🕴 Trend Micro Finds Major Flaws in HolaVPN 🕴

A popular free VPN is found to have a very high cost for users.

📖 Read

via "Dark Reading: ".

🕴 Twitter Hack May Have State-Sponsored Ties 🕴

A data leak was disclosed after attackers targeted a support form, which had "unusual activity."

📖 Read

via "Dark Reading: ".

<b>&#9000; A Chief Security Concern for Executive Teams &#9000;</b>

<code>Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.</code><code>KrebsOnSecurity reviewed the Web sites for the global top 100 companies by market value, and found just five percent of top 100 firms listed a chief information security officer (CISO) or chief security officer (CSO). Only a little more than a third even listed a CTO in their executive leadership pages.</code><code>The reality among high-tech firms that make up the top 50 companies in the NASDAQ market was even more striking: Fewer than half listed a CTO in their executive ranks, and I could find only three that featured a person with a security title.</code><code>Nobody’s saying these companies don’t have CISOs and/or CSOs and CTOs in their employ. A review of these companies via LinkedIn suggests that most of them in fact do have people in those roles (although I suspect the few that aren’t present or easily findable on LinkedIn have made a personal and/or professional decision not to be listed as such).</code><code>But it is interesting to note which roles companies consider worthwhile publishing in their executive leadership pages. For example, 73 percent of the top 100 companies listed a chief of human resources (or “chief people officer”), and about one-third included a chief marketing officer.</code><code>Not that these roles are somehow more or less important than that of a CISO/CSO within the organization. Nor is the average pay hugely different among all three roles. Yet, considering how much marketing (think consumer/customer data) and human resources (think employee personal/financial data) are impacted by your average data breach, it’s somewhat remarkable that more companies don’t list their chief security personnel among their top ranks.</code><code>Media</code><code>Julie Conroy, research director at the market analyst firm Aite Group, said she initially hypothesized that companies with a regulatory mandate for strong cybersecurity controls (e.g. banks) would have this role in their executive leadership team.</code><code>“But a quick look at Bank of America and Chase’s websites proved me wrong,” Conroy said. “It looks like the CISO in those firms is one layer down, reporting to the executive leadership.”</code><code>Conroy says this dynamic reflects the fact that revenue centers like human capital and the ability to drum up new business are still prioritized and valued by businesses more than cost centers — including loss prevention and cybersecurity.</code><code>“Marketing and digital strategy roles drive top line revenue for firms—the latter is particularly important in retail and banking businesses as so much commerce moves online,” Conroy said. “While you and I know that cybersecurity and loss prevention are critical functions for all types of businesses, I don’t think that reality is reflected in the organizational structure of many businesses still. A common theme in my discussions with executives in cost center roles is how difficult it is for them to get budget to fund the tech they need for loss prevention initiatives.”</code><code>EXHIBIT A: EQUIFAX</code><code>Common or not, the dominant reporting structure in corporations runs the risk of having security concerns take a backseat when they get in the way of productivity, and often leaves the security team without someone to advocate for the proper budget.</code><code>Take the mega breach at Equifax last year that exposed the personal and financial…

❌ Russia-Linked Sofacy Debuts Fresh Zebrocy Malware Variant ❌

The group continues to evolve its custom malware in an effort to evade detection.

📖 Read

via "Threatpost | The first stop for security news".

🕴 Memes on Twitter Used to Communicate With Malware 🕴

Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.

📖 Read

via "Dark Reading: ".

🕴 When Cryptocurrency Falls, What Happens to Cryptominers? 🕴

The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.

📖 Read

via "Dark Reading: ".

⚠ How not to secure US missile defences ⚠

One BMDS site’s patching was so deficient, it failed to address a critical vulnerability that first came to light nearly three decades ago.

📖 Read

via "Naked Security".

⚠ SQLite creator fires back at Tencent’s bug hunters ⚠

The creator of SQLite has downplayed reports of a bug that could lead to remote code execution.

📖 Read

via "Naked Security".

⚠ Instagram became the preferred tool in Russia’s propaganda war ⚠

Facebook and Twitter got a lot of heat, but "Instagram’s appeal is that’s where the kids are, and that seems to be where the Russians went."

📖 Read

via "Naked Security".

⚠ Snack-happy parrot shows insider threats come in all shapes and sizes ⚠

The African Grey has tried to get Alexa to send him lightbulbs, a kite, watermelon, ice cream, strawberries, raisins, broccoli and ice cream.

📖 Read

via "Naked Security".

❌ Facebook Defends Against Data-Sharing Partnerships ❌

Facebook is under fire again for its data privacy policies.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Malware targeting IoT devices grew 72% in Q3 alone 🔐

Total malware samples grew 34% over the past year, with major rises in coinmining and fileless attacks, according to a McAfee Labs report.

📖 Read

via "Security on TechRepublic".

⚠ Serious Security: When cryptographic certificates attack ⚠

Machine learning is all the rage - but don't knock human savvy just yet! One weird character can be enough to alert a smart researcher...

📖 Read

via "Naked Security".

🔐 How BMC and UEFI can be exploited to brick servers and take down your data center 🔐

Out-of-band management systems can be a weak link to securing your data center. Here's how a debug utility can be leveraged to brick your systems.

📖 Read

via "Security on TechRepublic".

❌ Threatpost Poll: Do You Hate Facebook? ❌

Weigh in on Facebook and privacy in our short poll.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Why CXOs are leading the charge for AI-based security 🔐

While 73% of organizations already use some level of artificial intelligence, the technology comes with its own challenges, according to a ProtectWise report.

📖 Read

via "Security on TechRepublic".

🕴 Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots 🕴

While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.

📖 Read

via "Dark Reading: ".

🕴 DOJ Announces Indictment in Nigerian Banking Scam 🕴

International investment scam laundered funds through US bank accounts before being sent to Nigeria.

📖 Read

via "Dark Reading: ".

❌ Hackers Succeed in NASA Mission, Lifting Thousands of Employee Records ❌

Twelve years' worth of data has blasted off into the Dark Web.

📖 Read

via "Threatpost | The first stop for security news".

🔐 Attackers are using cloud services to mask attack origin and build false trust 🔐

Conditioning users to think "padlock equals security" has unintended consequences when cloud services are used to host malware droppers.

📖 Read

via "Security on TechRepublic".

🔐 5 biggest security vulnerabilities of 2018 🔐

2018 brought massive, hardware-level security vulnerabilities to the forefront. Here's the five biggest vulnerabilities of the year, and howyou can address them.

📖 Read

via "Security on TechRepublic".