Security, Compliance, Privacy, & Payments
1.7K views | +0 today
Follow
Security, Compliance, Privacy, & Payments
Security, Compliance, Privacy, & Payments
Curated by Secunoid
Your new post is loading...
Your new post is loading...
Scooped by Secunoid
Scoop.it!

Security News This Week: WhatsApp Is Caught in Its Own Crypto War in Brazil

Security News This Week: WhatsApp Is Caught in Its Own Crypto War in Brazil | Security, Compliance, Privacy, & Payments | Scoop.it
As Apple’s standoff with the FBI over its iPhone encryption continues, security news this week focused on that growing hot zone in the crypto cold war. A congressional hearing on the subject brought Apple and the FBI into the same room to make their cases to legislators, who may have the last word in this conflict. Fellow tech giants filed amicus briefs in support of Apple’s legal case, arguing that acceding to the FBI’s demand that Apple write software to help crack San Bernadino shooter Syed Farook’s phone would set a dangerous precedent. Several top iPhone hackers and security researchers weighed in to back Apple, too. WIRED broke down all the ways the government could actually pull data from locked iPhones without Apple’s help. And perhaps most importantly, a New York judge ruled that Apple didn’t have to decrypt a locked iPhone in another case across the country, punching a potential hole in the FBI’s legal theory that the 1789 All Writs Act can be used to compel companies to cooperate in this sort of intel-collection tactic. Apple and FBI news aside, WIRED’s Kim Zetter brought to light disturbing new details in the hacker attack that took down a power grid in Ukraine. The Pentagon launched the federal government’s first “bug bounty” program. A security researcher demonstrated a method of hijacking a $35,000 police drone, which he says could be used to hack it from more than a mile away. And the privacy community discovered that Amazon had dropped encryption from its FireOS tablets, a development that seemed connected to the Apple FBI case, but wasn’t. But as packed as that week sounds, there was more: Each Saturday we round up the news stories that we didn’t break or cover in depth at WIRED, but which deserve your attention nonetheless. As always, click on the headlines to read the full story in each link posted. And stay safe out there. Brazil Arrests a Facebook Exec Over WhatsApp Encryption The mega-popular messaging service WhatsApp and its parent company Facebook are facing a crypto conflict of their own. In Brazil, Facebook vice president for Latin America Diego Dzodan was jailed on grounds of “non-compliance with court orders” after WhatsApp failed to provide messages demanded by prosecutors in a drug case. WhatsApp, after all, uses a crypto protocol created by the US. non-profit Open Whisper Systems to end-to-end encrypt all messages between Android phones so that even the company itself can’t access them. Dzodan was released a day later. But the case signals that there will be more legal clashes over user-controlled encryption, both in the US and abroad. San Bernardino Prosecutor Suggests Locked iPhone Might Contain ‘Cyber Pathogen’ Despite the legal and political resources the FBI has devoted to getting into San Bernardino shooter Syed Farook’s locked iPhone, the agency hasn’t detailed what exactly it believes it can get from the encrypted device. But in a filing in the case Thursday, San Bernardino District Attorney Michael Ramos warned that the phone might contain evidence that “it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino’s infrastructure.” In less bizarre terminology, he seems to be suggesting that Farook may have infected the network of the San Bernardino County office where he worked with malware. But the prosecutor offered no evidence of that theory. And as iPhone forensics expert Jonathan Zdziarski pointed out, the district attorney might as well be suggesting that a “magical unicorn might exist on this phone.” DROWN Attack Can Decrypt Connections to 11M Encrypted Websites Researchers unveiled a serious new vulnerability they discovered in the transport layer encryption used in millions of HTTPS websites. Their proof of concept attack, which they called DROWN or Decrypting RSA with Obsolete and Weakened eNcryption, takes advantage of an old, insecure encryption protocol known as SSLv2 that’s nonetheless still supported by many web servers. The researchers found that they could connect to a vulnerable server with that protocol repeatedly to glean bits of information about the server’s private keys until a supposedly secure connection can be decrypted. The researcher released a tool to check if your website is vulnerable here. DROWN represents only the latest attack to pummel HTTPS encryption over the last several years, following a slew of other troubling attacks exposed by researchers, including the BEAST and Logjam attacks. New Mac Malware Suggests Hacking Team May be Back Hacking Team, the notorious spyware developer and government contractor whose ugly viscera were exposed in a