2 days ago Patreon attackers drop data, expose usersThe Register View Synopsis+1
15 GB file hits dump sites
The attackers that compromised Patreon have dumped the data on various bin sites.
At least passwords were encrypted with 2048-bit RSA, hashed via bcrypt, and salted.
2 days ago Automating the Hunt for Hidden ThreatsSANS Reading Room View Synopsis+1
An Analyst Program whitepaper by Dr. Eric Cole. It defines the process of automating the hunt for threats, and discusses how to deploy a continuous threat-hunting process while preparing a team to analyze threats to protect critical processes and data.
Remote-code execution danger on VM hosts
VMware is urging users of its vCenter Server and ESXi software to install its latest patches to plug vulnerabilities that can allow remote-code execution and denial of service.
1 day ago T-Mobile US hires someone other than bungling Experian to offer ID theft monitoring to hack victimsThe Register View Synopsis+1
TransUnion to keep a look out for crooks
First, Experian was hacked by criminals, and its sensitive records on 15 million people who applied for T-Mobile US phone contracts were stolen.
18 hours ago Android Circuit: Superb Galaxy Edge Plus, New Nexus Reviewed, OnePlus Founder Wants Samsung JobForbes View Synopsis+1
This week's Android Circuit includes news from Google's event on Tuesday, initial reviews on the Nexus 5X and Nexus 6P, a look at the Pixel C tablet, the highlights of the Nexus Engineers' AMA on Reddit, details on the two new Chromecast models, a review of the Samsung Galaxy Edge+, Tag Heur's Android Wear watch, Google's psychological trick to promote security updates, and OnePlus' founder asking for a job with Samsung.
15 hours ago Breaches at Scottrade and ExperianIT Toolbox Blogs View Synopsis+1
They seem to be coming faster and more frequently. Scottrade Breach Hits 4.6 Million Customers Experian Breach Affects 15 Million Consumers
1 day ago Zero Day Weekly: Gatekeeper, Stagefright, Experian and T-Mobile breach, VMware and WinRAR's bad weekZDNet View Synopsis+1
Notable security news items for the week ending October 2, 2015. Covers enterprise, application and mobile security, reports and more.
T-Mobile confirmed in a letter that the personally identifiable information of about 15 million customers has been obtained through a hack at Experian, a T-Mobile vendors hired to perform credit checks.
Upgrading your iOS device? Learn how to properly wipe all personal data from your current device before selling or giving it away to protect it from data loss.
NEW YORK (AP) - A weak report on the U.S. jobs market knocked the stock market lower early Friday. U.S. employers cut back sharply on hiring in September and added fewer jobs in July and August than previously thought.
1 day ago Practical approaches for MTCP SecuritySANS Reading Room View Synopsis+1
Multi-path TCP (MPTCP) is an emerging IETF standard for providing connection resilience and bandwidth aggregation. MPTCP evolves the existing TCP protocol by allowing multiple TCP flows for a TCP session. This provides exciting new possibilities for mobile devices that can maintain TCP sessions as connection paths are added or dropped, and multi-homed servers that allow TCP sessions to take advantage of a mesh topology. However, current network security monitoring infrastructure solutions cannot appropriately inspect MPTCP connections, leaving significant intrusion detection and data loss blind spots. This paper will discuss practical approaches for MPTCP security.
Even worse: Thousands of other sites are making the same facepalm-worthy mistake.
1 day ago Resilient Systems NewsSchneier blog View Synopsis+1
Former Raytheon chief scientist Bill Swanson has joined our board of directors.
For those who don't know, Resilient Systems is my company. I'm the CTO, and we sell an incident-response management platform that...well...helps IR teams to manage incidents. It's a single hub that allows a team to collect data about an incident, assign and manage tasks, automate actions, integrate intelligence information, and so on. It's designed to be powerful, flexible, and intuitive -- if your HR or legal person needs to get involved, she has to be able to use it without any training. I'm really impressed with how well it works. Incident response is all about people, and the platform makes teams more effective. This is probably the best description of what we do.
We have lots of large- and medium-sized companies as customers. They're all happy, and we continue to sell this thing at an impressive rate. Our Q3 numbers were fantastic. It's kind of scary, really.
As of October 1, 2015, US retailers were supposed to have adopted technology that allows them to accept chip-and-PIN payment cards.......
The St. Louis-based brokerage firm Scottrade has been hit by a breach.
The post Scottrade Alerts 4.6 Million Brokerage Customers of Breach appeared first on WIRED.
1 day ago Scottrade Belatedly Learns of BreachInfoRiskToday View Synopsis+1
Law Enforcement Officials Inform Discount Brokerage of Hacker AttackDiscount brokerage firm Scottrade says hackers accessed its computer network and stole names and street addresses of millions of its clients. The firm says it learned of the intrusion from law enforcement officials.
As part of the Wireless Field Day 8 delegation, I had the pleasure of taking a briefing with Aruba Networks in a meeting room at Levi's Stadium in Santa Clara. This magnificent facility is where the San Francisco 49ers play, and will be the site of Super Bowl 50 in February of 2016. Aruba (now an HP company) is behind the wireless
10 hours ago Android Circuit: Nexus 6P Hands-On, OnePlus Founder Wants Samsung Job, Galaxy Edge Plus ReviewedForbes View Synopsis+1
This week's Android Circuit includes news from Google's event on Tuesday, initial reviews on the Nexus 5X and Nexus 6P, a look at the Pixel C tablet, the highlights of the Nexus Engineers' AMA on Reddit, details on the two new Chromecast models, a review of the Samsung Galaxy Edge+, Tag Heur's Android Wear watch, Google's psychological trick to promote security updates, and OnePlus' founder asking for a job at Samsung.
11 hours ago Experian Hack Continues Pattern Of RecklessnessForbes View Synopsis+1
Whether Experian can simply "˜lobby their way out of messes' as Fight for the Future fears, or even whether customer pressure will motivate it to offer victims of its weak security a better response than its own credit monitoring service, remains to be seen.