π΄ Establishing True Trust in a Zero-Trust World π΄
π Read
via "Dark Reading: ".
Our goal should not be to merely accept zero trust but gain the visibility required to establish real trust.π Read
via "Dark Reading: ".
Darkreading
Establishing True Trust in a Zero-Trust World
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
π A free decryption tool is available for Thanatos ransomware victims π
π Read
via "Security on TechRepublic".
ZDNet's Danny Palmer explains the evolution of the world's weirdest ransomware.π Read
via "Security on TechRepublic".
TechRepublic
A free decryption tool is available for Thanatos ransomware victims
ZDNet's Danny Palmer explains the evolution of the world's weirdest ransomware.
π΄ Dell Forces Password Reset for Online Customers Following Data Breach π΄
π Read
via "Dark Reading: ".
Move prompts questions about scope of intrusion and strength of company's password hashing.π Read
via "Dark Reading: ".
Darkreading
Dell Forces Password Reset for Online Customers Following Data Breach
Move prompts questions about scope of intrusion and strength of company's password hashing.
π΄ Anti-Botnet Guide Aims to Tackle Automated Threats π΄
π Read
via "Dark Reading: ".
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.π Read
via "Dark Reading: ".
π΄ MITRE Changes the Game in Security Product Testing π΄
π Read
via "Dark Reading: ".
Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.π Read
via "Dark Reading: ".
Dark Reading
MITRE Changes the Game in Security Product Testing
Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.
π΄ Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year π΄
π Read
via "Dark Reading: ".
But ransomware attacks go through the roof, new threat data from SonicWall shows.π Read
via "Dark Reading: ".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π The top tech news of 2018, ranked π
π Read
via "Security on TechRepublic".
It's been a wild of a year for tech. Here are the biggest tech news stories on our readers' minds.π Read
via "Security on TechRepublic".
TechRepublic
The top tech news of 2018, ranked
It's been a wild of a year for tech. Here are the biggest tech news stories on our readers' minds.
β Driver loses his car to hackers. TWICE. β
π Read
via "Naked Security".
He slapped a tracker on the new one and installed CCTV... which did a fine job of recording the thieves' 90-second-long relay attack.π Read
via "Naked Security".
Naked Security
Driver loses his car to hackers. TWICE.
He slapped a tracker on the new one and installed CCTVβ¦ which did a fine job of recording the thievesβ 90-second-long relay attack.
β 57m Americansβ details leaked online by another misconfigured server β
π Read
via "Naked Security".
Misconfigured Elasticsearch servers spilled personal details on 57 million Americans, said reports this week.π Read
via "Naked Security".
Naked Security
57m Americansβ details leaked online by another misconfigured server
Misconfigured Elasticsearch servers spilled personal details on 57 million Americans, said reports this week.
π What is a man-in-the-middle attack? π
π Read
via "Security on TechRepublic".
Here's a quick rundown of what a man-in-the-middle attack is, and why it's so dangerous.π Read
via "Security on TechRepublic".
TechRepublic
What is a man-in-the-middle attack?
Here's a quick rundown of what a man-in-the-middle attack is, and why it's so dangerous.
π Man-in-the-middle attacks: A cheat sheet π
π Read
via "Security on TechRepublic".
Cybercrime takes on a lot of forms, with one of the oldest and most dangerous being man-in-the-middle attacks. Here's what you need to know about MITM attacks, including how to protect your company.π Read
via "Security on TechRepublic".
TechRepublic
Man-in-the-middle attacks: A cheat sheet | TechRepublic
Cybercrime takes on a lot of forms, with one of the oldest and most dangerous being man-in-the-middle attacks. Here's what you need to know about MITM attacks, including how to protect your company.
β Prisoners allegedly posed as underage girls in $560K sextortion scam β
π Read
via "Naked Security".
They allegedly victimized 442 military men by sending nude photos and then calling, pretending to be irate fathers or police.π Read
via "Naked Security".
Naked Security
Prisoners allegedly posed as underage girls in $560K sextortion scam
They allegedly victimized 442 military men by sending nude photos and then calling, pretending to be irate fathers or police.
β Busted! DOJ exposes huge ad-fraud operation, eight charged β
π Read
via "Naked Security".
The US Department of Justice has charged eight men with running a vast ad-fraud scheme.π Read
via "Naked Security".
Naked Security
Busted! DOJ exposes huge ad-fraud operation, eight charged
The US Department of Justice has charged eight men with running a vast ad-fraud scheme.
β 2014 Marriott Data Breach Exposed, 500M Guests Impacted β
π Read
via "Threatpost | The first stop for security news".
The hackers had access to the impacted database since 2014.π Read
via "Threatpost | The first stop for security news".
Threat Post
Marriott Hotel Data Breach: Ongoing Since 2014
The hackers had access to the impacted database since 2014.
π What is a man-in-the-disk attack? π
π Read
via "Security on TechRepublic".
Android users should beware of this dangerous attack that targets their mobile device's storage.π Read
via "Security on TechRepublic".
π΄ New Report Details Rise, Spread of Email-based Attacks π΄
π Read
via "Dark Reading: ".
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π Man-in-the-disk attacks: A cheat sheet π
π Read
via "Security on TechRepublic".
A flaw in Android external storage opens up legitimate apps to being hacked and gives illegitimate ones a window to exploit. Learn more about man-in-the-disk attacks, including how to avoid them.π Read
via "Security on TechRepublic".