massive hacker breach last July, seems to have returned to its old game. That’s the conclusion, at least, of researchers who found a new piece of Mac-focused malware that appears to install a copy of Hacking Team’s spy tools on victims’ computers. It’s worth noting that the hacker attack that spilled Hacking Team’s guts last summer did leak that spy code also, suggesting that someone else may have adopted the code. But the researchers point to advancements in the malware’s obfuscation techniques and an active server controlling the spy tools as recently as January as evidence that the finding is a real surveillance tactic with Hacking Team’s fingerprints on it. The IRS’s New Hacking Protections Put in Place After Last Year’s Breach Have Been Hacked The IRS has already acknowledged that the hacker attack that hit the agency last year was much worse than it initially admitted, affecting more than 700,000 people and leading to many victims’ tax returns being claimed by criminals. Now it seems that the protections it put in place to protect against that attack have themselves been broken. In response to the breach, the IRS had given millions of people a unique PIN to identify themselves. That extra measure is meant to protect tax filers from being impersonated by criminals seeking to nab their tax refund. But security blogger Brian Krebs reports that at least one victim has had her PIN also stolen by criminals, thanks to an insecure “PIN retrieval” feature on the IRS website for those who have forgotten the six-digit number. That PIN retrieval feature uses only security questions with guessable or publicly recorded answers, like previous addresses and loan amounts, to check the user’s identity. Obama Administration Walks Back on Hacking Tool Export Restrictions The Wassenaar Arrangement, a 41-country agreement designed to restrict the export of dangerous goods to rogue nations, has been a topic of contention in the security industry: Last summer, the Commerce Department agreed to implement the agreement in the United States and expand it to cover “intrusion software,” in a bid to keep new surveillance techniques out of the hands of governments that would use them to spy on their citizens. But due to some overly broad language, security pros argued the same restrictions would also prevent the export of common security tools used for testing and research, isolating American firms and hurting international cybersecurity. Now the White House has listened, and filed a proposal Monday to eliminate those intrusion software controls. Windows Integrates “Advanced Threat Protection” to Spot Signs of a Breach Microsoft has long offered given away antivirus software and built “exploit mitigations” into Windows that are designed to make breaking a PC and infecting it with malware more difficult. Now it’s going a step further with Windows 10, building in a system to detect and spot unusual behavior on PCs that might be a sign of a hacker breach. Windows Defender Advanced Threat Protection, announced at the RSA conference, monitors what a Windows machine does and looks for signs that it’s being used maliciously, then reports any suspicious behavior to a network administrator. And with a billion Windows systems out there, it will have plenty of data to which it can compare that behavior to define what’s “normal” versus “suspicious.” A Teenager Out for Revenge Is Allegedly Hacking Random Russian Sites When passenger jet Malaysia Airlines flight MH17 was shot out of the sky over Eastern Ukraine in 2014, the world was horrified. Evidence suggested Russian-backed separatists used an ground-to-air missile launcher to shoot down the plane, carrying 298 people. Now, Motherboard reports that one hacker is getting revenge by targeting any and all Russian web sites for hacks. Calling himself Cyber Anakin, he tells Motherboard that he’s stolen data from at least two major sites, a news site and a game maker, compromising the data of up to 1.5 million people. “After the MH17 tragedy back in 2014, I made a promise to myself that I am going to revenge against Russians for what they did against the flight,” he told Motherboard. Pirates Hacked Into a Shipping Company to Gain Theft Intel One attack revealed at the RSA conference gives the phrase “software piracy” new meaning: A piracy operation compromised the server of a shipping firm to gain intel on which ships it should attack and what cargo it should steal. Verizon’s security researchers found that the pirates would use malware installed on the company’s network to identify valuable cargo containers and then board the ship, stealing that cargo alone and leaving the rest of the ship untouched. The thieves were better pirates than they were hackers, however, and made numerous errors that allowed their intrusion to be detected and blocked. Go Back to Top. Skip To: Start of Article. APPLEENCRYPTIONHACKS AND CRACKSMICROSOFTSECURITY ROUNDUPWASSENAAR ARRANGEMENTWHATSAPP
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Bangladesh bank governor resigns after $81m hack

