π΄ Threat Hunting: Improving Bot Detection in Enterprise SD-WANs π΄
π Read
via "Dark Reading: ".
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.π Read
via "Dark Reading: ".
Darkreading
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
π΄ 39 Arrested in Tech Support Scam Crackdown: Microsoft π΄
π Read
via "Dark Reading: ".
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.π Read
via "Dark Reading: ".
Darkreading
39 Arrested in Tech Support Scam Crackdown: Microsoft
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
β Huge Marriott breach puts 500 million victims at risk β
π Read
via "Naked Security".
The Marriott hotel empire's Starwood guest reservation database has been subject to unauthorised access since 2014.π Read
via "Naked Security".
Naked Security
Marriottβs massive data breach β hereβs what you need to know
The Marriott hotel empireβs Starwood reservation database has been subject to unauthorised access since 2014, exposing 500 million guests.
π Top 4 security threats businesses should expect in 2019 π
π Read
via "Security on TechRepublic".
Cybercriminals are developing more sophisticated attacks, while individuals and enterprises need to be more proactive in security practices.π Read
via "Security on TechRepublic".
TechRepublic
Top 4 security threats businesses should expect in 2019
Cybercriminals are developing more sophisticated attacks, while individuals and enterprises need to be more proactive in security practices.
π΄ Massive Starwood Hotels Breach Hits 500 Million Guests π΄
π Read
via "Dark Reading: ".
Starwood parent Marriott International disclosed the breach today with an announcement that provided some details but left many questions unanswered.π Read
via "Dark Reading: ".
Darkreading
Massive Starwood Hotels Breach Hits 500 Million Guests
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
π Marriott faces massive data breach expenses even with cybersecurity insurance π
π Read
via "Security on TechRepublic".
Marriott's total tab for a data breach affecting as many as 500 million consumers is going to cost billions of dollars over the next few years, based on the average cost of megabreaches.π Read
via "Security on TechRepublic".
TechRepublic
Marriott faces massive data breach expenses even with cybersecurity insurance
Marriott's total tab for a data breach affecting as many as 500 million consumers is going to cost billions of dollars over the next few years, based on the average cost of megabreaches.
β Bing Warns VLC Media Player Site is βSuspiciousβ in Likely False-Positive Gaff β
π Read
via "Threatpost | The first stop for security news".
After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error.π Read
via "Threatpost | The first stop for security news".
Threat Post
Bing Warns VLC Media Player Site is βSuspiciousβ in Likely False-Positive Gaff
After identifying the official VLC media download page as "unsafe" with its Bing search engine, Microsoft now suggests it was done in error.
π΄ Retailers Make Big Strides In Offering Clear Unsubscribe Links π΄
π Read
via "Dark Reading: ".
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.π Read
via "Dark Reading: ".
Dark Reading
Retailers Make Big Strides In Offering Clear Unsubscribe Links - Dark Reading
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.
π΄ Retailers Make Big Strides In Offering Clear Unsubscribe Links π΄
π Read
via "Dark Reading: ".
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.π Read
via "Dark Reading: ".
Dark Reading
Retailers Make Big Strides In Offering Clear Unsubscribe Links - Dark Reading
Fifth annual Online Trust Alliance survey said retailers get good marks for offering clear unsubscribe links, using tools like SPF and DKIM and honoring unsubscribe requests.
β Podcast: Breaking Down the Magecart Threat (Part Two) β
π Read
via "Threatpost | The first stop for security news".
In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years.π Read
via "Threatpost | The first stop for security news".
Threat Post
Podcast: Breaking Down the Magecart Threat (Part Two)
In part two of our podcast series on Magecart, we talk to expert Yonathan Klijnsma, who has been tracking the threat for years.
π΄ Holiday Hacks: 6 Cyberthreats to Watch Right Now π΄
π Read
via "Dark Reading: ".
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.π Read
via "Dark Reading: ".
