Security Ledger Daily Ledger Mix

In the 03/03/2018 edition:

A Secure Development Approach Pays Off

By Leigh-Anne Galloway Cyber Security Resilience Lead at Positive Technologies on Mar 02, 2018 10:30 am

Software security shouldn't be an afterthought. That's why the secure software development life cycle deserves a fresh look.

A Sneak Peek at the New NIST Cybersecurity Framework

By Laurence Pitt Strategic Security Director EMEA Juniper Networks on Mar 02, 2018 09:00 am

Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.

20,000 web certificate private keys outed in “business tiff”

By Paul Ducklin on Mar 02, 2018 08:58 am

How would you react if the company that sold you your web certificate leaked it by email to force the certificate issuer to revoke it?

Facebook’s see yourself bald app: extreme hackers or extreme hoax?

By Lisa Vaas on Mar 02, 2018 07:58 am

Facebook's latest hoax warns that "extreme hackers" are selling our data on the "black market."

Can emojis save you from a terrible password?

By John E Dunn on Mar 02, 2018 06:24 am

Researchers might have discovered a simple way to get more computer users to opt for strong passwords - tell them how easy their weak choices would be to hack.

Don’t fall for fake iTunes and App Store messages

By Lisa Vaas on Mar 02, 2018 06:18 am

Apple posted a new guide with tips on distinguishing official emails from phishing attempts that are getting more convincing all the time.

Equifax finds 2.5 Million more Victims of Hack

By Paul on Mar 01, 2018 08:40 pm

Equifax on Thursday disclosed that 2.4 million additional customers had information stolen in a 2017 cyber attack. The company said it overlooked the victims in prior forensic analysis of the incident.  The credit rating agency Equifax said on Thursday that it has identified 2.5 million additional victims of a months long hack it first disclosed...

Read the whole entry... »

Related Stories

Number of Sites Hosting Cryptocurrency Miners Surges 725% in 4 Months

By Jai Vijayan Freelance writer on Mar 01, 2018 06:30 pm

The dramatic increase in cryptocurrency prices, especially for Monero, is behind the sudden explosive growth, says Cyren.

Bug in HP Remote Management Tool Leaves Servers Open to Attack

By Tom Spring on Mar 01, 2018 05:56 pm

Firmware versions of HPE’s remote management hardware iLO3 have an unauthenticated remote denial of service vulnerability.

'Chafer' Uses Open Source Tools to Target Iran's Enemies

By Curtis Franklin Jr. Executive Editor, Technical Content on Mar 01, 2018 05:30 pm

Symantec details operations of Iranian hacking group mainly attacking air transportation targets in the Middle East.

Big banks want to weaken the internet’s underlying security protocol

By Patrick Howell O'Neill on Mar 01, 2018 04:52 pm

The tech and financial industries are butting heads over the latter’s push to intentionally weaken a security protocol that underlies how the public securely accesses the vast majority of the internet. Critics are charging that the financial industry is pushing for a weakness in the new version of the Transport Layer Security (TLS) protocol, all for the sake of avoiding the time, effort and resources needed to adapt to the new standard. TLS is a bedrock internet security protocol used to secure everything from web browsing and email to instant messaging, voice, video and the internet of things. A new version, known as TLS 1.3, will usher in the largest changes in the protocol’s history. Contributors are hammering out the details before the update is likely finalized at the March meeting of the Internet Engineering Task Force (IETF), an independent group that designs internet standards. Heading into the meeting, the financial […]

The post Big banks want to weaken the internet’s underlying security protocol appeared first on Cyberscoop.

Securing the Web of Wearables, Smartphones & Cloud

By Kelly Sheridan Associate Editor, Dark Reading on Mar 01, 2018 04:45 pm

Why security for the Internet of Things demands that businesses revamp their software development lifecycle.

DHS leaders push cybersecurity risk assessment program for critical infrastructure companies

By Chris Bing on Mar 01, 2018 04:18 pm

Secretary of Homeland Security Kirstjen Nielsen is pitching a new supply chain cybersecurity program in an effort to engage with some of the country’s largest critical infrastructure providers, including the oil, electric and water treatment industries. “Our nation’s supply chain is being targeted by our most sophisticated adversaries with increasing regularity,” Nielsen said Thursday to a room full of people representing private sector companies. “We ask for you to work with us on this initiative … the goal of this initiative is to help stakeholders make better informed procurement decisions by providing them with supply chain risk assessment and mitigation recommendations.” The program is focused on DHS authoring and providing digital risk assessments to companies and government agencies about products that they may acquire or install on their systems. The move comes after the federal government banned the use of Moscow-based Kaspersky Labs’ anti-virus software across government systems. In addition, […]

The post DHS leaders push cybersecurity risk assessment program for critical infrastructure companies appeared first on Cyberscoop.

Enemies of U.S. continue cyberattacks without fear of reprisal, NSA director nominee says

By Zaid Shoorbajee on Mar 01, 2018 04:03 pm

Russia and China continue to hack into U.S. companies and government agencies because they aren’t afraid of a potential response, senior U.S. officials say. The Army general expected to be confirmed as the next head of the NSA and U.S. Cyber Command told senators at a congressional hearing Thursday that he doesn’t believe U.S. adversaries in cyberspace fear any repercussions for conducting hacking campaigns and cyber-espionage. Lt. Gen. Paul Nakasone’s bleak assessment at at a Senate Armed Services Committee hearing comes two days after the the same committee grilled the outgoing Adm. Mike Rogers, who Nakasone would replace, for indicating that the U.S. does not have offensive plans in motion to retaliate against cyberattacks. Responding to a line of questioning from Sen. Dan Sullivan, R-Alaska., who called the U.S. “the cyber punching bag of the world”, Nakasone said that countries known to target the U.S. in cyberattacks are not deterred […]

The post Enemies of U.S. continue cyberattacks without fear of reprisal, NSA director nominee says appeared first on Cyberscoop.

