Antivirus maker Sentinelone uses copyright claims to censor video of security research that revealed defects in its products

At this week’s B-Sides Manchester security conference, James Williams gave a talk called “Next-gen AV vs my shitty code,” in which he systematically revealed the dramatic shortcomings of anti-virus products that people pay good money for and trust to keep them safe — making a strong case that these companies were selling defective goods.

Disrupting the Cyber Kill Chain: How to Contain Use of Tools and Protocols

Preventing lateral movement and unauthorized domain access due to the misuse of network credentials – especially due to reconnaissance tools looking for weak spots – is a challenge plaguing many enterprises. In fact, it’s a decades-old security problem. A major issue for enterprises has been how to detect and contain the use of reconnaissance tools like BloodHound, authentication protocols such as NTLM, DCE/RPC, Kerberos and Lightweight Directory Access Protocol (LDAP), as well as other IT tools like PsExec and Powershell that are being misused or exploited by attackers.

NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other ‘High Potential’ Targets

An anonymous reader quotes a report from The Intercept: The National Security Agency successfully broke the encryption on a number of “high potential” virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. The fact that the NSA spied on Al Jazeera’s communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA’s compromise of Al Jazeera’s VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, “Paraguayan SABRE,” Russian airline Aeroflot, and “Russian Galileo.” Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world. In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries’ VPNs appears to have occurred at roughly the same time as a broader “all-out campaign to penetrate Iraqi networks,” described by an NSA staffer in 2005.

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from more than two dozen cash machines across multiple countries.

Cyber Security Requires A New Approach

The recent boom in cyber crime means it is no longer a problem reserved for IT departments. It’s now a responsibility for the entire organisation – from C-level executives to those in marketing and sales, everyone must work together to tackle the threat.

Incentivai launches to simulate how hackers break blockchains

Cryptocurrency projects can crash and burn if developers don’t predict how humans will abuse their blockchains. Once a decentralized digital economy is released into the wild and the coins start to fly, it’s tough to implement fixes to the smart contracts that govern them. That’s why Incentivai is coming out of stealth today with its artificial intelligence simulations that test not just for security holes, but for how greedy or illogical humans can crater a blockchain community. Crypto developers can use Incentivai’s service to fix their systems before they go live.

Arm Your Defenses to Guard Against Nation State Attacks

Nation state attackers are on the hunt for the next vulnerable target. No longer satisfied with infiltrating government institutions or mining for sensitive military data, they are broadening their efforts to target industrial facilities and businesses with the intent to destabilize and disrupt organizations and their countries.

The Treatment

The broken screen lit up. 3:24 AM. The air stood still, thick and heavy. Sammi tossed and turned, trying to soothe her aching body, but it was futile. She’s never been so uncomfortable in her own skin. The cracked screen lit up again as she typed: ‘Risks to baby—Purilexa.’ She had entered those keywords over a hundred times with varying combinations and always got the same results.

IDG Contributor Network: Balancing cybersecurity and regulatory compliance

Rigorous regulations like GDPR and California’s Consumer Privacy Act will only become more prevalent, as long as our current cybersecurity landscape continues to suffer the near-crippling data breach affliction. Attackers seem to be one step ahead of defenders, constantly changing their attack vectors as new technologies become available, such as artificial intelligence and automated bots. But is coming up with new laws protecting or hindering our progress?

A new foreign investment bill will impact venture capital and the US startup ecosystem

More posts by this contributor

President Trump’s time in office has been punctuated by rising tension with China on a host of economic issues. He’s received bipartisan criticism for the impact of tariffs on Chinese goods and the resulting retaliation against American exports.

This Week in Security News: Banks and Botnets

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the FBI warned U.S. banks of a wide-scale cybercrime campaign called “ATM cash-out,” in which hackers use cloned ATM cards for fraudulent withdrawals. Also, a botnet called Necurs has begun a campaign of phishing emails targeting bank employees.