Facebook security chief Alex Stamos reportedly planning to leave
Facebook’s security chief Alex Stamos is leaving Facebook. But it is not due to latest backlash about Facebook and Cambridge Analytica; instead, the social network’s CSO is stepping down due to disagreements about how Facebook should have handled the spread of disinformation. The New York Times reported that much of disagreement “is rooted in how […] more…Oil and Gas Sector in Middle East Hit by Serious Security Incidents
Many oil and gas companies in the Middle East reported suffering at least one serious security incident in the past year, according to a study conducted by Ponemon Institute on behalf of German industrial giant Siemens. Nearly 200 individuals responsible for overseeing cybersecurity risk in oil and gas companies in the Middle East have taken […] more…Coverity Scan Hacked, Abused for Cryptocurrency Mining
Coverity Scan, a free service used by tens of thousands of developers to find and fix bugs in their open source projects, was suspended in February after hackers breached some of its servers and abused them for cryptocurrency mining. Synopsys, which acquired Coverity in 2014, started notifying Coverity Scan users about the breach on Friday. […] more…Facebook Security Chief Changes Role to Focus on Election Fraud
Facebook’s chief of security late Monday said his role has shifted to focusing on emerging risks and election security at the global social network, which is under fire for letting its platform be used to spread bogus news and manipulate voters. Alex Stamos revealed the change in his role at work after a New York […] more…Frost Bank Says Data Breach Exposed Check Images
Frost Bank, a subsidiary of Cullen/Frost Bankers, Inc., announced on Friday that it discovered the unauthorized access to images of checks stored electronically. According to the company, it discovered last week that a third-party lockbox software program had been compromised, resulting in unauthorized users being able to view and copy images of checks stored electronically […] more…F-Secure Looks to Address Cyber Security Risks in Aviation Industry
Aviation, as part of the transportation sector, falls within the critical infrastructure. While it may not have the same security issues as ICS/SCADA-based manufacturing and utilities, it has certain conceptual similarities; including, for example, a vital operational technology infrastructure with increasing internet connectivity, and the associated cyber risks. It also has one major difference — […] more…Cambridge Analytica: Firm at the Heart of Facebook Scandal
At the center of a scandal over alleged misuse of Facebook users’ personal data, Cambridge Analytica is a communications firm hired by those behind Donald Trump’s successful US presidential bid. An affiliate of British firm Strategic Communication Laboratories (SCL), Cambridge Analytica has offices in London, New York, Washington, as well as Brazil and Malaysia. Here’s […] more…Preventing Business Email Compromise Requires a Human Touch
Human-powered Intelligence Plays a Critical Role in Defending Against Socially Engineered Attacks The FBI’s Internet Crime Complaint Center (IC3) declared Business Email Compromise (BEC) the “3.1 billion dollar scam” in 2016, an amount which then grew in the span of one year into a “5 billion dollar scam.” Trend Micro now projects those losses in […] more…California Bill Seeks to Adopt Strict Net Neutrality Despite FCC Ruling
As Americans wait to see whether net neutrality can gain enough support among lawmakers to invoke disapproval via the Congressional Review Act, individual states are not waiting — several are working on state laws to maintain net neutrality within their own borders. In December 2017, under the chairmanship of Ajit Pau, the FCC voted 3-2 […] more…Cisco Meraki Offers Up to $10,000 in Bug Bounty Program
Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability. Cisco Meraki, which resulted from Cisco’s acquisition of Meraki in late 2012, started with a private bug bounty program on the Bugcrowd platform. The private program led to […] more…China-linked Hackers Target Engineering and Maritime Industries
A China-related cyberespionage group that has been active for half a decade has increased its attacks on engineering and maritime entities over the past months, FireEye reports. Referred to as Leviathan or TEMP.Periscope, the group has been historically interested in targets connected to South China Sea issues, which hasn’t changed in the recently observed attacks. […] more…GitHub Paid $166,000 in Bug Bounties in 2017
Git repository hosting service GitHub paid a total of $166,495 in rewards in 2017 to security researchers reporting vulnerabilities as part of its four year old bug bounty program. Total payouts more than doubled compared to the $81,700 paid in 2016 and were nearly equal to the total bounties paid during the first three years […] more…PinkKite POS Malware Is Small but Powerful
A newly discovered piece of malware targeting point-of-sale (POS) systems has a very small size but can do a lot on the infected systems, security researchers reveal. Called PinkKite, the POS malware was observed last year as part of a large campaign that ended in December, but was only detailed last week at Kaspersky Lab’s […] more…Hackers Awarded $267,000 at Pwn2Own 2018
White hat hackers have earned a total of $267,000 at this year’s Pwn2Own competition for exploits targeting Microsoft Edge, Apple Safari, Oracle VirtualBox and Mozilla Firefox. On the first day, Richard Zhu (aka fluorescence) failed to hack Safari, but he did demonstrate an exploit chain against Edge, which earned him $70,000. Niklas Baumstark from the […] more…Intel Shares Details on New CPUs With Spectre, Meltdown Protections
Intel announced on Thursday that patches designed to address the Spectre vulnerability are now available for all the affected CPUs released in the past five years, and shared more details on the future processors that will include protections against these types of attacks. Intel CEO Brian Krzanich informed customers that the company has made available […] more…U.S. Hits Russia With Sanctions for Election Meddling
Donald Trump’s administration on Thursday levied sanctions against Russia’s top spy agencies and more than a dozen individuals for trying to influence the 2016 US presidential election and conducting separate cyberattacks. The announcement follows a lengthy delay that had caused anger on Capitol Hill and raised questions about Trump’s willingness to confront Moscow. The measures […] more…More information
- Microsoft pushes its three pillars at Ignite—security, intelligence, and cloud
- The top infosec issues of 2014
- DHS Retreats on Possible Facial Screening of US Citizens
- First Major Attempts to Regulate AI Face Headwinds From All Sides
- China to probe Micron over cybersecurity, in chip war’s latest battle
- Degredation: PASS Backups Are Partially Unavailable
- Microsoft SharePoint Server CVE-2018-0947 Remote Privilege Escalation Vulnerability
- Researchers hide data in music – and human ears can’t detect it
- Google to Purge Billions of Files Containing Personal Data in Settlement of Chrome Privacy Case
- Emerging Trends in Vulnerability Management