Warning: file_get_contents() [function.file-get-contents]: SSL: The specified procedure could not be found. in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42

Warning: file_get_contents(http://slashdot.org/stories/security) [function.file-get-contents]: failed to open stream: HTTP request failed! in D:\Sites\sis\lersais\news\widgets\get_stories.inc.php on line 42
All Headlines
Krebs on Security
Infosec Island
 

Security Trade-Offs in the New EU Privacy Law

Apr 27, 2018 | Krebs on Security

On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it.

  (Read Story...)

When Your Employees Post Passwords Online

May 02, 2018 | Krebs on Security

Storing passwords in plaintext online is never a good idea, but it's remarkable how many companies have employees who are doing just that using online collaboration tools like Trello.com. Last week, KrebsOnSecurity notified a host of companies that employees were using Trello to share passwords for sensitive internal resources. Among those put at risk by such activity included an insurance firm, a state government agency and ride-hailing service Uber.com.

  (Read Story...)

Twitter to All Users: Change Your Password Now!

May 03, 2018 | Krebs on Security

Twitter just asked all 300+ million users to reset their passwords, citing the exposure of user passwords via a bug that stored passwords in plain text -- without protecting them with any sort of encryption technology that would mask a Twitter user's true password. The social media giant says it has fixed the bug and that so far its investigation hasn't turned up any signs of a breach or that anyone misused the information. But if you have a Twitter account, please change your account password now.

  (Read Story...)

Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K

May 07, 2018 | Krebs on Security

A monster distributed denial-of-service attack (DDoS) against KrebsOnSecurity.com in 2016 knocked this site offline for nearly four days. The attack was executed through a network of hacked "Internet of Things" (IoT) devices such as Internet routers, security cameras and digital video recorders. A new study that tries to measure the direct cost of that one attack for IoT device users whose machines were swept up in the assault found that it may have cost device owners a total of $323,973.75 in excess power and added bandwidth consumption. My bad.

  (Read Story...)

Understanding the Role of Multi-Stage Detection in a Layered Defense

May 08, 2018 | Infosec Island

It’s important to understand that the increased sophistication of threats requires security technologies capable of covering multiple stages of attack.

  (Read Story...)

Microsoft Patch Tuesday, May 2018 Edition

May 08, 2018 | Krebs on Security

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft's Patch Tuesday -- the second Tuesday of each month -- Adobe has a new Flash Player update that addresses a single but critical security weakness. First, the Flash Tuesday update, which brings Flash Player to v. 29.0.0.171. Some (present company included) would argue that Flash Player is in itself "a single but critical security weakness." Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.

  (Read Story...)

Think You’ve Got Your Credit Freezes Covered? Think Again.

May 09, 2018 | Krebs on Security

I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus. Here's a look at what may be going on, and how you can protect yourself.

  (Read Story...)

Detecting Cloned Cards at the ATM, Register

May 14, 2018 | Krebs on Security

Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card's magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit cards using a simple technology that flags cards which appear to have been altered by such tools.

  (Read Story...)

Achieving Effective Application Security in a Cloud Generation

May 16, 2018 | Infosec Island

Cloud application security requires new approaches, policies, configurations, and strategies that both allow organizations to address business needs and security risks in unison.

  (Read Story...)

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site

May 17, 2018 | Krebs on Security

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site -- without the need for any password or other form of authentication or authorization -- KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.

  (Read Story...)

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

May 18, 2018 | Krebs on Security

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here's what happened, and some tips on how you can protect yourself from a similar fate.

  (Read Story...)

Mobile Giants: Please Don’t Share the Where

May 22, 2018 | Krebs on Security

Your mobile phone is giving away your approximate location all day long. This isn't exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers in the United States -- AT&T, Sprint, T-Mobile and Verizon -- are selling this location information to third party companies -- in real time -- without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. It may be tough to put a price on one's location privacy, but here's something of which you can be sure: The mobile carriers are selling data about where you are at any time, without your consent, to third-parties for probably far less than you might be willing to pay to secure it.

