β His phone went dark, then $1m was sucked out in SIM-swap crypto-heist β
π Read
via "Naked Security".
A 21-year-old allegedly SIM-swapped Silicon Valley execsβ phones to steal cryptocurrency, including one man's $1m tuition fund for his kids.π Read
via "Naked Security".
Naked Security
The phone went dark, then $1m was sucked out in SIM-swap crypto-heist
A Silicon Valley exec lost $1m in cryptocoin savings when a 21-year-old allegedly SIM-swapped his phone.
β That Black Mirror episode with the social ratings? Itβs happening IRL β
π Read
via "Naked Security".
Not picking up after your dog will cost you 10 points, for example, in China's Black Mirror-esque plan to socially score citizens.π Read
via "Naked Security".
Naked Security
That Black Mirror episode with the social ratings? Itβs happening IRL
Not picking up after your dog will cost you 10 points, for example, in Chinaβs Black Mirror-esque plan to socially score citizens.
π LinkedIn used 18M non-member emails to target Facebook ads. Were you a victim? π
π Read
via "Security on TechRepublic".
A Data Protection Commissioner investigation found that LinkedIn violated data protection policies shortly before onset of GDPR.π Read
via "Security on TechRepublic".
TechRepublic
LinkedIn used 18M non-member emails to target Facebook ads. Were you a victim?
A Data Protection Commissioner investigation found that LinkedIn violated data protection policies shortly before onset of GDPR.
π΄ Paper Trail Absence May Still Plague 2020 Election π΄
π Read
via "Dark Reading: ".
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.π Read
via "Dark Reading: ".
Dark Reading
Paper Trail Absence May Still Plague 2020 Election
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
π΄ 7 Real-Life Dangers That Threaten Cybersecurity π΄
π Read
via "Dark Reading: ".
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.π Read
via "Dark Reading: ".
Dark Reading
7 Real-Life Dangers That Threaten Cybersecurity
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
<b>⌨ Half of all Phishing Sites Now Have the Padlock ⌨</b>
<code>Maybe you were once advised to βlook for the padlockβ as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with βhttps://β.</code><code>Media</code><code>A live Paypal phishing site that uses https:// (has the green padlock).</code><code>Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. Thatβs up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018.</code><code>This alarming shift is notable because a majority of Internet users have taken the age-old βlook for the lockβ advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe.</code><code>In reality, the https:// part of the address (also called βSecure Sockets Layerβ or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and canβt be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.</code><code>Media</code><code>A live Facebook phish that uses SSL (has the green padlock).</code><code>Most of the battle to combat cybercrime involves defenders responding to offensive moves made by attackers. But the rapidly increasing adoption of SSL by phishers is a good example in which fraudsters are taking their cue from legitimate sites.</code><code>βPhishLabs believes that this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying βNot secureβ for web sites that do not use SSL,β said John LaCour, chief technology officer for the company. βThe bottom line is that the presence or lack of SSL doesnβt tell you anything about a siteβs legitimacy.β</code><code>The major Web browser makers work with a number of security organizations to index and block new phishing sites, often serving bright red warning pages that flag the page of a phishing scam and seek to discourage people from visiting the sites. But not all phishing scams get flagged so quickly.</code><code>I spent a few minutes browsing phishtank.com for phishing sites that use SSL, and found this cleverly crafted page that attempts to phish credentials from users of Bibox, a cryptocurrency exchange. Click the image below and see if you can spot whatβs going on with this Web address:</code><code>Media</code><code>This live phish targets users of cryptocurrency exchange Bibox. Look carefully at the URL in the address bar, and youβll notice a squiggly mark over the βiβ in Bibox. This is an internationalized domain name, and the real address is https://www.xn--bbox-vw5a[.]com/login</code><code>
</code><code>Load the live phishing page at https://www.xn--bbox-vw5a[.]com/login (that link has been hobbled on purpose) in Google Chrome and youβll get a red βDeceptive Site Aheadβ warning. Load the address above β known as βpunycodeβ β in Mozilla Firefox and the page renders just fine, at least as of this writing.</code><code>This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the βiβ in Bibox.com is rendered as the Vietnamese character βỉ,β which is extremely difficult to distinguish in a URL address bar.</code><code>As KrebsOnSecurity noted in Marchβ¦
