⚠ Facebook photo API bug exposed users’ unpublished photos ⚠
📖 Read
via "Naked Security".
It affected up to 6.8 million users and up to 1,500 apps. “We're sorry this happened,” said Facebook with what must be acute apology fatigue.📖 Read
via "Naked Security".
Naked Security
Facebook photo API bug exposed users’ unpublished photos
It affected up to 6.8 million users and up to 1,500 apps. “We’re sorry this happened,” said Facebook with what must be acute apology fatigue.
🕴 8 Security Tips to Gift Your Loved Ones For the Holidays 🕴
📖 Read
via "Dark Reading: ".
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.📖 Read
via "Dark Reading: ".
Dark Reading
8 Security Tips to Gift Your Loved Ones For the Holidays
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
❌ Newsmaker Interview: Troy Mursch on Top Botnet Trends ❌
📖 Read
via "Threatpost | The first stop for security news".
MikroTik, Hadoop clusters, legislation and more will mark the botnet space in 2019.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Newsmaker Interview: Troy Mursch on Top Botnet Trends
MikroTik, Hadoop clusters, legislation and more will mark the botnet space in 2019.
🔐 Why 2019 will introduce stricter privacy regulation 🔐
📖 Read
via "Security on TechRepublic".
Privacy regulation is a complex topic with ever-changing parameters and requirements. Read some predictions for what's coming in 2019.📖 Read
via "Security on TechRepublic".
TechRepublic
Why 2019 will introduce stricter privacy regulation
Privacy regulation is a complex topic with ever-changing parameters and requirements. Read some predictions for what's coming in 2019.
❌ WSJ Webpage Defaced to Support PewDiePie ❌
📖 Read
via "Threatpost | The first stop for security news".
The hack comes on the heels of the PewDiePie-supporting printer attacks over the weekend.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
WSJ Webpage Defaced to Support PewDiePie
The hack comes on the heels of the PewDiePie-supporting printer attacks over the weekend.
🔐 Why cryptojacking will become an even larger problem in 2019 🔐
📖 Read
via "Security on TechRepublic".
Cryptojacking was the runaway security problem in 2018, damaging devices in cybercriminals' pursuit of profits. As cryptocurrency prices fall, 2019 could see more attacks.📖 Read
via "Security on TechRepublic".
TechRepublic
Why cryptojacking will become an even larger problem in 2019
Cryptojacking was the runaway security problem in 2018, damaging devices in cybercriminals' pursuit of profits. As cryptocurrency prices fall, 2019 could see more attacks.
🕴 How to Engage Your Cyber Enemies 🕴
📖 Read
via "Dark Reading: ".
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.📖 Read
via "Dark Reading: ".
Darkreading
How to Engage Your Cyber Enemies
Having the right mix of tools, automation, and intelligence is key to staying ahead of new threats and protecting your organization.
❌ Hidden Code in Memes Instruct Malware via Twitter ❌
📖 Read
via "Threatpost | The first stop for security news".
Analysts discover malicious code embedded in tweeted images.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Hidden Code in Memes Instruct Malware via Twitter
Analysts discover malicious code embedded in tweeted images.
❌ WordPress Targeted with Clever SEO Injection Malware ❌
📖 Read
via "Threatpost | The first stop for security news".
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
WordPress Targeted with Clever SEO Injection Malware
The malware does its best to obfuscate SEO injection in WordPress and evade notice from web admins.
🕴 Cryptographic Erasure: Moving Beyond Hard Drive Destruction 🕴
📖 Read
via "Dark Reading: ".
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.📖 Read
via "Dark Reading: ".
Darkreading
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
⚠ After SamSam, Ryuk shows targeted ransomware is still evolving ⚠
📖 Read
via "Naked Security".
Devastating, targeted ransomware attacks didn't start with SamSam and they didn't end with it either.📖 Read
via "Naked Security".
Naked Security
After SamSam, Ryuk shows targeted ransomware is still evolving
Devastating, targeted ransomware attacks didn’t start with SamSam and they didn’t end with it either.
🕴 Trend Micro Finds Major Flaws in HolaVPN 🕴
📖 Read
via "Dark Reading: ".
A popular free VPN is found to have a very high cost for users.📖 Read
via "Dark Reading: ".
Dark Reading
Trend Micro Finds Major Flaws in HolaVPN
A popular free VPN is found to have a very high cost for users.
🕴 Twitter Hack May Have State-Sponsored Ties 🕴
📖 Read
via "Dark Reading: ".
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."📖 Read
via "Dark Reading: ".
Dark Reading
Twitter Hack May Have State-Sponsored Ties
A data leak was disclosed after attackers targeted a support form, which had unusual activity.
<b>⌨ A Chief Security Concern for Executive Teams ⌨</b>
<code>Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.</code><code>“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financial…
<code>Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.</code><code>“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financial…
❌ Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant ❌
📖 Read
via "Threatpost | The first stop for security news".
The group continues to evolve its custom malware in an effort to evade detection.📖 Read
via "Threatpost | The first stop for security news".
Threat Post
Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant
The group continues to evolve its custom malware in an effort to evade detection.
🕴 Memes on Twitter Used to Communicate With Malware 🕴
📖 Read
via "Dark Reading: ".
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.📖 Read
via "Dark Reading: ".
Darkreading
Memes on Twitter Used to Communicate With Malware
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
🕴 When Cryptocurrency Falls, What Happens to Cryptominers? 🕴
📖 Read
via "Dark Reading: ".
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.📖 Read
via "Dark Reading: ".
Darkreading
When Cryptocurrency Falls, What Happens to Cryptominers?
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
⚠ How not to secure US missile defences ⚠
📖 Read
via "Naked Security".
One BMDS site’s patching was so deficient, it failed to address a critical vulnerability that first came to light nearly three decades ago.📖 Read
via "Naked Security".
Naked Security
How not to secure US missile defences
One BMDS site’s patching was so deficient, it failed to address a critical vulnerability that first came to light nearly three decades ago.
⚠ SQLite creator fires back at Tencent’s bug hunters ⚠
📖 Read
via "Naked Security".
The creator of SQLite has downplayed reports of a bug that could lead to remote code execution.📖 Read
via "Naked Security".
Naked Security
SQLite creator fires back at Tencent’s bug hunters
The creator of SQLite has downplayed reports of a bug that could lead to remote code execution.
⚠ Instagram became the preferred tool in Russia’s propaganda war ⚠
📖 Read
via "Naked Security".
Facebook and Twitter got a lot of heat, but "Instagram’s appeal is that’s where the kids are, and that seems to be where the Russians went."📖 Read
via "Naked Security".
Naked Security
Instagram became the preferred tool in Russia’s propaganda war
Facebook and Twitter got a lot of heat, but “Instagram’s appeal is that’s where the kids are, and that seems to be where the Russians went.”
⚠ Snack-happy parrot shows insider threats come in all shapes and sizes ⚠
📖 Read
via "Naked Security".
The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream.📖 Read
via "Naked Security".
Naked Security
Snack-happy parrot shows insider threats come in all shapes and sizes
The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream.