Book, Information Security and Internet

As Internet-Connected Medical Devices Multiply, So Do Challenges

Cisco Security

JUNE 15, 2022

To consumers, the Internet of Things might bring to mind a smart fridge that lets you know when to buy more eggs, or the ability to control your home’s lighting and temperature remotely through your phone. But for cybersecurity professionals, internet-connected medical devices are more likely to be top-of-mind.

Internet

Internet Internet Manufacturing IoT

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

The Last Watchdog

FEBRUARY 15, 2021

Consider that kids are constantly connected on the internet with online games, streaming devices, virtual schooling, and zoom play dates. Do you have a corporate book club? I’ve also been brought in to host Virtual Reading Events with the book for corporate programs. We’re all connected. Send gifts to clients?

Education

Education CISO Security Awareness Cybersecurity

Hackers exploit 3-years old flaw to wipe Western Digital devices

Security Affairs

JUNE 25, 2021

Threat actors are wiping many Western Digital (WD) My Book Live and My Book Live Duo NAS devices likely exploiting an old vulnerability. Owners of Western Digital (WD) claim that their My Book Live and My Book Live Duo network-attached storage (NAS) devices have been wiped. Pierluigi Paganini.

Firmware

Firmware Internet Internet Hacking

CTO of Center for Internet Security Expounds on Transforming InfoSec

SecureWorld News

NOVEMBER 9, 2022

We have so much change happening and we can drive it to happen in a more positive way to reduce the resource needs for organizations and actually scale security for businesses of all sizes.".

InfoSec

InfoSec Internet Internet Encryption

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

I wrote an article recently on how to secure your home network in three different tiers of protection. In that piece I wanted to link to some safe internet practices—which some used to call Safe Hex—but I couldn’t find anything newer than nine years old. don’t install software from random places on the internet.

Risk

Risk Passwords Password Management Accountability

Introducing meaningful AI features for information security in 2024

IT Security Guru

JANUARY 31, 2024

Nick Graham, Chief Technology Officer at information security software business Hicomply discusses the recent surge in interest around artificial intelligence. For more information or to book a demonstration, visit www.hicomply.com.

Information Security

Information Security Artificial Intelligence Technology Risk

Everything is Insecure: What Matters is What You’re Getting vs. Giving Up

Daniel Miessler

APRIL 16, 2020

The internet is a tire fire of horrible software. It’s astounding that the internet even works given how bad the infrastructure and software is. Zoom is no highway system, and it’s no Internet. That’s a powerful, meaningful choice we’ve made. And that brings me back to the Zoom thing.

Internet

Internet Internet Risk InfoSec

A @TomNomNom Recon Tools Primer

Daniel Miessler

JANUARY 25, 2021

Well, for lots of reasons, but the first thing that popped into my mind was using it in conjunction with my Robots Disallowed project, which captures the most common disallowed paths on the internet. I have a curated file in there that includes potentially sensitive paths. Some top results from curated.txt.

Internet

Internet Internet Information Security

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. The best example of the need for this is national level security intelligence, reconnaisance, and vulnerability assessment. Image from information-age.com. This model is also relevant for large enterprises.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. to execute code through the disabled Internet Explorer. The malware allows operators to gather system information and steal sensitive data, such as passwords and cookies, from multiple applications.

Malware

Malware Internet Internet Ransomware

What They Don’t Tell You About Being a Bounty Hunter or Content Creator

Daniel Miessler

AUGUST 17, 2020

I might see someone publicly emote positivity and energy, and then ten minutes later—somewhere else on the internet—see them describe how unhappy they are. Explore books and articles that are related to your space but not part of the scene.

Media

Media Internet Internet Hacking

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Security Affairs

SEPTEMBER 16, 2024

MSHTML is a platform used by Internet Explorer. “The specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. to execute code through the disabled Internet Explorer. The vulnerability CVE-2024-43461 is a Windows MSHTML platform spoofing issue. states Trend Micro.

Internet

Internet Internet Malware Passwords

Spotlight on Cybersecurity Leaders: Richard Staynings

SecureWorld News

JANUARY 6, 2025

We can both work well from a laptop on more or less any time zone from any hotel with decent internet access. I came into IT from the side as a consultant and worked my way through IT infrastructure management before transiting to information security. Richard welcomes LinkedIn connections from other security professionals.

Cybersecurity

Cybersecurity Cybercrime Healthcare Government

A 3-Tiered Approach to Securing Your Home Network

Daniel Miessler

MAY 8, 2020

A lot of people are thinking about the security of their home network right now, and as one of the project leaders on the OWASP Internet of Things Security Project , I wanted to provide three levels of security you can do at home. Do you have internet-connected lights, appliances, gaming systems, media systems, etc?

Passwords

Passwords DNS Accountability IoT

Why Don’t You Go Dox Yourself?

Cisco Security

OCTOBER 7, 2022

By understanding the tools and methods used by those with ill intent, you’ll be better prepared to keep yourself safe and your information secure. Your mission, should you choose to accept it, is to follow along and find out everything the internet knows about… you! HOW DO I “DOX MYSELF”?