Darkreading
Holiday Hacks: 6 Cyberthreats to Watch Right Now
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
<b>⌨ What the Marriott Breach Says About Security ⌨</b>
<code>We donβt yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.</code><code>TO COMPANIES</code><code>For companies, this principle means accepting the notion that it is no longer possible to keep the bad guys out of your networks entirely. This doesnβt mean abandoning all tenets of traditional defense, such as quickly applying software patches and using technologies to block or at least detect malware infections.</code><code>It means accepting that despite how many resources you expend trying to keep malware and miscreants out, all of this can be undone in a flash when users click on malicious links or fall for phishing attacks. Or a previously unknown security flaw gets exploited before it can be patched. Or any one of a myriad other ways attackers can win just by being right once, when defenders need to be right 100 percent of the time.</code><code>The companies run by leaders and corporate board members with advanced security maturity are investing in ways to attract and retain more cybersecurity talent, and arranging those defenders in a posture that assumes the bad guys will get in.</code><code>This involves not only focusing on breach prevention, but at least equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when an adversary gains an initial foothold is like allowing a tiny cancer cell to metastasize into a much bigger illness that β left undetected for days, months or years β can cost the entire organism dearly.</code><code>The companies with the most clueful leaders are paying threat hunters to look for signs of new intrusions. Theyβre reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer β anyone but the Chief Technology Officer.</code><code>Theyβre constantly testing their own networks and employees for weaknesses, and regularly drilling their breach response preparedness (much like a fire drill). And, apropos of the Marriott breach, they are finding creative ways to cut down on the volume of sensitive data that they need to store and protect.</code><code>Media</code><code>TO INDIVIDUALS</code><code>Likewise for individuals, it pays to accept two unfortunate and harsh realities:</code><code>Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless arenβt, including your credit card information, Social Security number, motherβs maiden name, date of birth, address, previous addresses, phone number, and yes β even your credit file.</code><code>Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold β usually through no fault of your own. And if youβre an American, it means (at least for the time being) your recourse to do anything about that when it does happen is limited or nil.</code><code>Marriott is offering affected consumers a yearβs worth of service from a company owned by security firm Kroll that advertises the ability to scour cybercrime underground markets for your data. Should you take them up on this offer? It probably canβt hurt as long as youβre not expecting it to prevent some kind of bad outcome. But once youβve accepted Realities #1 and #2 above it becomes clear there is nothing such services could tell you that you donβt already know.</code><code>Once youβve owned both of these realities, you realize that expecting another company to safeguard your security is a foolβs errandβ¦
<code>We donβt yet know the root cause(s) that forced Marriott this week to disclose a four-year-long breach involving the personal and financial information of 500 million guests of its Starwood hotel properties. But anytime we see such a colossal intrusion go undetected for so long, the ultimate cause is usually a failure to adopt the most important principle in cybersecurity defense that applies to both corporations and consumers: Assume you are compromised.</code><code>TO COMPANIES</code><code>For companies, this principle means accepting the notion that it is no longer possible to keep the bad guys out of your networks entirely. This doesnβt mean abandoning all tenets of traditional defense, such as quickly applying software patches and using technologies to block or at least detect malware infections.</code><code>It means accepting that despite how many resources you expend trying to keep malware and miscreants out, all of this can be undone in a flash when users click on malicious links or fall for phishing attacks. Or a previously unknown security flaw gets exploited before it can be patched. Or any one of a myriad other ways attackers can win just by being right once, when defenders need to be right 100 percent of the time.</code><code>The companies run by leaders and corporate board members with advanced security maturity are investing in ways to attract and retain more cybersecurity talent, and arranging those defenders in a posture that assumes the bad guys will get in.</code><code>This involves not only focusing on breach prevention, but at least equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when an adversary gains an initial foothold is like allowing a tiny cancer cell to metastasize into a much bigger illness that β left undetected for days, months or years β can cost the entire organism dearly.</code><code>The companies with the most clueful leaders are paying threat hunters to look for signs of new intrusions. Theyβre reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer β anyone but the Chief Technology Officer.</code><code>Theyβre constantly testing their own networks and employees for weaknesses, and regularly drilling their breach response preparedness (much like a fire drill). And, apropos of the Marriott breach, they are finding creative ways to cut down on the volume of sensitive data that they need to store and protect.</code><code>Media</code><code>TO INDIVIDUALS</code><code>Likewise for individuals, it pays to accept two unfortunate and harsh realities:</code><code>Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless arenβt, including your credit card information, Social Security number, motherβs maiden name, date of birth, address, previous addresses, phone number, and yes β even your credit file.</code><code>Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold β usually through no fault of your own. And if youβre an American, it means (at least for the time being) your recourse to do anything about that when it does happen is limited or nil.</code><code>Marriott is offering affected consumers a yearβs worth of service from a company owned by security firm Kroll that advertises the ability to scour cybercrime underground markets for your data. Should you take them up on this offer? It probably canβt hurt as long as youβre not expecting it to prevent some kind of bad outcome. But once youβve accepted Realities #1 and #2 above it becomes clear there is nothing such services could tell you that you donβt already know.</code><code>Once youβve owned both of these realities, you realize that expecting another company to safeguard your security is a foolβs errandβ¦
β Monday review β the hot 21 stories of the week β
π Read
via "Naked Security".
