Starbucks site slurped, Comcast keys clocked, mad Mac Monero mining malware and much more

Some security bites for the long weekend Roundup  While this week was dominated by news of a new Spectre variant, the VPNFilter botnet, and TalkTalk's badbad routersrouters, plenty of other stories popped up.…

Starbucks site slurped, Z-Wave locks clocked, mad Mac Monero mining malware and much more

Some security bites for the long weekend Roundup  While this week was dominated by news of a new Spectre variant, the VPNFilter botnet, and TalkTalk's badbad routersrouters, plenty of other stories popped up.…

Apple will add government App Store takedown requests to transparency reports

Apple’s set to up the ante with its transparency report. The same day it dropped the latest version of the twice-yearly document, the company committed to including in future updates government takedown requests for the App Store. The report covering Ju ...

Friday Squid Blogging: Squid Comic

It's not very good, but it has a squid in it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here.

Security and Human Behavior (SHB 2018)

I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, ...

Android Malware Comes Baked into Some New Tablets, Phones

Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.

Apple reveals latest government data demand figures

The company said it will soon start reporting app takedowns from its app stores.

Your logo and branded vulnerability aren't helping: How to disclose better

We are going to change the way business and marketing leaders interact with researchers and analysts, and raise the bar for ethics. We are going to empower researchers and analysts to advocate business and marketing leaders for better practices.

Wicked Mirai Brings New Exploits to IoT Botnets

The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.

10 Free DevOps-Friendly Security Tools Developers Will Love

Start building an affordable DevSecOps automation toolchain with these free application security tools.

Bridging the Cybersecurity Talent Gap

There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.

Attackers Cashing In On Cryptocurrency With Increased Scams

As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”

Detecting Lies through Mouse Movements

Interesting research: "The detection of faked identity using unexpected questions and mouse dynamics," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory- ...

Bitcoin Gold suffers double spend attacks, $17.5 million lost

An unknown threat actor has so far managed to steal over 388,000 BTG from cryptocurrency exchanges.

Electron patched the patch after researcher broke the patch

January's fix had blacklist flaw, now fixed In an update last week, the developers of the Electron shipped a patch to their January patch, and now, an infosec researcher has explained why.…

Tech companies to disclose foreign software probes under US Bill: Report

New source code disclosure rules could force US tech companies to reveal whether they allowed Chinese or Russian examination of software sold to the US military, Reuters has reported.

Most Expensive Data Breaches Start with Third Parties: Report

Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.

DOJ Sinkholes VPNFilter Control Servers Found in US

The US Department of Justice said the move aims to thwart the spread of the botnet as part of its investigation into Russian nation-state hacking group APT28 aka Fancy Bear.

Criminals stole about $1.6bn in cryptocurrency last year

As US Justice dept launches price manipulation probe.

What Will GDPR’s Impact Be On U.S. Consumer Privacy?

GDPR may be going in effect Friday, but U.S. citizens have a ways to go before seeing similar privacy regulations from the U.S government.

GDPR In Real Life: Transparency, Innovation, And Adoption Across Borders And Organizations

FBI Seizes Domain Russia Allegedly Used To Infect 500,000 Routers

T-Mobile bug let anyone see any customer's account details

Exclusive: The exposed lookup tool let anyone run a customer's phone number -- and obtain their home address and account PIN, used to contact phone support.

Inside Facebook’s anti-sex trafficking hackathon

Tech giants put their rivalries aside for two days this week to code for a common cause: protecting children on the Internet. Deep inside Facebook’s Menlo Park headquarters, teams drawn from Uber, Twitter, Google, Microsoft, and Pinterest worked throug ...

Malwarebytes Buys Binisoft for Firewall Management

Vendor plans to integrate Binisoft's Windows Firewall Control into the Malwarebytes endpoint protection platform.

GDPR in real life: Transparency, innovation, and adoption across borders and organizations

Part two: Auditing data on premise and in the cloud, spurring innovation in machine learning and interpretable AI, and influencing organizations, consumers, and legislation all over the world, GDPR is here to stay.

More Than Half of Users Reuse Passwords

Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.

Amazon Comes Under Fire for Facial Recognition Platform

Privacy advocates say facial recognition can be an agent of authoritarian surveillance; others say it's an invaluable tool to combat kidnapping, locate lost children and track down criminals on the run.

Font Steganography

Interesting research in steganography at the font level.

GDPR is already a success, whether you like it or not

Europe's new privacy regulations show that the tech giants can be tamed.

Singapore warns eight cryptocurrency exchanges not to engage in unauthorised trading

Eight unnamed digital token exchanges have been told not to facilitate trading that involved securities or futures contracts without authorisation from the local regulator MAS, which also stopped an ICO.

London's Met Police: We won't use facial recognition at Notting Hill Carnival

But cops' trial of controversial tech will continue London cops will not use controversial and inaccurate facial recognition technology at this year's Notting Hill Carnival – in a departure from the trend over the previous two years.…

Victoria overhauls traffic camera network after WannaCry

The Victorian government has announced an overhaul of its traffic and speed camera network following infection from WannaCry in June.

Fraud Drops 76% for Merchants Using EMV, Says Visa

A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.

Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals

A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.