Media

Media Identity Theft Accountability Internet

Analysis of the RECON/Attack Surface Management Space

Daniel Miessler

DECEMBER 9, 2020

Vulnerability Discovery and Management : These are RECON-oriented platforms that are largely focused around emulating traditional Vulnerability Management platforms, except facing the internet, using discovery techniques, and across the entire stack—including AppSec. The players. Here are some of the players in the space.

Marketing

Marketing Internet Internet Information Security

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Security Affairs

JULY 27, 2024

“This is an opportune moment to fully implement the Kremlin’s long-desired ‘import substitution’ in the form of wooden abacuses, paper savings books, and cave paintings for accounting.” Ukraine has launched a massive cyberattack against ATMs of Russian banks, the cyber operation began on July 23. reported the KyivPost.

Banking

Banking Mobile Hacking Internet

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Daniel Miessler

SEPTEMBER 29, 2020

The idea was that it’d be some massive blast that would take out the country’s power grid, or disable the entire internet, along with what they used to call e-commerce. This doesn’t mean it can’t still happen. That moment hasn’t happened (yet), but I think we’ve become the frog in the boiling cyber-water.

Ransomware

Ransomware Government Social Engineering Small Business

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

The Real Internet of Things, January 2017. Being a member gets you access to the newsletter every week instead of just twice a month, access to the UL Slack Channel, the UL Book Club, the UL Archives, and access to future member-only content. If you get value from this content, you can support it directly by becoming a member.

Surveillance

Surveillance Government Education Engineering

A consumer-grade spyware app found in check-in systems of 3 US hotels

Security Affairs

MAY 22, 2024

The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. The software was used by someone to capture screenshots of the hotel booking systems, including guest details.

Spyware

Spyware Surveillance Software Internet

Snowden Ten Years Later

Schneier on Security

JUNE 6, 2023

Could agents take control of my computer over the Internet if they wanted to? Those of us in the information security community had long assumed that the NSA was doing things like this. Both Greenwald and Gellman held documents back so they could publish them in their books. Very probably. Definitely. And Edward Snowden?

Surveillance

Surveillance Computers and Electronics Government Encryption

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Security Affairs

APRIL 16, 2024

In response to the incident, the company disconnected the affected systems from the internet to prevent the threat from spreading. The Nexperia launched an investigation into the security breach with the help of third-party cybersecurity experts. 18 Gb.dwg - 38295 pcs - drawings and schematics of chips, microchips, transistors, etc.

Ransomware

Ransomware Manufacturing Hacking Insurance

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

Security Affairs

MARCH 19, 2021

According to a report published by researchers at PrivacySavvy, many travel companies expose users’ data through their booking apps. In a report published on the 16 th of March by PrivacySavvy, many travel companies expose users’ data through their booking apps.

Data breaches

Data breaches Encryption Hacking Healthcare

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Security Affairs

FEBRUARY 12, 2024

If you’re unsure, avoid entering sensitive information or use a privacy screen to block prying eyes. DNS Spoofing DNS (Domain Name System) is like the internet’s phone book, translating domain names into IP addresses. Use a VPN to encrypt your internet traffic and avoid connecting to unfamiliar Wi-Fi networks.

DNS

DNS VPN Encryption Passwords

Black Hat insights: How Sonrai Security uses graph analytics to visualize, mitigate cloud exposures

The Last Watchdog

JULY 29, 2021

When you’re talking at the senior management and board level, the discussion is about risk management; information security is just another chapter in the enterprise risk management book. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. (LW

Risk

Risk Cloud Migration Digital transformation Software

Canadian Flair Airlines left user data leaking for months

Security Affairs

SEPTEMBER 26, 2023

Web development 101, or an essential requirement, is to keep crucial.env files secure, as they often contain sensitive information that could be used to compromise services or applications. Laravel App key (popular open-source PHP web framework) “The publicly hosted.env files contained database and email configuration details.

Identity Theft

Identity Theft Phishing Internet Internet

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

FEBRUARY 22, 2024

I am writing to you from an old desktop computer in the tent of the chaplain who works on behalf of a refugee agency, because here there is no internet point or effective means of communication. […]. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”.

Scams

Scams Banking Computers and Electronics Accountability

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Security Affairs

JULY 2, 2023

WordPress sites using the Ultimate Member plugin are under attack LockBit gang demands a $70 million ransom to the semiconductor manufacturing giant TSMC Avast released a free decryptor for the Windows version of the Akira ransomware Iran-linked Charming Kitten APT enhanced its POWERSTAR Backdoor miniOrange’s WordPress Social Login and Register plugin (..)

Hacking

Hacking Ransomware Cybercrime Malware

Everyday Threat Modeling

Daniel Miessler

SEPTEMBER 27, 2020

They think it’s giving them security that it isn’t because they haven’t properly understood the tech and haven’t considered the attack scenarios. VPNs encrypt the traffic between you and some endpoint on the internet, which is where your VPN is based. It’s that simple.