Bangladesh bank governor resigns after $81m hack | Security, Compliance, Privacy, & Payments | Scoop.it
General strike called to protest against hanging of Ali Ahsan Mohammad Mujahid and Salahuddin Quader Chowdhury. Asia, Bangladesh, Law, Politics
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Google's 'encrypted-by-default' Android is NOT encrypting by default - The Register

Google's 'encrypted-by-default' Android is NOT encrypting by default - The Register | Security, Compliance, Privacy, & Payments | Scoop.it
It's sad that this isn't really a surprise
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Man suspected of hacking U.S. military satellite data arrested in UK - CNN.com

Man suspected of hacking U.S. military satellite data arrested in UK - CNN.com | Security, Compliance, Privacy, & Payments | Scoop.it
A man suspected of hacking the U.S. Department of Defense and swiping data from a military satellite-based system is arrested in the UK.
Secunoid's insight:

US DoD hacked?

more...
No comment yet.
Rescooped by Secunoid from HIPAA Compliance for Medical Practices
Scoop.it!

Mega-Breaches: Notification Lessons

Mega-Breaches: Notification Lessons | Security, Compliance, Privacy, & Payments | Scoop.it
Massive breaches, such as the recent hacker attack on health insurer Anthem, highlight why it's important for organizations to understand their breach notification

Via Technical Dr. Inc.
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Dutch SIM maker Gemalto says NSA, UK GCHQ "probably" hacked, but no "massive theft" of encryption keys

Dutch SIM maker Gemalto says NSA, UK GCHQ "probably" hacked, but no "massive theft" of encryption keys | Security, Compliance, Privacy, & Payments | Scoop.it
But Gemalto says any breach by U.S. and U.K. intel agencies "could not have" served the alleged purpose
Secunoid's insight:

#Gemalto on the defensive

more...
No comment yet.
Rescooped by Secunoid from QR Codes, Beacons & NFCs
Scoop.it!

PayPal and eBay file regulatory forms in preparation for breakup later this year

PayPal and eBay file regulatory forms in preparation for breakup later this year | Security, Compliance, Privacy, & Payments | Scoop.it
EBay and PayPal expect that the breakup will be completed "in the second half of 2015."

Via Paulo Gervasio
Secunoid's insight:

#PayPal and #eBay separating, wonder how the #payments landscape will change.

more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Bitcoin revolution could be the next internet, says Bank of England - Telegraph

Bitcoin revolution could be the next internet, says Bank of England - Telegraph | Security, Compliance, Privacy, & Payments | Scoop.it
The Bank of England has unveiled analysis of cryptocurrencies like Bitcoin that suggests electronic money could cause a tectonic shift in the payments industry
Secunoid's insight:

Bank of England showing support for #Bitcoin

more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Facebook Policies Taken to Task in Report for Data-Privacy Issues - Wall Street Journal

Facebook Policies Taken to Task in Report for Data-Privacy Issues - Wall Street Journal | Security, Compliance, Privacy, & Payments | Scoop.it
A report commissioned for Belgium’s privacy watchdog on Facebook’s policies said they give users a false sense of control over data privacy, and that the company is acting in violation of European privacy law.
Secunoid's insight:

#Facebook privacy policies under scrutiny.

more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Why Firmware Is So Vulnerable to Hacking, and What Can Be Done About It - Wired

Why Firmware Is So Vulnerable to Hacking, and What Can Be Done About It - Wired | Security, Compliance, Privacy, & Payments | Scoop.it
When Kaspersky Lab revealed last week that it had uncovered a sophisticated piece of malware designed to plant malicious code inside the firmware of computers, it should have surprised no one.
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

How to Craft a Compelling Storyline for Your Company

How to Craft a Compelling Storyline for Your Company | Security, Compliance, Privacy, & Payments | Scoop.it
Storytelling is a powerful way to get the message across about what your company does and on a deeper level, what it stands for.
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Payment Processor Stripe Now Allows Any Business to Accept Bitcoin - CoinDesk

Payment Processor Stripe Now Allows Any Business to Accept Bitcoin - CoinDesk | Security, Compliance, Privacy, & Payments | Scoop.it
San Francisco-based payments company Stripe has officially launched its bitcoin payments integration following months of beta testing.
Secunoid's insight:

#Bitcoin integration in payment platforms increasing.

 

more...
No comment yet.
Rescooped by Secunoid from COINBOARD
Scoop.it!

Dell Expands Bitcoin Payments to UK and Canada

Dell Expands Bitcoin Payments to UK and Canada | Security, Compliance, Privacy, & Payments | Scoop.it
Dell has announced it has expanded its bitcoin payments program to consumers in the UK and Canada.

