New Bluetooth Hack Affects Millions of Vehicles

Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.

BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance

BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.

Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency

The US now has an official federal cybersecurity agency.

Mailing Tech Support a Bomb

I understand his frustration, but this is extreme: When police asked Cryptopay what could have motivated Salonen to send the company a pipe bomb ­ or, rather, two pipe bombs, which is what investigators found when they picked apart the explosive package ...

Lock-Screen Bypass Bug Quietly Patched in Handsets

The flaw in a high-end phones and up-and-coming handsets made by top OEMs allows hackers to bypass handset lock screens in seconds.

AWS rolls out new security feature to prevent accidental S3 data leaks

New settings will prevent accidental S3 bucket leaks --if customers take the time to apply them.

95% of Organizations Have Cultural Issues Around Cybersecurity

Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.

Justice Department Has Prepared Indictment Against Assange, Court Docs Reveal

Black Hat Europe Speaker Q&A: SoarTech's Fernando Maymi on 'Synthetic Humans'

Ahead of his Black Hat Europe appearance, SoarTech's Fernando Maymi explains how and why synthetic humans are critical to the future of cybersecurity.

Russian banks hit by major phishing attacks from two hacker groups

The Silence and MoneyTaker hacking crews have been targeting Russian financial institutions.

BlackBerry absorbs Operation Cleaver beaver Cylance into threat detection unit

$1.4bn match made in heaven BlackBerry has made its biggest acquisition ever, spending over half of its cash pile to bolster its threat detection unit.…

'Unjustifiably excessive': Not even London cops can follow law with their rubbish gang database

Gangs Matrix led to 'multiple and serious' breaches of data protection rules, says watchdog London cops have broken data protection rules by using a controversial database that ranks people's likelihood of gang-related violence but fails to distinguish be ...

Winter Olympic Games hackers are back with an updated arsenal

The group behind Olympic Destroyer are back with an evolved toolkit and malware droppers.

BlackBerry is buying Cylance for $1.4 billion to continue its push into cybersecurity

BlackBerry was best known for keyboard-totting smartphones, but their demise in recent years has seen the Canadia firm pivot towards enterprise services and in particular cybersecurity. That strategy takes a big step further forward today after BlackBerry ...

Malicious code hidden in advert images cost ad networks $1.13bn this year

So-called steganography is rapidly becoming a favored tool of fraudsters.

Workers unaware of travel-related cybersecurity threats, survey finds

This holiday season, over half of adults plan to travel with work devices. Most don't appreciate the risks.

The Hail Mary Plan to Restart a Hacked US Electric Grid

Posted by InfoSec News on Nov 16https://www.wired.com/s
tory/black-start-power-gr
id-darpa-plum-island/ By Lily Hay Newman Wired.com 11.14.18
IN HIS YEARS-LONG career developing software for power grids, Stan McHann had never before heard the ominous noise ...

System error: Japan cybersecurity minister admits he has never used a computer

Posted by InfoSec News on Nov 16https://www.theguardian
.com/world/2018/nov/15/ja
pan-cyber-security-minist
ernever-used-computer-yos
hitaka-sakurada By Justin McCurry and agencies The Guardian 14 Nov 2018 A Japanese minister in charge of cybersecurity has pr ...

Most ATMs can be hacked in under 20 minutes

Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking.

MIT to Oz: Crypto-busting laws risk banning security tests

I see the red team and I want it painted black Australia's government's crypto-busting legislation risks blocking security research, a leading Internet policy boffin has warned.…

Congress Passes Bill for New Federal Cybersecurity Agency

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

Congress Passes Bill for New Federal Cybersecurity Agency

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

Up to three million kids' GPS watches can be tracked by parents... and any miscreant: Flaws spill pick-and-choose catalog for perverts

Gadgets can be hacked to spy on, find youngsters – claim Parents could be unwittingly putting their children's safety and privacy at risk, thanks to security vulnerabilities in potentially millions of kids' GPS-tracker watches.…

Japan cybersecurity and Olympics minister - "I've never used a computer"

Responsible for preparations for the 2020 Tokyo Summer Games.

Facebook reports a massive spike in government demands for data, including secret orders

Facebook has published the details of 13 historical national security letters it’s received for user data. The embattled social media giant said that the letters dated between 2014 and 2017 for several Facebook and Instagram accounts. These demands for ...

Managing the Risk of IT-OT Convergence

Why manufacturing and logistics are especially challenged.

DOD disables file sharing service due to 'security risks'

AMRDEC SAFE portal had been to handle the transfer of classified and non-classified materials.

Connected Wristwatch Allows Hackers to Stalk, Spy On Children

"Our advice is to stop using this watch" as mitigations are not available, researchers told Threatpost.

Data Leaking Holes Riddle Intel, AMD, Arm Chips

Facebook’s weapon amid chaos and controversy: misdirection

The New York Times’ bombshell report into the past three years at Facebook paint a grotesque picture of the company’s attempts to navigate a string of high profile controversies by using unsavory, unethical and dark PR tactics. The Times’ report, ci ...

Facebook under pressure over Soros smear tactics

Facebook is facing calls to conduct an external investigation into its own lobbying and PR activities by an aide to billionaire George Soros. BuzzFeed reports that Michael Vachon, an advisor to the chairman at Soros Fund Management, made the call in a le ...

Ahead of Black Friday, Rash of Malware Families Takes Aim at Holiday Shoppers

As consumers skip the store crowds in favor of online deals, cyberattackers have geared up to victimize them.

Tech giants take seats on Homeland Security’s new supply chain task force

Homeland Security’s supply chain task force is finally off the ground.. The public-private coalition, set up earlier this year, now has representatives from more than two dozen companies and industry groups signed up to help the government try to combat ...

Mozilla: Firefox will start alerting you to recently breached sites

Mozilla brings Firefox Monitor to Firefox on the desktop.

Chip Cards Fail to Reduce Credit Card Fraud in the US

A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signatu ...

Japanese cybersecurity minister finds computers a mystery

The man in charge of cybersecurity not only said he does not use a PC but seemed stumped when asked about risks associated with USB drives.

Exclusive: Dragos Raises $37 Million to Secure Industrial Systems

Posted by InfoSec News on Nov 15http://fortune.com/2018
/11/14/dragos-raise-fundi
ng-venture-capital-energy
-grid-security/ By Robert Hackett Fortune.com 11/14
/2018 Two years ago when Rob Lee first sought funding for his cybersecurity startup Dragos, most v ...

US asks London court to hand over two alleged hackers

Posted by InfoSec News on Nov 15https://www.bbc.com/new
s/technology-46206614 By Sajid Iqbal Community affairs specialist BBC.com 11/04/
2018 The two men are accused of being members of a 36-strong group said to have been behind a dark web forum responsibl ...

Security breach at Nordstrom exposed sensitive employee data

Posted by InfoSec News on Nov 15https://www.seattletime
s.com/business/retail/sec
urity-breach-at-nordstrom
-exposed-sensitive-employ
ee-data/ By Benjamin Romano Seattle Times business reporter November 9, 2018 Updated November 11, 2018 Seattle-based retailer ...

Experts: Cyberattacks Could Threaten Entire Countries, Not Just Energy Assets

Posted by InfoSec News on Nov 15https://oilprice.com/La
test-Energy-News/World-Ne
ws/Experts-Cyberattacks-C
ould-Threaten-Entire-Coun
tries-Not-Just-Energy-Ass
ets.html By Tsvetana Paraskova Oilprice.com No
v 14, 2018 Cyber attacks have grown bolder and increas ...

Dutch government report says Microsoft Office telemetry collection breaks GDPR

Microsoft pledges to address issues; has already released a "zero exhaust" Office telemetry setting.

Tencent's WeChat steps up censorship to clear undesirable content

WeChat's is purging undesirable content on its platform to maintain a 'healthy' reading environment as required by the government.

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

A slew of verified Twitter accounts have been hijacked and altered, used to tweet out a bogus Bitcoin giveaway scam.

Pwn2Own Trifecta: Galaxy S9, iPhone X and Xiaomi Mi6 Fall to Hackers

Hacker contest earns participants $325,000 based on the discovery of 18 vulnerabilities.

Did you by chance hack OPM back in 2015? Good news, your password probably still works!

Government audit finds office still hasn't cleaned up from Obama-era megabreach More than three years after suffering one of the largest cyber-attacks in US government history, the Office of Personnel Management has yet to adopt dozens of the security mea ...

Special Report: How ZTE helped Venezuela create China-style social control

Fatherland card.

Elephants and information leaks

Posted by Dave Aitel on Nov 14https://immunityproduct
s.blogspot.com/2018/11/re
cent-kernel-memory-disclo
sure-bugs-in.html We don't usually detail publicly the amount of engineering that goes into a CANVAS exploit. But above is a blogpost about some of our ...

Cryptojacking, Mobile Malware Growing Threats to the Enterprise

At the same time, criminal organizations continue to look for new ways to attack their victims.

Siemens Patches Firewall Flaw That Put Operations at Risk

The industrial company on Tuesday released mitigations for eight vulnerabilities overall.

Judge orders Amazon to turn over Echo recordings in double murder case

A New Hampshire judge has ordered Amazon to turn over two days of Amazon Echo recordings in a double murder case. Prosecutors believe that recordings from an Amazon Echo in a Farmington home where two women were murdered in January 2017 may yield further ...

