsters

Data Breach Today

But Tech-Support Fraud is Surging, via Cold Calls, Phishing and More, FBI Warns While tech-support scams have proliferated for years, the FBI says losses tied to such fraud are now higher than ever. Google has pledged to crack down on fake tech-support listings. But fraudsters regularly employ a variety of channels, including cold calls, pop-up windows and phishing emails.

Phishing 165
article thumbnail

DoJ Charges North Korean Hacker for Sony, WannaCry, and More

WIRED Threat Level

The Department of Justice has taken its first legal action against North Korea's cybercrimes, in a massive complaint made public Thursday.

IT 148
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

The Last Watchdog

Most large enterprises today can point to multi-millions of dollars expended over the past two decades erecting “layered defenses” to protect their digital systems. Yet catastrophic network breaches continue apace. Turns out there’s a downside to “defense in depth.”. Related: Obsolecense creeps into legacy systems. There’s no doubt that monitoring and continually updating all parts of a multi-tiered security system is a must-do best practice.

article thumbnail

Many misconfigured Tor sites expose the public IP address via SSL certificates

Security Affairs

Security researcher discovered that many misconfigured Tor sites using SSL certificated could expose the public IP addresses of underlying servers. Yonathan Klijnsma , a threat researcher at RiskIQ, has discovered that many misconfigured Tor sites using SSL certificated could expose the public IP addresses of underlying servers. Properly configured servers hosting hidden services have to listen only on the localhost (127.0.0.1) instead of any other public IP address. “The way these guys a

Security 192
article thumbnail

Hacker Flies Away With British Airways Customer Data

Data Breach Today

'Personal and Financial Details' Stolen From 380,000 Website and App Transactions British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.