Chipotle's Latest Bug Hurts Your Wallet, Not Your Stomach

StarHub buys controlling stake in Accel in cybersecurity boost

Singapore telco buys 51 percent stake in Accel Systems for S$19.38 million in a move it says will boost its cybersecurity offerings.

Friday Squid Blogging: Squid and Chips

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read ...

Forbes Names Beyond Fear as One of the "13 Books Technology Executives Should Have On Their Shelves"

It's a good list.

FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info

Federal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.

Threatpost News Wrap, May 26, 2017

Mike Mimoso and Chris Brook recap the news of the week, including the EternalRocks worm, the latest on WannaCry, a subtitle hack, and a Twitter flaw.

Elections, Deceptions & Political Breaches

Political hacks have many lessons for the business world.

Florida GOP Consultant Admits Working With Guccifer 2.0

Rash Of Phishing Attacks Use HTTPS To Con Victims

Phishing sites are deploying freely available TLS certificates in order to dupe victims into thinking they're visiting a safe site.

8 Most Overlooked Security Threats

Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.

Botnets: The Most Powerful Weapon On The Internet

Democracy-Minded Defcon Hackers Promise Punishing Probe On US Election Computers

Samba patches remotely exploitable security hole

All versions from 3.5.0 vulnerable.

New Samba Bug Dangerous But No WannaCry

The administrators of the open-source Samba software have fixed a newly discovered vulnerability that lets attackers upload malicious files to vulnerable systems and servers.

Security and Human Behavior (SHB 2017)

I'm in Cambridge University, at the tenth Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Ross Anderson, Alessandro Acquisti, and myse ...

In the Cloud, Evolving Infrastructure Means Evolving Alliances

New opportunities makes for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers and developers.

WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows

Flashpoint says the Chinese-language link doesn't shoot down theories of the North Korean Lazarus Group's involvement in the ransomware worm attacks, however.

WannaCry Gives Consumers a First Look into Ransomware

Although ransomware has been around for two years, it took the fast-moving and expansive WannaCry to provide a majority of consumers their first glimpse, according to a study released today.

Samba Patches Wormable Bug Exploitable With One Line Of Code

The Samba Team has patched a severe bug that leaves computers vulnerable to wormable exploit.

You Have One Year to Make GDPR Your Biggest Security Victory Ever

The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.

Platform Risk

Posted by dave aitel on May 25COM SECURITY TALK from INFILTRATE 2017: https://vimeo.com/2148565
42 Ok, so I have a concept that I've tried to explain a bunch of times and failed every time. And it's how not just codebases decompose, but also whole platform ...

Crysis ransomware master keys released to the public

A total of 200 master keys can now be used by victims to decrypt and unlock their systems.

Botnets: Inside the race to stop the most powerful weapon on the internet

How security professionals stopped one botnet attack from getting much worse.

Split Tunnel SMTP Exploit Bypasses Email Security Gateways

Attackers can inject malicious payloads directly to email server via email encryption appliances, Securolytics says.

Metadata breach the only time journalist source records have been accessed: AFP

The Australian Federal Police bungled the only time it handled a journalist's metadata, with the feds asserting that they have never made any journalist warrant applications.

Bogus anti-WannaCry apps appear in Google Play

Android not affected by Windows vulnerability.

Password Breaches Fueling Booming Credential Stuffing Business

The market for automated credential stuffing tools is growing fast, because of a record number of breaches.

WannaCry: The North Korea Debate

Researchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.

DDoS Attacks Fell 23% in First Quarter, Grew in Size

Although the number of DDoS attacks dropped in the first three months of the year, the average size of each attack grew, according to a Verisign report released Tuesday.

Twitter Flaw Could Have Allowed Attacker to Tweet From Any Account

Twitter fixed a flaw in its Twitter Ads service could have allowed an attacker to tweet as any user.

Malware Network Communication Provides Better Early Warning Signal

An academic paper to be presented today at IEEE posits that analysis of network signals provides a better early warning of malware than infections than current practices.

Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls

Target to cough up $18.5 million to 47 states in a settlement following its 2013 security breach, which exposed data of millions of customers.

Hawaii Prepares New Nuclear Contingency Plan Because Of North Korea

Twitter Flaw Allowed You To Tweet From Any Account

Subtitle Hack Leaves 200 Million Vulnerable To Remote Code Execution

Ad fraud loss slides to $6.5 billion worldwide

Digital ad sales are up and vendors are clamping down on fraud schemes designed to siphon cash from the industry.