TechRepublic
Man-in-the-disk attacks: A cheat sheet
A flaw in Android external storage opens up legitimate apps to being hacked and gives illegitimate ones a window to exploit. Learn more about man-in-the-disk attacks, including how to avoid them.
<b>⌨ Marriott: Data on 500 Million Guests Stolen in 4-Year Breach ⌨</b>
<code>Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.</code><code>Media</code><code>Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the companyβs networks since 2014.</code><code>Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the companyβs network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.</code><code>βFor approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,β Marriott said in a statement released early Friday morning.</code><code>Marriott added that customer payment card data was protected by encryption technology, but that the company couldnβt rule out the possibility the attackers had also made off with the encryption keys needed to decrypt the data.</code><code>The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but itβs worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwoodβs disclosure at the time, that earlier breach stretched back at least one year β to November 2014.</code><code>Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.</code><code>However, this would hardly be the first time a breach at a major hotel chain ballooned from one limited to restaurants and gift shops into a full-blown intrusion involving guest reservation data. In Dec. 2016, KrebsOnSecurity broke the news that banks were detecting a pattern of fraudulent transactions on credit cards that had one thing in common: Theyβd all been used during a short window of time at InterContinental Hotels Group (IHG) properties, including Holiday Inns and other popular chains across the United States.</code><code>It took IHG more than a month to confirm that finding, but the company said in a statement at the time it believed the intrusion was limited to malware installed at point of sale systems at restaurants and bars of 12 IHG-managed properties between August and December 2016.</code><code>In April 2017, IHG acknowledged that its investigation showed cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data β including those used at front desks in certain IHG properties.</code><code>Marriott says its own network does not appear to have been affected by this four-year data breach, and that the investigation only identified unauthorized access to the separate Starwood network.</code><code>Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le MΓ©ridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) prograβ¦
<code>Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.</code><code>Media</code><code>Marriott said the breach involved unauthorized access to a database containing guest information tied to reservations made at Starwood properties on or before Sept. 10, 2018, and that its ongoing investigation suggests the perpetrators had been inside the companyβs networks since 2014.</code><code>Marriott said the intruders encrypted information from the hacked database (likely to avoid detection by any data-loss prevention tools when removing the stolen information from the companyβs network), and that its efforts to decrypt that data set was not yet complete. But so far the hotel network believes that the encrypted data cache includes information on up to approximately 500 million guests who made a reservation at a Starwood property.</code><code>βFor approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date and communication preferences,β Marriott said in a statement released early Friday morning.</code><code>Marriott added that customer payment card data was protected by encryption technology, but that the company couldnβt rule out the possibility the attackers had also made off with the encryption keys needed to decrypt the data.</code><code>The hotel chain did not say precisely when in 2014 the breach was thought to have begun, but itβs worth noting that Starwood disclosed its own breach involving more than 50 properties in November 2015, just days after being acquired by Marriott. According to Starwoodβs disclosure at the time, that earlier breach stretched back at least one year β to November 2014.</code><code>Back in 2015, Starwood said the intrusion involved malicious software installed on cash registers at some of its resort restaurants, gift shops and other payment systems that were not part of the its guest reservations or membership systems.</code><code>However, this would hardly be the first time a breach at a major hotel chain ballooned from one limited to restaurants and gift shops into a full-blown intrusion involving guest reservation data. In Dec. 2016, KrebsOnSecurity broke the news that banks were detecting a pattern of fraudulent transactions on credit cards that had one thing in common: Theyβd all been used during a short window of time at InterContinental Hotels Group (IHG) properties, including Holiday Inns and other popular chains across the United States.</code><code>It took IHG more than a month to confirm that finding, but the company said in a statement at the time it believed the intrusion was limited to malware installed at point of sale systems at restaurants and bars of 12 IHG-managed properties between August and December 2016.</code><code>In April 2017, IHG acknowledged that its investigation showed cash registers at more than 1,000 of its properties were compromised with malicious software designed to siphon customer debit and credit card data β including those used at front desks in certain IHG properties.</code><code>Marriott says its own network does not appear to have been affected by this four-year data breach, and that the investigation only identified unauthorized access to the separate Starwood network.</code><code>Starwood hotel brands include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection, Tribute Portfolio, Le MΓ©ridien Hotels & Resorts, Four Points by Sheraton and Design Hotels that participate in the Starwood Preferred Guest (SPG) prograβ¦
β Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs β
π Read
via "Threatpost | The first stop for security news".
The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.π Read
via "Threatpost | The first stop for security news".
Threat Post
Newsmaker Interview: Katie Moussouris on Improving Bug Bounty Programs
The bug bounty "queen" Katie Moussouris discusses the biggest mistakes that companies launching these programs are making.
π Marriott reveals data breach affecting 500 million hotel guests π
π Read
via "Security on TechRepublic".
Hackers have had access to the Starwood guest reservation database since 2014.π Read
via "Security on TechRepublic".
TechRepublic
Marriott reveals data breach affecting 500 million hotel guests
Hackers have had access to the Starwood guest reservation database since 2014.
π΄ Threat Hunting: Improving Bot Detection in Enterprise SD-WANs π΄
π Read
via "Dark Reading: ".
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.π Read
via "Dark Reading: ".
Darkreading
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.