  (Read Story...)

The AWS Bucket List for Security

May 23, 2018 | Infosec Island

Professor Avishai Wool, CTO and co-founder at AlgoSec, looks at how organizations can ensure network security is extended to AWS environments

  (Read Story...)

Can Organisations Turn Back Time after a Cyber-Attack?

May 23, 2018 | Infosec Island

With the costs of breaches escalating, it’s more important than ever to have the capability to learn from incidents to avoid history repeating itself.

  (Read Story...)

SOC Automation: Good or Evil?

May 24, 2018 | Infosec Island

The need for SOC automation is increasing in urgency since adversaries are also harnessing software and hardware to develop and carry out attacks.

  (Read Story...)

Mobile Giants: Please Don’t Share the Where

May 22, 2018 | Krebs on Security

Your mobile phone is giving away your approximate location all day long. This isn't exactly a secret: It has to share this data with your mobile provider constantly to provide better call quality and to route any emergency 911 calls straight to your location. But now, the major mobile providers in the United States -- AT&T, Sprint, T-Mobile and Verizon -- are selling this location information to third party companies -- in real time -- without your consent or a court order, and with apparently zero accountability for how this data will be used, stored, shared or protected. It may be tough to put a price on one's location privacy, but here's something of which you can be sure: The mobile carriers are selling data about where you are at any time, without your consent, to third-parties for probably far less than you might be willing to pay to secure it.

  (Read Story...)

T-Mobile Employee Made Unauthorized ‘SIM Swap’ to Steal Instagram Account

May 18, 2018 | Krebs on Security

T-Mobile is investigating a retail store employee who allegedly made unauthorized changes to a subscriber's account in an elaborate scheme to steal the customer's three-letter Instagram username. The modifications, which could have let the rogue employee empty bank accounts associated with the targeted T-Mobile subscriber, were made even though the victim customer already had taken steps recommended by the mobile carrier to help minimize the risks of account takeover. Here's what happened, and some tips on how you can protect yourself from a similar fate.

  (Read Story...)

Tracking Firm LocationSmart Leaked Location Data for Customers of All Major U.S. Mobile Carriers Without Consent in Real Time Via Its Web Site

May 17, 2018 | Krebs on Security

LocationSmart, a U.S. based company that acts as an aggregator of real-time data about the precise location of mobile phone devices, has been leaking this information to anyone via a buggy component of its Web site -- without the need for any password or other form of authentication or authorization -- KrebsOnSecurity has learned. The company took the vulnerable service offline early this afternoon after being contacted by KrebsOnSecurity, which verified that it could be used to reveal the location of any AT&T, Sprint, T-Mobile or Verizon phone in the United States to an accuracy of within a few hundred yards.

  (Read Story...)

Detecting Cloned Cards at the ATM, Register

May 14, 2018 | Krebs on Security

Much of the fraud involving counterfeit credit, ATM debit and retail gift cards relies on the ability of thieves to use cheap, widely available hardware to encode stolen data onto any card's magnetic stripe. But new research suggests retailers and ATM operators could reliably detect counterfeit cards using a simple technology that flags cards which appear to have been altered by such tools.

  (Read Story...)

Think You’ve Got Your Credit Freezes Covered? Think Again.

May 09, 2018 | Krebs on Security

I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus. Here's a look at what may be going on, and how you can protect yourself.

  (Read Story...)

Microsoft Patch Tuesday, May 2018 Edition

May 08, 2018 | Krebs on Security

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft's Patch Tuesday -- the second Tuesday of each month -- Adobe has a new Flash Player update that addresses a single but critical security weakness. First, the Flash Tuesday update, which brings Flash Player to v. 29.0.0.171. Some (present company included) would argue that Flash Player is in itself "a single but critical security weakness." Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.

  (Read Story...)

Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323K

May 07, 2018 | Krebs on Security

A monster distributed denial-of-service attack (DDoS) against KrebsOnSecurity.com in 2016 knocked this site offline for nearly four days. The attack was executed through a network of hacked "Internet of Things" (IoT) devices such as Internet routers, security cameras and digital video recorders. A new study that tries to measure the direct cost of that one attack for IoT device users whose machines were swept up in the assault found that it may have cost device owners a total of $323,973.75 in excess power and added bandwidth consumption. My bad.

  (Read Story...)

Twitter to All Users: Change Your Password Now!

May 03, 2018 | Krebs on Security

Twitter just asked all 300+ million users to reset their passwords, citing the exposure of user passwords via a bug that stored passwords in plain text -- without protecting them with any sort of encryption technology that would mask a Twitter user's true password. The social media giant says it has fixed the bug and that so far its investigation hasn't turned up any signs of a breach or that anyone misused the information. But if you have a Twitter account, please change your account password now.

  (Read Story...)

When Your Employees Post Passwords Online

May 02, 2018 | Krebs on Security

Storing passwords in plaintext online is never a good idea, but it's remarkable how many companies have employees who are doing just that using online collaboration tools like Trello.com. Last week, KrebsOnSecurity notified a host of companies that employees were using Trello to share passwords for sensitive internal resources. Among those put at risk by such activity included an insurance firm, a state government agency and ride-hailing service Uber.com.

  (Read Story...)

Security Trade-Offs in the New EU Privacy Law

Apr 27, 2018 | Krebs on Security

On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it.

  (Read Story...)

SOC Automation: Good or Evil?

May 24, 2018 | Infosec Island

The need for SOC automation is increasing in urgency since adversaries are also harnessing software and hardware to develop and carry out attacks.

  (Read Story...)

Can Organisations Turn Back Time after a Cyber-Attack?

May 23, 2018 | Infosec Island

With the costs of breaches escalating, it’s more important than ever to have the capability to learn from incidents to avoid history repeating itself.

  (Read Story...)

The AWS Bucket List for Security

May 23, 2018 | Infosec Island

Professor Avishai Wool, CTO and co-founder at AlgoSec, looks at how organizations can ensure network security is extended to AWS environments

  (Read Story...)

Achieving Effective Application Security in a Cloud Generation

May 16, 2018 | Infosec Island

Cloud application security requires new approaches, policies, configurations, and strategies that both allow organizations to address business needs and security risks in unison.

  (Read Story...)

Understanding the Role of Multi-Stage Detection in a Layered Defense

May 08, 2018 | Infosec Island

It’s important to understand that the increased sophistication of threats requires security technologies capable of covering multiple stages of attack.

  (Read Story...)

VirusTotal Browser Extension Now Firefox Quantum-Compatible

May 05, 2018 | Infosec Island

VirusTotal released an updated VTZilla browser extension this week to offer support for Firefox Quantum, the new and improved Web browser from Mozilla.

  (Read Story...)

PyRoMine Malware Sets Security Industry on Fire

May 03, 2018 | Infosec Island

Despite all the investments in cyber protection and prevention technology, it seems that the cyber terrorist’s best tool is nothing more than variations on previous exploits.

  (Read Story...)

GDPR Is Coming. Is Your Organization Ready?

May 01, 2018 | Infosec Island

The General Data Protection Regulation (GDPR) that goes into effect on May 25 affects any business that processes information of any EU citizen, regardless of whether the business is located in or has operations in the EU.

  (Read Story...)

Non-Malware Attacks: What They Are and How to Protect Against Them?

Apr 26, 2018 | Infosec Island

What are non-malware attacks, how do they differ from traditional threats, why are they so dangerous, and what can you do to prevent them?

  (Read Story...)

SAP Cyber Threat Intelligence Report – April 2018

Apr 19, 2018 | Infosec Island

The April 2018 set of SAP Security Notes consists of 16 patches with the majority of them rated medium.

  (Read Story...)

←  1 / 151010  →