❌ Obamacare Sign-Up Channel Breach Affects 75K Consumers ❌

A hack targeted the Direct Enrollment pathway, which allows insurance agents and brokers to help consumers sign up for Affordable Care Act coverage.

📖 Read

via "The first stop for security news | Threatpost ".

❌ The Danger and Opportunity in 5G Connectivity and IoT ❌

The advent of 5G presents an opportunity for us to think the exploding number of IoT devices and how we securely connect to the digital world.

📖 Read

via "The first stop for security news | Threatpost ".

🔐 Why cybersecurity dominates concerns surrounding AI adoption 🔐

Even though artificial intelligence adoption is high, concerns regarding legal and ethical risks persist.

📖 Read

via "Security on TechRepublic".

🕴 Gartner Experts Highlight Tech Trends - And Their Security Risks 🕴

Security must be built into systems and applications from the beginning of the design process, they agreed.

📖 Read

via "Dark Reading: ".

🔐 Quantum computing: A cheat sheet 🔐

This resource covers the future of computing in the post-transistor age, and the technical hurdles inherent in the pursuit of quantum computing.

📖 Read

via "Security on TechRepublic".

🔐 Ransomware: A cheat sheet for professionals 🔐

This guide covers Locky, WannaCry, Petya, and other ransomware attacks, the systems hackers target, and how to avoid becoming a victim and paying cybercriminals a ransom in the event of an infection.

📖 Read

via "Security on TechRepublic".

🕴 Healthcare.gov FFE Breach Compromises 75K Users' Data 🕴

Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.

📖 Read

via "Dark Reading: ".

🔐 How to detect hardware-based server bugs 🔐

Following controversy from a recent Bloomberg report, here's how you should approach auditing physical hardware security.

📖 Read

via "Security on TechRepublic".

🕴 2018 State of Cyber Workforce 🕴

Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.

📖 Read

via "Dark Reading: ".

🕴 UK, US to Sign Accord on AI, Cybersecurity Cooperation 🕴

Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.

📖 Read

via "Dark Reading: ".

🕴 US Tops Global Malware C2 Distribution 🕴

The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.

📖 Read

via "Dark Reading: ".

<b>&#9000; Who Is Agent Tesla? &#9000;</b>

<code>A powerful, easy-to-use password stealing program known as Agent Tesla has been infecting computers since 2014, but recently this malware strain has seen a surge in popularity — attracting more than 6,300 customers who pay monthly fees to license the software. Although Agent Tesla includes a multitude of features designed to help it remain undetected on host computers, the malware’s apparent creator seems to have done little to hide his real-life identity.</code><code>The proprietors of Agent Tesla market their product at agenttesla-dot-com, selling access to the software in monthly licenses paid for via bitcoin, for prices ranging from $15 to $69 per month depending on the desired features.</code><code>Media</code><code>The Agent Tesla Web site emphasizes that the software is strictly “for monitoring your personel [sic] computer.” The site’s “about” page states that Agent Tesla “is not a malware. Please, don’t use for computers which is not access permission.” To backstop this disclaimer, the site warns that any users caught doing otherwise will have their software licenses revoked and subscriptions canceled.</code><code>At the same time, the Agent Tesla Web site and its 24/7 technical support channel (offered via Discord) is replete with instances of support personnel instructing users on ways to evade antivirus software detection, use software vulnerabilities to deploy the product, and secretly bundle the program inside of other file types, such as images, text, audio and even Microsoft Office files.</code><code>Media</code><code>A description of some of the options posted to the Agent Tesla sales Web site.</code><code>In August 2018, computer security firm LastLine said it witnessed a 100 percent increase in Agent Tesla instances detected in the wild over just a three month period.</code><code>“Acting as a fully-functional information stealer, it is capable of extracting credentials from different browsers, mail, and FTP clients,” LastLine wrote. “It logs keys and clipboards data, captures screen and video, and performs form-grabbing (Instagram, Twitter, Gmail, Facebook, etc.) attacks.”</code><code>Media</code><code>Most of the options included in Agent Tesla revolve around stealth, persistence, evading security tools, spreading to other computers, or tampering with system settings.</code><code>I CAN HAZ TESLA</code><code>The earliest versions of Agent Tesla were made available for free via a Turkish-language WordPress site that oddly enough remains online (agenttesla.wordpress-dot-com), although its home page now instructs users to visit the current AgentTesla-dot-com domain. Not long after that WordPress site was erected, its author(s) began charging for the software, accepting payments via a variety of means, including PayPal, Bitcoin and even wire transfer to several bank accounts in Turkey.</code><code>MediaHistoric WHOIS Web site registration records maintained by Domaintools.com show that the current domain for the software — agenttesla-dot-com — was registered in 2014 to a young man from Antalya, Turkey named Mustafa can Ozaydin, and to the email address mcanozaydin@gmail.com. Sometime in mid-2016 the site’s registration records were hidden behind WHOIS privacy services [full disclosure: Domaintools is a previous advertiser on KrebsOnSecurity].</code><code>That Gmail address is tied to a Youtube.com account for a Turkish individual by the same name who has uploaded exactly three videos over the past four years. In one of them, uploaded in October 2017 and titled “web panel,” Mr. can Ozaydin demonstrates how to configure a Web site. At around 3:45 in the video, we can see the purpose of this demonstration is to show people one way to install an Agent Tesla control panel to keep track of systems infected with the malware.</code><code>Incidentally, the administrator of the 24/7 live support channel for Agent Tesla users at one point instructed customers to view this same…

🕴 Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition 🕴

Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.

📖 Read

via "Dark Reading: ".

🕴 The Patching Paradox: A Path to Intelligent Vulnerability Management 🕴

Imagine: You're out at sea, sailing through treacherous and uncharted waters. The tips of sharp rocks jutting from the waves give some forewarning of danger, but beneath the surface, twisting reefs and shallow sandbanks threaten to run you aground.

📖 Read

via "Dark Reading: ".

🕴 What Keeps the CISO Awake at Night 🕴

How to keep your CISO sleeping soundly

📖 Read

via "Dark Reading: ".

⚠ Pirates! Don’t blame your illegal file sharing on family members ⚠

Stop blaming your piracy on your mum. You can no longer avoid liability by saying that a family member had access to your connection.

📖 Read

via "Naked Security".

⚠ Why is Elon Musk promoting this Bitcoin scam? (He’s not) ⚠

While scrolling through my Twitter feed I saw a Bitcoin scam so unabashed that it got me thinking.... do such scams really work?

📖 Read

via "Naked Security".

⚠ Adult websites shuttered after 1.2 million user details exposed ⚠

It's not even close to the number of users affected by the massive Ashley Madison breach, but the results could be just as devastating to those who are affected.

📖 Read

via "Naked Security".

❌ Thousands of Applications Vulnerable to RCE via jQuery File Upload ❌

The flaw has existed for eight years thanks to a security change in Apache.

📖 Read

via "The first stop for security news | Threatpost ".

🔐 How sophisticated phishing grants attackers total control of your computer 🔐

Phishing is all about the bad guy and fooling the victim, says Kevin Mitnick, founder, Mitnick Security Consulting. Mitnick knows about bad guys-he used to be one.

📖 Read

via "Security on TechRepublic".

🔐 Cybersecurity predictions: More cyberattacks, social engineering, and scary IoT 🔐

Kevin Mitnick, founder, Mitnick Security Consulting, discusses emerging cybersecurity trends and how we can defend ourselves with TechRepublic's Dan Patterson.

📖 Read

via "Security on TechRepublic".