Windows 10 tip: Create direct shortcuts to shared network folders

Why waste time browsing through File Explorer folders to find shared resources on your local network? Use these two tricks to create mapped shortcuts, with or without drive letters.

How to protect your laptop in cargo when you fly

In this guide, learn about current regulations and how to deal with theft, insurance problems and hardware damage.

How to protect your laptop in cargo when you fly (in pictures)

Here are some ways to lower the risk of theft and hardware damage when you travel.

Twitter flaw allowed you to tweet from any account

All this time, a rather simple Twitter bug could have caused chaos on the platform.

Data Breach, Vulnerability Data on Track to Set New Records in 2017

There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.

CSIRO uses kinetic harvesting on wearables to open gait security

Collecting energy from a person's movement has the potential to use walking as an authentication option, the CSIRO has said.

APAC firms see data security as key barrier to digital transformation

Some 35 percent of Asia-Pacific companies view the potential failure of securing sensitive data as a top barrier to digital transformation, while others cite rigid IT systems and inability to migrate to the cloud.

Aussie researchers want to use your walk to authenticate you

Walk and unlock more secure than passwords.

9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR

Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing - now.

Google Elevates Security in Android O

Android O, due in the third quarter, figures to elevate the security of the mobile OS with new features focused on improved third-party patching, a new permission model and hardening of existing features.

ICE is Using Stingray to Track Illegal Immigrants

According to court documents, US Immigration and Customs Enforcement is using Stingray cell-site simulators to track illegal immigrants.

Yahoo Retires ImageMagick After Bugs Leak Server Memory

Researcher Chris Evans reported a new bug and showed how also used a previously known flaw in ImageMagick to leak Yahoo server data and steal images and authentication secrets.

Singapore lets telcos test 5G services for free

Government waives frequency fees for 5G trials until December 2019, in a move aimed at driving the market and uncovering potential use cases for the next-generation network.

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.

With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?

Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.

Bogus movie subtitles could let hackers take over your device, warn security researchers

Whole devices can be taken over by hackers exploiting a fragmented, community-driven subtitle ecosystem, in what researchers call "the most severe category of vulnerability".

After the ransomware attack: Hospitals are still recovering from the WannaCry infection

While most services have returned to normal, London's Barts Health NHS Trust is still cancelling some appointments and operations in order to "run all services safely".

UK authorities want 'direct access' to internet providers' systems, say critics

The government wants to install black box-type devices on telecoms networks for unfettered access to UK metadata, which one rights group says will "become central to the new surveillance regime."

'Ultrasecure' Samsung Galaxy S8 iris scanner can be easily tricked, say hackers

White-hat hackers in Germany argue it's disturbingly simple to create a 'dummy eye' to dupe the Galaxy S8's biometric security.

The Future of Ransomware

Ransomware isn't new, but it's increasingly popular and profitable. The concept is simple: Your computer gets infected with a virus that encrypts your files until you pay a ransom. It's extortion taken to its networked extreme. The criminals provide step ...

Hacker Hit with 30-Month Prison Term in Securities Case

Ukrainian hacker sentenced for his role stealing press releases about upcoming stock trades that generated roughly $30 million in illegal profits.

Apple reveals it received a secret national security letter

Authorities demanded data from twice as many Macs, iPhones, iPads in the second-half of last year than the first-half, despite fewer overall requests.

DTA cyber advisory office to follow and implement ASD policy advice

Despite the creation of the Cyber Security Advisory Office, the Australian Signals Directorate will still be tasked with advising government bodies of information security threats.

New malware worm spreads using leaked NSA exploits

EternalRocks features seven spy tools.

Verizon Patches XSS Issues in its Messaging Client

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user's session.

North Korean Cyberwar Capabilities

Reuters has an article on North Korea's cyberwar capabilities, specifically "Unit 180." They're still not in the same league as the US, UK, Russia, China, and Israel. But they're getting better.

Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts

Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.

Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts

Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.

Yahoo! Retires! Bleeding! ImageMagick! To! Kill! 0-day! Vulnerability!

Ransomware: WannaCry was basic, next time could be much worse

Some researchers suggest WannaCry was a a basic piece of ransomware - what damage that could be done with more advanced code?

Emerging Threats to Add to Your Security Radar Screen

The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.

Emerging Threats to Add to Your Security Radar Screen

The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.

WannaCry ransomware deadline passes, but few pay up

Despite the chaos caused by the recent ransomware attack, the criminals behind it have netted a relatively small amount of cash.

In Search of an Rx for Enterprise Security Fatigue

Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

In Search of an Rx for Enterprise Security Fatigue

Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.

Extending the Airplane Laptop Ban

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effecti ...