Via Coinboard
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Forcing Apple to Hack That iPhone Sets a Dangerous Precedent

Forcing Apple to Hack That iPhone Sets a Dangerous Precedent | Security, Compliance, Privacy, & Payments | Scoop.it
Are Apple and other tech companies somehow against America’s national security if they create uncrackable encryption software that government investigators or even the company’s own engineers can’t break into? That’s the question coming to a head in the controversy over whether or not Apple should be forced to engineer new software to allow the FBI to unlock the iPhone used by one of the terrorists from the San Bernardino attack that killed 14 people in my home state of California last year. The attacks were unspeakable and more needs to be done to prevent attacks like these in the future. But the FBI cannot mandate that Apple create a backdoor to override the iPhone’s encryption features without creating a dangerous precedent that could cast a long shadow over the future of how we use our phones, laptops and the internet for years to come. We must understand the gravity of what is at stake if we give government this unprecedented review of our private communications. At first glance, the issue seems simple: Why shouldn’t law enforcement have access to information that could help us hunt down other terrorists or even to help prevent other terrorist attacks in the future? But this simplification overlooks the reason why companies have built their systems so securely to begin with: namely, to prevent criminals, terrorists and hackers from gaining access to our private and sensitive information. It’s a huge technological breakthrough that engineers are able to build systems so secure that even their own architects cannot break into them. And it’s why major players in the tech industry—from Facebook and Twitter to Microsoft and Google—are lining up to support Apple’s stance. WIRED OPINION ABOUT Congressman Darrell Issa is the US Representative for California’s 49th Congressional District and the current Chairman of the House Judiciary Subcommittee on Courts, Intellectual Property, and the Internet. Before joining public service, Issa served as CEO of Directed Electronics and previously served as the chairman of the Consumer Electronics Association. As Americans are increasingly living their lives online, it’s now become just as important for people to be able to secure their phones, laptops, credit card numbers, and accounts from intruders as it is to secure their homes. Just last year, the federal government suffered numerous embarrassing cyber attacks: The Office of Personnel Management’s security breach resulted in the theft of 22 million Americans’ information, including fingerprints, Social Security numbers, addresses, employment history, and financial records. And the Internal Revenue Service’s hack left as many as 334,000 taxpayer accounts compromised‑though just this week, the IRS revised that number to over 700,000 accounts, more than twice their original estimates. And it’s not just the government suffering these hacks: Target, JPMorgan, Home Depot, and more have all faced massive data breaches that left millions of Americans’ personal information exposed. Many of these people are just now starting to find out the extent of the damage done. Forcing Apple to manufacture new security vulnerabilities into its phones’ operating system in order to give the government access paves the way for these kinds of breaches to become all the more common. But even more alarming are the implications this decision would have for the online security of Americans for generations. If the government is successful in forcing Apple to help decrypt the phone in this case, it would create a dangerous precedent that would allow the government to continue coming back again and again to decrypt all kinds of devices in all kinds of circumstances, far beyond national security. It’s already been uncovered that the Justice Department is seeking similar court orders in as many as 12 other cases to give them access to the data inside locked iPhones. These cases are all over the nation: four in Illinois, three in New York, two in California, two in Ohio, and one in Massachusetts. And reports indicate that not these cases do not involve an act of terrorism. If you were worried about the slippery slope we’d create by allowing government access to this single phone, well… it’s already here. The problem of course is that if a special key is created and left under the front mat for law enforcement, the key won’t just be used by good guys in limited circumstances. They key will inevitably be discovered by others when they come snooping around, giving China, Russia, and hackers everywhere an entry point to our phones and the sensitive information stored on them. No one would say that Apple should obstruct justice or intentionally impede law enforcement’s attempts to bring perpetrators of heinous acts of violence to justice. But a company also shouldn’t be forced to deliberately weaken the integrity of their own products and subject millions of customers to security vulnerabilities in order to do so. Law enforcement are not ill-intentioned in their attempts to gain access to the information inside this particular phone. In Apple CEO Tim Cook’s open letter, he writes, “We have great respect for the professionals at the FBI and we believe their intentions are good.” I agree. Whether tech companies like Apple can be forced to undermine their own products and whether they will have to leave a backdoor open for government—and whoever else may find it—in their products is currently a question left to the courts. But as Congress begins contemplating revisions to the 1789 statue upon which this court order is built, lawmakers must be sure to protect citizens’ right to privacy and preserve the integrity of the online security protocols that help keep us all safe. Go Back to Top. Skip To: Start of Article. APPLEBACKDOORSHOUSE OF REPRESENTATIVESPRIVACYTERRORISMWIRED OPINION
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

21 tips, tricks and shortcuts to help you stay anonymous online

21 tips, tricks and shortcuts to help you stay anonymous online | Security, Compliance, Privacy, & Payments | Scoop.it
Avoiding being tracked online is nearly impossible, but here are a few ways to reduce the risk
Secunoid's insight:

Excellent cloakware!

more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Why Clinton's Private Email Server Was Such a Security Fail - Wired

Why Clinton's Private Email Server Was Such a Security Fail - Wired | Security, Compliance, Privacy, & Payments | Scoop.it
Hillary Clinton's homebrew email solution potentially left the communications of the top US foreign affairs official vulnerable to state-sponsored hackers.
Secunoid's insight:

Whatever happened to standard operating procedures.

more...
No comment yet.
Scooped by Secunoid
Scoop.it!

