Security

Here's the thing about passwords: They're terrible. Passwords are easy to hack, easy to lose and hard to use. Worse still, passwords guard some of our most valuable digital assets. "There's a whole bunch of valuable information about you in the cloud," said Alex Simons, Microsoft's corporate vice president of program management. "Hackers are looking for things they can monetize. All of [your] accounts represent value, and the minute there's value then all of a sudden there's an economy and there are hackers that want to go after that economy." Now playing: Watch this: Inside a password-free future 2:46 CNET visited the Microsoft Garage — a hackerspace designed to test new technologies located on the firm's Redmond, Washington campus — to learn how biometric security like facial recognition, iris scanners, and fingerprint readers might someday replace passwords. Microsoft's biometric security initiatives contribute to the FIDO Alliance, a collaborative … [Read more...] about This is how we might finally replace passwords

See also 10 dangerous app vulnerabilities to watch out for (free PDF) Threat actors have started scanning the internet for Windows systems that are vulnerable to the BlueKeep (CVE-2019-0708) vulnerability.This vulnerability impacts the Remote Desktop Protocol (RDP) service included in older versions of the Windows OS, such as XP, 7, Server 2003, and Server 2008.Microsoft released fixes for this vulnerability on May 14, as part of the May 2019 Patch Tuesday updates train, and warned users and companies to patch vulnerable systems as soon as possible, classifying the issue as very dangerous, and warning that CVE-2019-0708 could be weaponized to create wormable (self-replicating) exploits.Many have likened BlueKeep to the EternalBlue exploit that's been used in 2017 during the WannaCry, NotPetya, and Bad Rabbit ransomware outbreaks.No proof-of-concept demo code (yet)For this reason, and because of Microsoft's doom-and-gloom warning, for the past two weeks, the infosec community has … [Read more...] about Intense scanning activity detected for BlueKeep RDP flaw

A hacking tool developed by the US National Security Agency is now being used to shut down American cities and towns, says a Saturday report in The New York Times.Code-named EternalBlue, the hacking exploit involves malicious software and was leaked in 2017 by a group called Shadow Brokers. Hackers used the tool that same year in the worldwide WannaCry ransomware attacks, which locked up computer systems at hospitals, banks and phone companies and required a ransom to set the networks free. It was also used in the 2017 NotPetya assault against Ukraine, which has been called the most destructive cyberattack ever.Now, though, EternalBlue has reportedly landed in the NSA's own backyard: Baltimore, site of the agency's headquarters. The city has been hobbled since a ransomware attack on May 7 ensnared the local government's computers, disrupting city services. Baltimore's IT department is only slowly getting systems up and running again."It is not just in Baltimore," says the Times report. … [Read more...] about Stolen NSA hacking tool now victimizing US cities, report says

See also 10 dangerous app vulnerabilities to watch out for (free PDF) Canva, a Sydney-based startup that's behind the eponymous website builder and logo design service, was hacked earlier today, ZDNet has learned.Data for roughly 139 million users has been taken during the breach, according to the hacker, who tipped off ZDNet.Responsible for the breach is a hacker going online as GnosticPlayers. The hacker is infamous. Since February this year, he/she/they has put up for sale on the dark web the data of 932 million users, which he stole from 44 companies from all over the world.Hack took place this morningToday, the hacker contacted ZDNet about his latest hack, involving Australian tech unicorn Canva, which he said he breached just hours before, earlier this morning."I download everything up to May 17," the hacker said. "They detected my breach and closed their database server."Stolen data included details such as customer usernames, real names, email addresses, and city & … [Read more...] about Australian tech unicorn Canva suffers security breach

Drones: Security and privacy implications for organizations Drones are drastically transforming a variety of industries today, but they could give rise to a range of privacy and security risks. Read more: https://zd.net/2Hd0EWu In April, Marvel fans finally received an ending to an 11-year saga when "Avengers: Endgame" premiered in theaters. Without revealing too many spoilers, the Avengers were tasked with undoing a finger snap (yes, a snap) executed by the villain from the previous movie. This snap was so substantial that it caused half of the universe's population to vanish. The Avengers then spent the entire movie discovering a way to reverse this half-of-life-ending snap and preventing the villain from decimating the entire universe's population.  See also 10 dangerous app vulnerabilities to watch out for (free PDF) While watching this movie, I began to contemplate what would happen if we eliminated all or even half of current security measures. What if organizations … [Read more...] about The security snapshot: We’re in the endgame now