Security News

Friday Squid Blogging: Giant Squid Genome Analyzed

Schneier on Security - Fri, 01/17/2020 - 16:19
This is fantastic work: In total, the researchers identified approximately 2.7 billion DNA base pairs, which is around 90 percent the size of the human genome. There's nothing particularly special about that size, especially considering that the axolotl genome is 10 times larger than the human genome. It's going to take some time to fully understand and appreciate the intricacies... Bruce Schneier
Categories: Security News

Visa's plan against Magecart attacks: Devalue and disrupt

ZDNet Zero Day - Fri, 01/17/2020 - 13:29
Visa is actively going after Magecart groups, but also deploying new technologies to safeguard payment card data.
Categories: Security News

JhoneRAT exploits cloud services to attack Middle Eastern countries

ZDNet Zero Day - Fri, 01/17/2020 - 08:09
Google Drive, Twitter, ImgBB and Google Forms are being abused in the name of data theft.
Categories: Security News

WordPress plugin vulnerability can be exploited for total website takeover

ZDNet Zero Day - Fri, 01/17/2020 - 07:10
The “easily exploitable” bug in WP Database Reset has serious consequences for webmasters.
Categories: Security News

A hacker is patching Citrix servers to maintain exclusive access

ZDNet Zero Day - Fri, 01/17/2020 - 06:29
FireEye believes this is a bad guy hoarding Citrix servers, rather than a good-guy vigilante looking out for organizations.
Categories: Security News

EU considers banning facial recognition technology in public spaces

ZDNet Zero Day - Fri, 01/17/2020 - 05:56
A potential ban could last for five years to allow lawmakers to catch up.
Categories: Security News

FBI seizes WeLeakInfo, a website that sold access breached data

ZDNet Zero Day - Fri, 01/17/2020 - 03:13
WeLeakInfo website sold access to more than 12 billion user records that leaked from breaches at other online services.
Categories: Security News

FBI: Nation-state actors have breached two US municipalities

ZDNet Zero Day - Thu, 01/16/2020 - 15:22
The SharePoint CVE-2019-0604 vulnerability has been one of the most targeted security flaw
Categories: Security News

Securing Tiffany's Move

Schneier on Security - Thu, 01/16/2020 - 10:01
Story of how Tiffany & Company moved all of its inventory from one store to another. Short summary: careful auditing and a lot of police.... Bruce Schneier
Categories: Security News

Proof-of-concept exploits published for the Microsoft-NSA crypto bug

ZDNet Zero Day - Thu, 01/16/2020 - 02:32
Two proof-of-concept exploits published for the CurveBall (CVE-2020-0601) vulnerability.
Categories: Security News

Chinese man arrested after making $1.6 million from selling VPN services

ZDNet Zero Day - Wed, 01/15/2020 - 18:01
Chinese authorities continue their crackdown against unauthorized VPN services with what appears to be their biggest catch so far.
Categories: Security News

More than 600 million users installed Android 'fleeceware' apps from the Play Store

ZDNet Zero Day - Wed, 01/15/2020 - 11:04
A new set of 25 Android apps caught illegally charging users at the end of a trial period.
Categories: Security News

Facebook to notify users of third-party app logins

ZDNet Zero Day - Wed, 01/15/2020 - 08:26
Facebook rolls out improved security notifications for logins with Facebook accounts on third-party apps and websites.
Categories: Security News

Critical Windows Vulnerability Discovered by NSA

Schneier on Security - Wed, 01/15/2020 - 06:38
Yesterday's Microsoft Windows patches included a fix for a critical vulnerability in the system's crypto library. A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.... Bruce Schneier
Categories: Security News

P&N Bank discloses data breach, customer account information, balances exposed

ZDNet Zero Day - Wed, 01/15/2020 - 05:29
The Australian bank says a cyberattack took place during a server upgrade.
Categories: Security News

You can now use an iPhone as a security key for Google accounts

ZDNet Zero Day - Wed, 01/15/2020 - 04:48
All iPhones running iOS 10 or later can now be used as hardware security keys for Google accounts.
Categories: Security News

Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack

ZDNet Zero Day - Wed, 01/15/2020 - 04:37
If you use these plugins you should update immediately as firewall protection will not work.
Categories: Security News

Adobe’s first 2020 security patch update fixes code execution vulnerabilities

ZDNet Zero Day - Wed, 01/15/2020 - 03:11
This month’s security round is small but resolves some important bugs.
Categories: Security News

Microsoft January 2020 Patch Tuesday fixes 49 security bugs

ZDNet Zero Day - Tue, 01/14/2020 - 14:48
Today's patches also fix a major vulnerability in Windows' cryptographic library.
Categories: Security News

Upcoming Speaking Engagements

Schneier on Security - Tue, 01/14/2020 - 13:00
This is a current list of where and when I am scheduled to speak: I'm speaking at Indiana University Bloomington on January 30, 2020. I'll be at RSA Conference 2020 in San Francisco. On Wednesday, February 26, at 2:50 PM, I'll be part of a panel on "How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei." On... Bruce Schneier
Categories: Security News