Machine learning self defence: how to not shoot yourself in the foot

By Mark Stockley on Mar 01, 2018 03:52 pm

Our machine learning series starts with arguably the biggest threat you face: yourself.

Sophisticated RedDrop Malware Targets Android Phones

By Lindsey O'Donnell on Mar 01, 2018 03:40 pm

A new strain of mobile malware found on an array of apps can pull out sensitive data – including audio recordings – from Android phones.

Nuance Communications says NotPetya attack has cost it $92 million since June

By Michelai Graham on Mar 01, 2018 02:55 pm

Another U.S. software company has disclosed its losses due to the infamous NotPetya cyberattack. Nuance Communications — a U.S. computer software company that provides applications for speech and imaging to financial and healthcare companies — is claiming that the June 2017 attack cost the company $92 million in lost revenue. Nuance also said that its expecting more losses from the cyberattack this year. The Burlington, Massachusetts-based company disclosed information about its losses in a 10-Q filing with the Securities and Exchange Commission (SEC). In the filing, the company says the attack mainly affected healthcare companies using its software for transcription services and order processing. It also mentioned that a subsequent data breach had occurred in December 2017 when “an unauthorized third party illegally accessed reports hosted on a Nuance transcription platform.” The company stated that this incident was “limited in scope to records of approximately 45,000 individuals and was isolated.” The company expects to […]

The post Nuance Communications says NotPetya attack has cost it $92 million since June appeared first on Cyberscoop.

GitHub Among Victims of Massive DDoS Attack Wave

By Dark Reading Staff on Mar 01, 2018 02:45 pm

GitHub reports its site was unavailable this week when attackers leveraged Memcached servers to generate large, widespread UDP attacks.

GitHub hit with record 1.35-Tbps denial of service attack, more attacks expected

By Patrick Howell O'Neill on Mar 01, 2018 02:17 pm

GitHub suffered and survived a record 1.35-terabit-per-second denial of service attack on Wednesday, an unprecedented deluge of traffic that’s spotlighting just how powerful “amplification attacks” can be — and a new attack vector experts predict is about to become a lot more common. The top comment on the Hacker News discussion says it all: “Wow, 1.35Tbps? That’s a lot for a DoS attack, right?” It’s still early in 2018, but that could be the understatement of the year so far. Wednesday’s attack counts as the most powerful denial of service barrage against a single site in history. It’s significantly larger than the size of the 2016 Mirai botnet attacks that brought down a host of the internet’s biggest websites through an attack on Dyn that rippled out to other sites dependent on the company’s infrastructure and DNS services. GitHub went down a number of times during this week’s attack until traffic was moved to […]

The post GitHub hit with record 1.35-Tbps denial of service attack, more attacks expected appeared first on Cyberscoop.

How & Why the Cybersecurity Landscape Is Changing

By Zeus Kerravala Founder and Principal Analyst, ZK Research on Mar 01, 2018 02:00 pm

A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.

Intel’s latest set of Spectre microcode fixes is coming to a Windows update

By Peter Bright on Mar 01, 2018 01:14 pm

Windows users will no longer be beholden to their motherboard makers.

Phishers Target Social Media

By Curtis Franklin Jr. Executive Editor, Technical Content on Mar 01, 2018 01:00 pm

Financial institutions still the number one target, according to a new report by RiskIQ.

Ad Network Circumvents Ad-Blocking Tools To Run In-Browser Cryptojacker Scripts

By Lindsey O'Donnell on Mar 01, 2018 12:40 pm

Researchers say cyrptojackers are bypassing ad-blocking software in an attempt to run in-browser cyrptocurrency miner Coinhive.

Equifax finds ANOTHER 2.4 million Americans hit by breach

By Lisa Vaas on Mar 01, 2018 12:16 pm

...meanwhile, a new study says half of us haven't checked our credit reports or scores since the breach. No time like the present!

ICS Under Fire in 2017

By Ericka Chickowski Contributing Writer, Dark Reading on Mar 01, 2018 11:45 am

New Dragos report finds rising number of public vulnerability advisories around ICS with not enough reasonable guidance around how to deal with these flaws.

Equifax Finds 2.4 Million Additional US Victims of its Data Breach

By Dark Reading Staff on Mar 01, 2018 11:19 am

Total of victims now at 147.9 million customers.

GDPR will change how companies work with cloud providers

By Greg Otto on Mar 01, 2018 11:16 am

One of the bigger stipulations in GDPR is that third-party service providers, including companies who run the ever-ubiquitous cloud, will also be responsible for following the correct protocols when it comes to protecting EU citizen data. Yet just as companies keep throwing everything into the cloud, we are seeing errors in the way they safeguard personally identifiable data. If you have been following the work of Chris Vickery, you know how easily these errors can be found. Vickery, ‎director of cyber risk research for California-based Upguard, has been finding misconfigured cloud instances all over the internet. Just in the past year, Vickery identified these openly discoverable instances associated with a Florida credit monitoring firm, media behemoth Viacom, and even at the Department of Defense. Each finding had enough PII to keep privacy officers sleepless for weeks. While they were all based in America, Vickery recently came across a similar breach at French marketing firm Octoly, which caters […]

The post GDPR will change how companies work with cloud providers appeared first on Cyberscoop.


Recent Articles:

Iran Taps Chafer APT Group amid Civil Aviation Crisis
What Enterprises Can Learn from Medical Device Security
Bugcrowd raises $26 million in latest funding round
Journey to the Cloud: Overcoming Security Risks
27% of under-18s have been sexted, and it’s on the rise
Copyright © 2018 Box Jump LLC/The Security ledger, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list