<code>Maybe you were once advised to βlook for the padlockβ as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with βhttps://β.</code><code>Media</code><code>A live Paypal phishing site that uses https:// (has the green padlock).</code><code>Recent data from anti-phishing company PhishLabs shows that 49 percent of all phishing sites in the third quarter of 2018 bore the padlock security icon next to the phishing site domain name as displayed in a browser address bar. Thatβs up from 25 percent just one year ago, and from 35 percent in the second quarter of 2018.</code><code>This alarming shift is notable because a majority of Internet users have taken the age-old βlook for the lockβ advice to heart, and still associate the lock icon with legitimate sites. A PhishLabs survey conducted last year found more than 80% of respondents believed the green lock indicated a website was either legitimate and/or safe.</code><code>In reality, the https:// part of the address (also called βSecure Sockets Layerβ or SSL) merely signifies the data being transmitted back and forth between your browser and the site is encrypted and canβt be read by third parties. The presence of the padlock does not mean the site is legitimate, nor is it any proof the site has been security-hardened against intrusion from hackers.</code><code>Media</code><code>A live Facebook phish that uses SSL (has the green padlock).</code><code>Most of the battle to combat cybercrime involves defenders responding to offensive moves made by attackers. But the rapidly increasing adoption of SSL by phishers is a good example in which fraudsters are taking their cue from legitimate sites.</code><code>βPhishLabs believes that this can be attributed to both the continued use of SSL certificates by phishers who register their own domain names and create certificates for them, as well as a general increase in SSL due to the Google Chrome browser now displaying βNot secureβ for web sites that do not use SSL,β said John LaCour, chief technology officer for the company. βThe bottom line is that the presence or lack of SSL doesnβt tell you anything about a siteβs legitimacy.β</code><code>The major Web browser makers work with a number of security organizations to index and block new phishing sites, often serving bright red warning pages that flag the page of a phishing scam and seek to discourage people from visiting the sites. But not all phishing scams get flagged so quickly.</code><code>I spent a few minutes browsing phishtank.com for phishing sites that use SSL, and found this cleverly crafted page that attempts to phish credentials from users of Bibox, a cryptocurrency exchange. Click the image below and see if you can spot whatβs going on with this Web address:</code><code>Media</code><code>This live phish targets users of cryptocurrency exchange Bibox. Look carefully at the URL in the address bar, and youβll notice a squiggly mark over the βiβ in Bibox. This is an internationalized domain name, and the real address is https://www.xn--bbox-vw5a[.]com/login</code><code>
</code><code>Load the live phishing page at https://www.xn--bbox-vw5a[.]com/login (that link has been hobbled on purpose) in Google Chrome and youβll get a red βDeceptive Site Aheadβ warning. Load the address above β known as βpunycodeβ β in Mozilla Firefox and the page renders just fine, at least as of this writing.</code><code>This phishing site takes advantage of internationalized domain names (IDNs) to introduce visual confusion. In this case, the βiβ in Bibox.com is rendered as the Vietnamese character βỉ,β which is extremely difficult to distinguish in a URL address bar.</code><code>As KrebsOnSecurity noted in Marchβ¦
π΄ Transforming into a CISO Security Leader π΄
π Read
via "Dark Reading: ".
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.π Read
via "Dark Reading: ".
Dark Reading
Transforming into a CISO Security Leader
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
β User Confidence in Smartphone Security Abysmal β
π Read
via "Threatpost | The first stop for security news".
Sixty-six of percent of phone users said they had suffered data-related harm: 11 percent suffered identity theft, 22 percent account hacking, 14 percent credit cards hacking and 12 percent financial fraud. π Read
via "Threatpost | The first stop for security news".
Threat Post
User Confidence in Smartphone Security Abysmal
Sixty-six percent of phone users said they had suffered data-related harm: 11 percent suffered identity theft, 22 percent account hacking, 14 percent credit cards hacking and 12 percent financial fraud.
π IoT security market will hit $9.88B by 2025, as privacy issues abound π
π Read
via "Security on TechRepublic".
As IoT devices flood the market, consumers are pushing for more privacy initiatives, according to recent Grand View Research report.π Read
via "Security on TechRepublic".