The auto industry is serious about connected car privacy - The Hill (blog)

The auto industry is serious about connected car privacy - The Hill (blog) | Security, Compliance, Privacy, & Payments | Scoop.it
This week, two thousand members of the International Association of Privacy Professionals (IAPP), will gather in Washington, D.C. to discuss the most pressing privacy and data security issues of the day.
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Senators Move to End Deadlock Over Funding of Homeland Security - New York Times

Senators Move to End Deadlock Over Funding of Homeland Security - New York Times | Security, Compliance, Privacy, & Payments | Scoop.it
The dispute over money to keep the department running has emerged as a proxy fight about President Obama’s immigration policies.
more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Tor Browser 4.0.4 Released

Tor Browser 4.0.4 Released | Security, Compliance, Privacy, & Payments | Scoop.it
Tor Browser 4.0.4 has been Released, includes 3 Firefox extensions: Torbutton, NoScript and HTTPS-Everywhere.
more...
No comment yet.
Rescooped by Secunoid from Peer2Politics
Scoop.it!

From Hacking Systems To Hacking People

From Hacking Systems To Hacking People | Security, Compliance, Privacy, & Payments | Scoop.it
New low-tech attack methods like 'visual hacking' demand an information security environment that values data privacy and a self-policing culture.

Via jean lievens
Secunoid's insight:

#Hacking people, a new concept and also an impending threat, which can only be addressed via regular awareness sessions.

more...
No comment yet.
Rescooped by Secunoid from Public Relations & Social Media Insight
Scoop.it!

Mobile commerce growing three times faster than e-commerce - Payments Cards & Mobile

Mobile commerce growing three times faster than e-commerce - Payments Cards & Mobile | Security, Compliance, Privacy, & Payments | Scoop.it
In a new piece of research issued by PayPal in collaboration with the market research company Ipsos, mobile commerce is growing at nearly three times the rate of overall ecommerce at a global level,

Via Jeff Domansky
Secunoid's insight:

Mobile commerce on the rise.

more...
Jeff Domansky's curator insight, February 25, 2015 2:24 AM

Mobile Marketing is definitely on the move.

Nedko Aldev's curator insight, February 26, 2015 5:33 AM

add your insight...

603
Scooped by Secunoid
Scoop.it!

Snowden: Spy Agencies 'Screwed All of Us' in Hacking Crypto Keys - Wired

Snowden: Spy Agencies 'Screwed All of Us' in Hacking Crypto Keys - Wired | Security, Compliance, Privacy, & Payments | Scoop.it
NSA whistleblower Edward Snowden didn’t mince words during a Reddit Ask Me Anything session on Monday when he said the NSA and the British spy agency GCHQ had “screwed all of us” when it hacked into the Dutch firm Gemalto to steal cryptographic...
Secunoid's insight:

Snowden spills more beans.

more...
No comment yet.
Rescooped by Secunoid from Innovation
Scoop.it!

Bitcoin for the buffedled

Bitcoin for the buffedled | Security, Compliance, Privacy, & Payments | Scoop.it
Unless you’ve been living under a rock for the last couple of years, you’ve probably heard of Bitcoin—the game-changing digital currency used

Via jean-luc scherer
Secunoid's insight:

Bitcoin101

more...
No comment yet.
Scooped by Secunoid
Scoop.it!

Are Bitcoins Funding ISIS? | PYMNTS.com

Are Bitcoins Funding ISIS? | PYMNTS.com | Security, Compliance, Privacy, & Payments | Scoop.it
2015 has been a tough year for bitcoin's public image. To start, the Silk Road trial wrapped up with a federal conviction for the creator of the bitcoin-run
Secunoid's insight:

#Bitcoin, underworlds favourite mode for funds transfer.

more...
No comment yet.
Rescooped by Secunoid from Mobile Payments and Mobile Wallets
Scoop.it!

Samsung acquires LoopPay to help drive mobile wallet plans

Samsung acquires LoopPay to help drive mobile wallet plans | Security, Compliance, Privacy, & Payments | Scoop.it
LoopPay's technology works with 90 percent of point-of-sale terminals in the U.S.

Via Kenneth Carnesi,JD
Secunoid's insight:

Apple Pay beware Samsung has started in payments space.

more...
No comment yet.