f1tym1

Sophisticated malicious emails continue to creep into every inbox, every day. Yet many employees still don’t know enough to spot an unsecure website, and 13 percent of them click on URLs that could hide malware. And, while experts recommend training staff to sniff out phishing campaigns and other cyber threats, they also advise not to rely on staff to keep hackers out.

[unable to retrieve full-text content]

Set to open next week, the conference room is in keeping with Facebook’s nick-of-time approach to midterm election preparedness. (It introduced a “pilot program” for candidate account security on Monday.) It’s a big project. Samidh Chakrabarti, who oversees elections and civic engagement, told the Times: “We see this as probably the biggest companywide reorientation since our shift from desktops to mobile phones.” Of course, the effort extends beyond the new conference room. Chakrabarti showed the Times a new internal tool “that helps track information flowing across the social network in real time,” helping to identify misinformation as it goes viral or a surge in the creation of new (and likely fake) accounts.

Popular ad-blocker AdGuard has forcibly reset all of its users’ passwords after it detected hackers trying to break into accounts.

could have allowed miners to bring down the entire blockchain

The Zero Day Initiative has gone public with an unpatched remote-code execution bug in Microsoft’s Jet database engine, after giving Redmond 120 days to fix it. The Windows giant did not address the security blunder in time, so now everyone knows about the flaw, and no official patch is available.

==========================================================================
Ubuntu Security Notice USN-3769-1
September 20, 2018

Asterisk Project Security Advisory – AST-2018-009

I was recently working with a large US-based company that suffered from repeated breaches to their corporate network. After we deployed the Preempt Platform and started monitoring all traffic, we quickly found several hacked privileged accounts that attackers were using. The interesting thing was that all privileged accounts were protected with password vaults and their passwords were rotated every 24 hours. In that particular case, the attackers compromised a web gateway that some admins logged into each day using a plaintext password. Using this weakness, attackers easily defeated the Privileged Access Management (PAM) solution, they simply had to harvest the password each day and do whatever they wanted with it.

The White House announced a new national cybersecurity strategy Thursday in an effort raise federal network defenses and more aggressively deter foreign adversaries from threatening U.S. interests.

A new report from Akamai reveals that the financial services industry has become a prime target for credential stuffing botnets. The report highlights two attacks on financial services sites. One botnet attack caused a major financial company’s login attempts to spike from an average of approximately 50,000 an hour to over 350,000 in one afternoon. The other saw a credit union attacked by three botnets at the same time, the most dangerous not being the biggest, but the one which kept up a sustained lower level attack over a longer period so as not to arouse suspicion.

Everyone’s favorite trillion-dollar retailer hosted a private event today where they continued to exercise their highly-strategic approach to hardware where they just throw everything at the wall and wait to see what sticks.

Brooks Rainwater Contributor

• Blockchain technology could be the great equalizer for American cities
• How the digital economy shapes American cities

Camille J. Moore Contributor

Details are emerging about a recent ransomware attack against VON Canada, the nation’s only nonprofit home and community care organization. Reports state that the organization discovered the problem on September 1 but as of now it hasn’t fully resumed normal operations.

Corporate networks have quickly become more and more complex. Change requests are regularly processed in the hundreds by IT security teams, which are then applied to company owned network devices.   As a result, underlying network configuration processes increase in size and complexity, impacting the resources needed to manage the required changes. These changes affect all environments, from multi-vendor firewalls and routers, to SDN and hybrid cloud platforms. The sheer size of the modern network therefore makes it increasingly difficult for companies to manage the complexity that comes with it. Cybercriminals are ideally positioned to take advantage of this confusion, which has left businesses scrambling to safeguard their networks from both targeted and automated attacks that penetrate the network by capitalising on overly permissive access policies.

In response to the news that the authors of the Mirai botnet have avoided prison sentences after cooperating with the FBI and providing substantial assistance in other complex cybercrime investigations, IT security experts commented below.

Alchemist is the Valley’s premiere enterprise accelerator and every season they feature a group of promising startups. They are also trying something new this year: they’re putting a reserve button next to each company, allowing angels to express their interest in investing immediately. It’s a clever addition to the demo day model.

Posted by Jason Woloz and Mayank Jain, Android Security & Privacy Team

In the previous part of a joint investigation, Bellingcat and The Insider – Russia established that:

It’s been four months since the EU GDPR (General Data Protection Regulation) came into force, but it seems many organisations still aren’t compliant. Some may have been waiting to see what fines the ICO (Information Commissioner’s Office) would hand out for data breaches; others may think they don’t need to worry because they’ve never suffered a cyber attack or a data breach before, or that they’ll simply deal with it if it does happen.