Schneier on Security

DECEMBER 4, 2018

There are lots of articles about there telling people how to better secure their computers and online accounts. While I agree with some of it, this article contains some particularly bad advice: 1. I think twice about accessing my online bank account from a pubic Wi-Fi network, and I do use a VPN regularly.

Accountability 275

Accountability Passwords VPN Mobile 275

Schneier on Security

JANUARY 24, 2022

XorDDoS, Mirai and Mozi malware families accounted for over 22% of Linux-targeted threats observed by CrowdStrike in 2021. News article : The Crowdstrike findings aren’t surprising as they confirm an ongoing trend that emerged in previous years. Ten times more Mozi malware samples were observed in 2021 compared to 2020.

Malware 346

Malware Accountability 346

Schneier on Security

NOVEMBER 30, 2020

The article suggests a solution: stop using paper checks.

Banking 289

Banking Mobile Accountability 289

Schneier on Security

NOVEMBER 16, 2023

Examples included: Azure Active Directory API Keys GitHub OAuth App Keys Database credentials for providers such as MongoDB, MySQL, and PostgreSQL Dropbox Key Auth0 Keys SSH Credentials Coinbase Credentials Twilio Master Credentials.

Authentication 335

Authentication Cryptocurrency Accountability Software 335

Troy Hunt

FEBRUARY 25, 2025

It's those credentials that are then sold in the stealer logs and later used to access the victim's accounts, which is the second exploitation. From the same ASD article: Stolen valid user credentials are highly valuable to cybercriminals, because they expedite the initial access to corporate networks and enterprise systems.

Passwords 354

Passwords Accountability VPN Malware 354

Schneier on Security

MAY 9, 2019

Excellent article on fraudulent seller tactics on Amazon. The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon's ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. This was a good article on this from last year. (My My blog post.).

Accountability 274

Accountability Scams 274

Malwarebytes

MARCH 5, 2025

Note (this article is not suitable for students under 22 years old, and African and Indian employees cannot be hired due to remittance issues) For more details please see the WhatsaPP link: [shortened bit.ly With that phone in hand, I set up a Gmail account and installed WhatsApp. Then I reached out asking if they still had openings.

Scams 126

Scams Accountability Mobile Cryptocurrency 126

Krebs on Security

FEBRUARY 4, 2020

Federal prosecutors in Alaska said search warrants served on the email accounts Bukoski used in conjunction with Quantum Stresser revealed that he was banned from several companies he used to advertise and accept payments for the booter service. The Quantum Stresser Web site — quantumstress[.]net Attorney Adam Alexander.

Internet 326

Internet Internet Government Accountability 326

Schneier on Security

JULY 13, 2021

Of note, TA453 also targeted the personal email accounts of at least one of their targets. News article. Once the conversation was established, TA453 delivered a “registration link” to a legitimate but compromised website belonging to the University of London’s SOAS radio. The report details the tactics.

Hacking 363

Hacking Phishing Accountability Cybersecurity 363

Malwarebytes

NOVEMBER 7, 2023

As we explained in our article about 1Password being a victim of this breach, it’s normal for Okta support to ask customers to upload a file known as an HTTP Archive (HAR) file. To gain access to that service account, the attacker compromised an Okta employee. Take your time.

Accountability 139

Accountability Passwords Data breaches Phishing 139

Graham Cluley

MARCH 13, 2024

Streaming company Roku has revealed that over 15,000 customers' accounts were hacked using stolen login credentials from unrelated data breaches. Read more in my article on the Hot for Security blog.

Data breaches 118

Data breaches Accountability Hacking Passwords 118

Malwarebytes

SEPTEMBER 1, 2023

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Shortly after I published the article, a co-worker, Peace, reached out to me told me they'd been a target of the campaign. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning.

Accountability 139

Accountability Passwords Mobile Authentication 139

Krebs on Security

FEBRUARY 17, 2020

In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic. A redacted extortion email targeting users of Google’s AdSense program.

Scams 359

Scams Advertising Accountability Web Fraud 359

Schneier on Security

JANUARY 13, 2023

With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype.

Accountability 326

Accountability Technology Cybersecurity 326

Schneier on Security

JANUARY 21, 2020

SIM hijacking -- or SIM swapping -- is an attack where a fraudster contacts your cell phone provider and convinces them to switch your account to a phone that they control. Since your smartphone often serves as a security measure or backup verification system, this allows the fraudster to take over other accounts of yours.

Authentication 267

Authentication Wireless Backups Accountability 267

Graham Cluley

MARCH 27, 2024

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

Accountability 120

Accountability Cryptocurrency Manufacturing Passwords 120

Schneier on Security

JUNE 12, 2020

Facebook had tasked a dedicated employee to unmasking Hernandez, developed an automated system to flag recently created accounts that messaged minors, and made catching Hernandez a priority for its security teams, according to Vice. Another article. address of a person viewing a clip.

Surveillance 344

Surveillance Accountability Hacking Media 344

Schneier on Security

MARCH 19, 2021

Once the hacker is able to reroute a target’s text messages, it can then be trivial to hack into other accounts associated with that phone number. In this case, the hacker sent login requests to Bumble, WhatsApp, and Postmates, and easily accessed the accounts. Don’t focus too much on the particular company in this article.

Authentication 340

Authentication Accountability Advertising Mobile 340

eSecurity Planet

NOVEMBER 6, 2024

Transcript Cookie theft is a cyberattack where hackers exploit session data stored in cookies, like login credentials, to gain unauthorized access to your accounts. Don’t forget: You can read the full article on eSecurity Planet. With stolen cookies, bad actors can commit identity theft, cause financial loss, and access your accounts.