The Good & Bad News about Blockchain Security

Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.

Destructive 'VPNFilter' Attack Network Uncovered

More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon - with Ukraine in initial bullseye.

Project Grapple

Posted by Dave Aitel on May 23https://www.local10.com
/sports/liberty-city-kids
-form-unlikely-team-combi
ning-2-sports-while-learn
ing-life-lessons-https://
www.flograppling.com/vide
o/6044979-project-grapple
-the-jiu-jitsu-non-profit
-changing-liveshttps://ww
w. ...

The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest!

Posted by Andrew Case on May 23We are excited to announce that the 2018 Volatility Plugin Contest and the inaugural Volatility Analysis Contest are now accepting submissions until October 1, 2018. Winners of each contest will receive over $2,500 in cash ...

Re%3A Alternatives to viruscheckmate&In-Rep
ly-To=

Posted by Alex Boldwin on May 23Hi Konrads, I know: hxxps://antiscan.me (https://link.getmailspri
ng.com/link/1526990922.lo
cal-1f8df3dd-cfd9-v1.2.1-
7e7447b6 () getmailspring com/0?redirect=https%3A%2
F%2Fantiscan.me&recip
ient=ZGFpbHlkYXZlQGxpc3Rz
LmltbXVuaX ...

Why even the best free VPNs are not a risk worth taking

Here's a question. If you're not paying for your VPN service, where is the provider getting the money to run it? The answer might cause you to lose some sleep.

Is Threat Intelligence Garbage?

Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?

Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report

Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.

Okta’s PassProtect checks your passwords with ‘Have I Been Pwned’

Okta just launched a free browser extension for Google Chrome today. After installing PassProtect, your browser will compare the passwords you type with Troy Hunt’s Have I Been Pwned. This extension isn’t necessarily for you, tech savvy readers of Te ...

What is GDPR? Everything you need to know about the new general data protection regulations

General Data Protection Regulation, or GDPR, is coming. Here's what it means, how it'll impact individuals and businesses - and how to prepare for it.

Should Mark Zuckerberg be fired? Security professionals have their say

Does the Cambridge Analytics scandal -- and all the other Facebook privacy snafus -- warrant the removal of its CEO? A survey of security professionals offers their view.

LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket

A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.

Firefox Accounts gets 2FA security: You can use Google Authenticator one-time codes

Prefer to use Google Authenticator to log in to Firefox Accounts, or get push notifications on Firefox's mobile app?

Malwarebytes acquires Windows Firewall control firm BiniSoft

The startup develops Windows Firewall Control management tools for network endpoints.

Police Are Using Amazon's Face Recognition Service

Zuckerberg's European Parliament Testimony Criticized

FBI Inflated Encrypted Device Figures, Misleading Public

Zuckerberg didn’t make any friends in Europe today

Speaking in front of EU lawmakers today Facebook’s founder Mark Zuckerberg namechecked the GDPR’s core principles of “control, transparency and accountability” — claiming his company will deliver on all that, come Friday, when a new European Un ...

Researchers Say More Spectre-Related CPU Flaws On Horizon

Yet another speculative execution side channel flaw has been disclosed in processors - and security experts warn that more may be out there.

New Spectre Variants Add to Vulnerability Worries

Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?

Microsoft gets no special treatment for protected Azure instance

But will meet Australian standard in its own way.

Cybercriminals Battle Against Banks' Incident Response

'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.

GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'

There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.

We're all a bit of Trump when it comes to cybersecurity

President Trump reportedly sees security procedures as too inconvenient. Unfortunately, he's not alone.

BMW's in-car systems found to contain 14 flaws

Can be remotely exploited under certain conditions.

Another Spectre-Like CPU Vulnerability

Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called "Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not sur ...

The State of Information Sharing: 20 Years after the First White House Mandate

Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.

Intel Responds to Spectre-Like Flaw In CPUs

Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.

Yubico and LastPass bring NFC-based two-factor authentication to the iPhone

Popular password manager LastPass delivers the first iOS app with support for the YubiKey NEO hardware-based authentication key with NFC support.

New Spectre variant 4: Our patches cause up to 8% performance hit, warns Intel

Intel's Spectre variant 4 patch will be off by default, but users who turn it on are likely to see slower performance.

You've got to be kitten: Vet recruiter told to pay £1k after pinching info from ex-employer

Don't horse about with personal data, watchdog warns A vet recruitment consultant that squirrelled away the personal details of almost 300 people from his former employer was today slapped on the wrists by the UK's information watchdog.…

Student awarded $36,000 for remote execution flaw in Google App Engine

The discovery was made by a university student who was not aware of how dangerous the vulnerability was.

High-End Router Flinger DrayTek Admits To Zero Day In Bunch Of Vigor Kit

Roaming Mantis malware expands its reach

Now targeting iOS devices.

Home Affairs thankful Australia's diversity allows for improved facial recognition

Armed with multiple algorithms and training images based on a multicultural society, Home Affairs believes it gets a bronze medal in facial recognition.

DDOS scum have moved to Layer 7, says Cloudflare

Bad actors increasingly target application processes instead of flooding networks Attackers have noticed that the world is getting better at fending off massive DDoS attacks, and are trying to overwhelm application processes instead.…