Can Businesses Stand Up to Cybercrime? Only 61% Say Yes

While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.

Mozilla ranks dozens of popular ‘smart’ gift ideas on creepiness and security

If you’re planning on picking up some cool new smart device for a loved one this holiday season, it might be worth your while to check whether it’s one of the good ones or not. Not just in the quality of the camera or step tracking, but the security a ...

US Asks London Court To Hand Over Two Alleged Hackers

Want To Hack An ATM For Free Cash? It's As Easy As Windows XP

Guilty of your roots: Why Kaspersky believes tech nationalism is on our doorstep

The answer lies in why Kaspersky has now moved core systems from Russia to Switzerland.

Researchers discover seven new Meltdown and Spectre attacks

Experiments showed that processors from AMD, ARM, and Intel are affected.

Cylance researchers discover powerful new nation-state APT

Posted by InfoSec News on Nov 14https://www.csoonline.c
om/article/3319787/advanc
ed-persistent-threats/cyl
ance-researchers-discover
-powerful-new-nation-stat
e-apt.html By J.M. Porup Senior Writer CSO Nov 12, 2018 When a Belgian locksmith attacked the Pakist ...

Drive-by shooting suspect remotely wipes iPhone X, catches extra charges

Posted by InfoSec News on Nov 14https://appleinsider.co
m/articles/18/11/12/drive
-by-shooting-suspect-remo
tely-wipes-iphone-x-catch
es-extra-charges By Roger Fingas appleinsider Novem
ber 12, 2018 Police suspect Juelle Grant as the driver in the Oct. 23 shoo ...

Moody's is going to start building the risk of a business-ending hack into its credit ratings

Posted by InfoSec News on Nov 14https://www.cnbc.com/20
18/11/12/moodys-to-build-
business-hacking-risk-int
o-credit-ratings.html By Kate Fazzini CNBC.com 12 Nov 2018 Moody's will soon start using its credit-rating expertise to evaluate organizations on the ...

US Air Force moves to fortify F-35 weak points against hacking

Posted by InfoSec News on Nov 14https://www.defensenews
.com/air/2018/11/14/us-ai
r-force-moves-to-fortify-
f-35-weak-points-against-
hacking/ By Sebastian Sprenger DefenseNews Nove
mber 14, 2018 BERLIN -- The U.S. Air Force is devoting fresh energy to pluggin ...

Greens flag AU$1.5 billion NBN policy, Aussie GDPR, data retention repeal

The Greens party wants to invest AU$1.5 billion to make the NBN more equitable, AU$100 million in video game development, and AU$63 million in digital inclusiveness, as well as repealing data retention and setting up a Digital Rights Commissioner and GDPR ...

Hunt finally submits to My Health Record arm-twists as opt-out window extended

Health minister Greg Hunt has confirmed the opt-out period now ends January 31. The government has also proposed a Data Governance Board to oversee the secondary use of health data.

Call of Duty swatting killer pleads guilty to 47 criminal charges

Another two awaiting trial over sad death of Andrew Finch One of three people charged over the December 2017 “swatting” death of 28-year-old Andrew Finch has entered a guilty plea.…

Scumbag who called a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges

Another two awaiting trial over slaying of Andrew Finch One of three people charged over the December 2017 “swatting” death of 28-year-old Andrew Finch has pleaded guilty in the US.…

Meet the Magecart hackers, a persistent credit card skimmer group of groups you’ve never heard of

There have been few hacker groups that have been responsible for as many headlines this year as Magecart. You might not know the name, but you probably haven’t missed their work — highly targeted credit card skimming attacks, hitting Ticketmaster and ...

Microsoft Patches Zero-Day Bug in Win7, Server 2008 and 2008 R2

Microsoft’s November Patch Tuesday fixes include mitigation against a zero-day vulnerability leaving Windows 7, Server 2008 and Server 2008 R2 open to attack.

Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed

Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.

Russia: We did not hack the US Democrats. But IF we did, we're immune from prosecution (lmao)

Hackers are lethal weapons, as in diplomatic... oh forget it The Russian government has denied having anything to do with hacking the US Democratic party in 2016, although in a court filing this week stressed that even if it did break into the DNC's serve ...

Google’s G Suite, Search and Analytics Traffic Taken Down in Hijacking

Google cloud business customers were impacted by a Border Gateway Protocol hijacking.

Google Traffic Temporarily Rerouted via Russia, China

The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.

Unpatched Android OS Flaw Allows Adversaries to Track User Location

The vulnerability is one of many with the same root cause: Cross-process information leakage.

Google’s Project Fi gets an improved VPN service

Google’s Project Fi wireless service is getting a major update today that introduces an optional always-on VPN service and a smarter way to switch between WiFi and cellular connections. By default, Fi already uses a VPN service to protect users when th ...