Identity Theft 109

Identity Theft Passwords Phishing Accountability 109

Krebs on Security

MARCH 16, 2021

Lucky225 showed how anyone could do the same after creating an account at a service called Sakari , a company that helps celebrities and businesses do SMS marketing and mass messaging. From there, the attacker can reset the password of any account which uses that phone number for password reset links. .

Telecommunications 363

Telecommunications Mobile Accountability Wireless 363

Schneier on Security

APRIL 9, 2024

Here are a few news articles. It’s worth reading in its entirety. The board was established in early 2022, modeled in spirit after the National Transportation Safety Board. This is their third report.

Hacking 331

Hacking Government Accountability Technology 331

Adam Levin

APRIL 9, 2021

Adam Levin spoke with NPR about the recent data archive of over 500 million Facebook accounts found on a hacking forum. Read the article here. “It’s serious when phone numbers are out there. The danger when you have phone numbers in particular is a universal identifier,” said Levin.

Accountability 208

Accountability Hacking 208

Krebs on Security

APRIL 28, 2020

But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams 363

Scams Banking Accountability Financial Services 363

Schneier on Security

FEBRUARY 3, 2021

New estimates are that 30% of the SolarWinds victims didn’t use SolarWinds: Many of the attacks gained initial footholds by password spraying to compromise individual email accounts at targeted organizations. The New York Times has repeated this attribution — a good article that also discusses the magnitude of the attack.)

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

Daniel Miessler

MAY 14, 2020

I wrote an article recently on how to secure your home network in three different tiers of protection. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own. Enable two-factor authentication on all critical accounts. Automatic Logins Using Lastpass.

Risk 345

Risk Passwords Password Management Accountability 345

Schneier on Security

MAY 24, 2022

News article. Accordingly, the policy clarifies that hypothetical CFAA violations that have concerned some courts and commentators are not to be charged.

Hacking 278

Hacking Cybercrime Accountability Cybersecurity 278

SecureWorld News

JANUARY 8, 2025

They had to switch to manual operations for everythingeven basic accounting. This article originally appeared on LinkedIn here. Here's what happened: In August 2024, Stoli got hit with ransomware. The attack knocked out their enterprise resource planning (ERP) system. Now, four months later, two U.S. They're $84 million in debt.

Ransomware 113

Ransomware Manufacturing Government Accountability 113

Security Affairs

DECEMBER 6, 2024

.” Declassified documents from Romania’s security services revealed that Calin Georgescu, the pro-Russian presidential candidate, was “aggressively” promoted on TikTok through coordinated accounts and paid ads. Calin Georgescu, initially polling in single digits before Romania’s Nov.

Government 137

Government Cybercrime Cyber Attacks Hacking 137

Security Affairs

MARCH 28, 2025

Once a device was infected, the perpetrators could use SMS banking services to transfer money from victims’ bank cards to mobile operator accounts and electronic wallets under their control.” ” Russian authorities in Saratov have launched criminal cases under Articles 159.6

Banking 112

Banking Computers and Electronics Mobile Malware 112

SecureWorld News

NOVEMBER 27, 2024

On the go After you follow the cybersecurity to-do list before hitting the open road, there are best practices you can follow while exploring to keep your devices, data and accounts safe. Don't access key accounts like email or banking on public Wi-Fi. Avoid inputting credit card information or accessing financial accounts.

Cybersecurity 104

Cybersecurity Wireless Accountability Internet 104

Joseph Steinberg

JANUARY 26, 2022

For those unfamiliar with it, Google Voice is a phone service that offers a free phone number to anyone who has both set up a Google account in the United States and supplied and confirmed ownership of another phone number to which the Google Voice number can forward. What if you already were scammed?

Scams 321

Scams Authentication Accountability Artificial Intelligence 321

Adam Levin

JULY 10, 2020

A recent article released by cybersecurity and antivirus firm Bitdefender shows that 8.4 billion records have already been exposed, and that’s only accounting for the first quarter of 2020. million records): Hackers successfully breached the accounts of two Marriott employees and compromised the PII of at least 5.2 Marriott (5.2

Data breaches 252

Data breaches Social Engineering Antivirus Scams 252

Schneier on Security

JULY 15, 2019

This can give a complete account of where someone has driven over any time period. Read the whole article -- it has a lot of details. All of this information is aggregated and synthesized in a way that gives law enforcement nearly omniscient knowledge over any suspect they decide to surveil. Boing Boing [link].

Surveillance 274

Surveillance Media Accountability Banking 274

SecureList

OCTOBER 29, 2024

In this article, we delve into the root causes of real-world cases from our practice, where despite having numerous security controls in place, the organizations still found themselves compromised. Statistics on the organization’s compromised accounts. Update the incident response plan based on the findings.

Risk 111

Risk Antivirus Accountability Malware 111

Security Boulevard

APRIL 2, 2025

Kerberoasting attack targets the Active Directory environment to enable attackers to extract and crack service account credentials. In this article, we will learn about the harm that Kerberoasting causes, also its impact [] The post How to Prevent Kerberoasting Attacks?

Passwords 59

Passwords Accountability Network Security 59

Security Affairs

APRIL 6, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with (..)

Malware 74

Malware Cryptocurrency Hacking Accountability 74

Schneier on Security

JANUARY 29, 2020

Here's an article about Ralphs, a California supermarket chain owned by Kroger: the form proceeds to state that, as part of signing up for a rewards card, Ralphs "may collect" information such as "your level of education, type of employment, information about your health and information about insurance coverage you might carry."

Consumer Protection 274

Consumer Protection Data privacy Insurance Education 274