From Black Mirror-esque social ratings IRL to the guy who had his car stolen by hackers - twice, and everything in between. It's weekly roundup time.π Read
via "Naked Security".
Naked Security
Monday review β the hot 21 stories of the week
From Black Mirror-esque social ratings IRL to the guy who had his car stolen by hackers β twice, and everything in between. Itβs weekly roundup time.
β Faster fuzzing ferrets out 42 fresh zero-day flaws β
π Read
via "Naked Security".
A group of researchers has found 42 zero-day flaws in a range of software tools using a new take on an old concept - fuzzing.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Microsoft cracks down on tech support scams, 16 call centers raided β
π Read
via "Naked Security".
Police raided 16 Indian call centers last week - a second big raid sparked by Microsoft filing complaints about tech support scammers.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Router attack exploits UPnP and NSA malware to target PCs β
π Read
via "Naked Security".
The UPnProxy router compromise uncovered earlier in 2018 is now being used to attack computers on networks connected to the same gateways.π Read
via "Naked Security".
Naked Security
Router attack exploits UPnP and NSA malware to target PCs
The UPnProxy router compromise uncovered earlier in 2018 is now being used to attack computers on networks connected to the same gateways.
β Printers pulled into 9100 port attack spew PewDiePie propaganda β
π Read
via "Naked Security".
Printers worldwide printed messages urging people to subscribe to the vlogger's YouTube channel in a demo of a well-known vulnerability.π Read
via "Naked Security".
Naked Security
Printers pulled into 9100 port attack spew PewDiePie propaganda
Printers worldwide printed messages urging people to subscribe to the vloggerβs YouTube channel in a demo of a well-known vulnerability.
β YouTuber PewDiePie Promoted Via 50K Hacked Printers β
π Read
via "Threatpost | The first stop for security news".
The incident sheds light on just how insecure printers are.π Read
via "Threatpost | The first stop for security news".
Threat Post
YouTuber PewDiePie Promoted Via 50K Hacked Printers
YouTube celeb PewDiePie gets illegal boost from Twitter user @HackerGiraffe in a popularity contest with Bollywood YouTuber T-Series.
π΄ Filling the Cybersecurity Jobs Gap - Now and in the Future π΄
π Read
via "Dark Reading: ".
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.π Read
via "Dark Reading: ".
Dark Reading
Filling the Cybersecurity Jobs Gap - Now and in the Future
Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills.
β iOS Fitness Apps Robbing Money From Apple Victims β
π Read
via "Threatpost | The first stop for security news".
The two apps, βFitness Balance Appβ and βCalories Tracker app,β were tricking users into payments of $120.π Read
via "Threatpost | The first stop for security news".
Threat Post
iOS Fitness Apps Robbing Money From Apple Victims
The two apps, βFitness Balance Appβ and βCalories Tracker app,β were tricking users into payments of $120.
β Lenovo Ordered to Pay $7.3M in Superfish Fiasco β
π Read
via "Threatpost | The first stop for security news".
The laptop giant will settle a 32-state class-action lawsuit stemming from pre-installing vulnerable ad-targeting software.π Read
via "Threatpost | The first stop for security news".
Threat Post
Lenovo Ordered to Pay $7.3M in Superfish Fiasco
The laptop giant will settle a 32-state class-action lawsuit stemming from pre-installing vulnerable ad-targeting software.