TechRepublic
IoT security market will hit $9.88B by 2025, as privacy issues abound
As IoT devices flood the market, consumers are pushing for more privacy initiatives, according to recent Grand View Research report.
ATENTIONβΌ New - CVE-2017-1418
π Read
via "National Vulnerability Database".
IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406.π Read
via "National Vulnerability Database".
π΄ Ransomware Attack Forced Ohio Hospital System to Divert ER Patients π΄
π Read
via "Dark Reading: ".
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.π Read
via "Dark Reading: ".
Darkreading
Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
β USPS, Amazon Data Leaks Showcase API Weaknesses β
π Read
via "Threatpost | The first stop for security news".
The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off.π Read
via "Threatpost | The first stop for security news".
Threat Post
USPS, Amazon Data Leaks Showcase API Weaknesses
The incidents affected millions, just as Black Friday, Cyber Monday and the holiday shopping season kicked off.
π΄ USPS Web Vuln Exposes Data of 60 Million π΄
π Read
via "Dark Reading: ".
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.π Read
via "Dark Reading: ".
Dark Reading
USPS Web Vuln Exposes Data of 60 Million
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
β Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions β
π Read
via "Threatpost | The first stop for security news".
A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October.π Read
via "Threatpost | The first stop for security news".
Threat Post
Mobile Rotexy Malware Touts Ransomware, Banking Trojan Functions
A mobile malware has accelerated its activity in 2018, launching more than 70k attacks in August through October.
π Microsoft details the causes of its recent multi-factor authentication meltdown π
π Read
via "Security on TechRepublic".
Microsoft has posted a root cause analysis of the multifactor authentication issue which hit a number of its customers worldwide last week. Here's what happened.π Read
via "Security on TechRepublic".
β Knuddels Flirt App Slapped with Hefty Fine After Data Breach β
π Read
via "Threatpost | The first stop for security news".
It's Germany's first GDPR fine, for an incident that affected millions of accounts.π Read
via "Threatpost | The first stop for security news".
Threat Post
Knuddels Flirt App Slapped with Hefty Fine After Data Breach
It's Germany's first GDPR fine, for an incident that affected millions of accounts.
π΄ Buckle Up: A Closer Look at Airline Security Breaches π΄
π Read
via "Dark Reading: ".
Cyberattacks on airports and airlines are often unrelated to passenger safety - but that's no reason to dismiss them, experts say.π Read
via "Dark Reading: ".
Darkreading
Buckle Up: A Closer Look at Airline Security Breaches
Cyberattacks on airports and airlines are often unrelated to passenger safety β but that's no reason to dismiss them, experts say.
β Parents slam βweirdoβ fraudsters for using childβs Facebook pic for cash β
π Read
via "Naked Security".
Did you help spread the viral scowling Pop-Tartβ’-deprived kid photo last week? Can't be helped, mom said, but using it to raise cash was "lame."π Read
via "Naked Security".
Naked Security
Parents slam βweirdoβ fraudsters for using childβs Facebook pic for cash
Did you help spread the viral scowling Pop-Tartβ’-deprived kid photo last week? Canβt be helped, mom said, but using it to raise cash was βlame.β
β LinkedIn rapped for targeting ads at 18 million Facebook users β
π Read
via "Naked Security".
What upset the Data Protection Commissioner: none of the 18 million email addresses were those of LinkedIn users.π Read
via "Naked Security".
Naked Security
LinkedIn rapped for targeting ads at 18 million Facebook users
What upset the Data Protection Commissioner: none of the 18 million email addresses were those of LinkedIn users.
β Google Maps scammers put their own phone numbers onto bank listings β
π Read
via "Naked Security".
Once they get victims on the phone, the crooks get their account PINs and CVV numbers for debit/credit cards and then drain their accounts.π Read
via "Naked Security".
Naked Security
Google Maps scammers put their own phone numbers onto bank listings
Once they get victims on the phone, the crooks get their account PINs and CVV numbers for debit/credit cards and then drain their accounts.
π΄ See the Future of Cybersecurity at Black Hat Europe π΄
π Read
via "Dark Reading: ".
New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.π Read
via "Dark Reading: ".
Dark Reading
See the Future of Cybersecurity at Black Hat Europe
New tools, techniques, and a plan for training a new generation of crack security experts are all in the cards for attendees of Black Hat Europe in London next week.