VPN

VPN Risk Hacking Encryption

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Security Affairs

FEBRUARY 10, 2022

Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? How are some governments using the Internet to threaten world peace in one way or another? Is making the internet a safe place technically possible?

Spyware

Spyware Hacking Ransomware Surveillance

Episode 148: Joseph Menn on Cult of the Dead Cow also Veracode CEO Sam King on InfoSec’s Leaky Talent Pipeline

The Security Ledger

JUNE 5, 2019

In this week's episode of the podcast: Joseph Menn's new book Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World hit store shelves this week. Also: is the talent pipeline for information security empty, or has it sprung a leak? We're joined. Read the whole entry. » In countries like the U.S.,

Digital transformation

Digital transformation Hacking Information Security InfoSec

Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks

The Security Ledger

SEPTEMBER 10, 2018

In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here to Kill Everybody. Read the whole entry. »

Internet

Internet Internet Risk Government

Global Scamdemic: Scams Become Number One Online Crime

Security Affairs

JUNE 10, 2021

The scheme is aimed at people using marketplaces and services related to property rentals, hotel bookings, online bank transfers, online retail stores, ridesharing and deliveries. Classiscam has been the most widespread fraud in the world during the pandemic. The scheme aims to extort money as payment for non-existent goods.

Scams

Scams Banking Retail Insurance

TA558 cybercrime group targets hospitality and travel orgs

Security Affairs

AUGUST 20, 2022

The activity of the gang increased in 2022, the attack chain starts phishing campaigns with reservation-themed lures such as hotel bookings. “In 2022, Proofpoint observed an increase in activity compared to previous years. ” reads the analysis published by Proofpoint.

Cybercrime

Cybercrime Malware Phishing Internet

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

The Last Watchdog

JANUARY 22, 2024

Mukkavilli “ChargePoint is committed to the security of all customer data, and through this collaboration, we’ve implemented critical enhancements to Home Flex,” said Teza Mukkavilli, Chief Information Security Officer of ChargePoint.

IoT

IoT InfoSec Firmware Manufacturing

Data of more than 2M Toyota customers exposed in ten years-long data breach

Security Affairs

MAY 13, 2023

The security breach impacted customers who used the company’s T-Connect G-Link, G-Link Lite, or G-BOOK services. Data exposed due to the decade-long data breach includes vehicle identification numbers, chassis numbers, and vehicle location information. ” reads the data breach notification published by the automaker.

Data breaches

Data breaches Authentication Internet Internet

Data Philosophy and Technology Combine for Better Endpoint Security

Security Boulevard

DECEMBER 29, 2022

Imagine a library filled with millions of books but with no good way to search them. If one had to manually take each book out of its shelf and read the introduction, one would never learn anything. Therefore search becomes the crucial piece of technology to drive efficiency when one has access to data, information and knowledge.

Technology

Technology Artificial Intelligence Internet Internet

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs

OCTOBER 31, 2022

The infection chain was divided into four stages : The malware was installed through a dropper, a program executed by opening an attachment to a deceptive e-mail, probably a fake pdf or doc file, or executed directly from the Internet, without user interaction, exploiting the exploit described in the point 4. Twitter @Slvlombardo.

Malware

Malware Computers and Electronics Encryption Ransomware

Security Affairs newsletter Round 230

Security Affairs

SEPTEMBER 8, 2019

Malspam campaign bypasses secure email gateway using Google Docs. Flight booking platform Option Way exposes customer and internal data. Cisco addresses CVE-2019-12643 critical flaw in virtual Service Container for IOS XE. New Google bug bounty allows reporting the abuses of Google API, Chrome, and Android user data.

IoT

IoT Data breaches Advertising DNS

The Rise of Data Sovereignty and a Privacy Era

SecureWorld News

JUNE 24, 2024

The TRIAD Model During my career as a CISO, I relied on my TRIAD Model to envision, enact, and mobilize Information Security & Privacy strategic planning and roadmap execution activities with foundational pillars as illustrated below. Business continuity plans can help mitigate disruptive incidents.

IoT

IoT InfoSec Artificial Intelligence Risk

Information risk and security for professional services

Notice Bored

APRIL 20, 2022

I am currently drafting a guideline on information security, privacy, governance, compliance and other controls to mitigate unacceptable information risks in professional services. Small, immature organisations may not have that luxury, and hence may have little option but to accept whatever the counterparty suggests/requires.

Risk

Risk Energy and Utilities Computers and Electronics Telecommunications

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Security Affairs

FEBRUARY 16, 2021

After opening the URL distributed on the email body, a ZIP file is then downloaded from the Internet. By opening an URL it downloads from the Internet (Cloud services) a ZIP file with an MSI executable inside ( 1, 2 ). GetAddrInfoW ” call, we can observe the moment the malware downloads the next stage from the Internet (AWS S3 bucket).

Antivirus

Antivirus Malware Banking Internet

Careers in cybersecurity: Malwarebytes talks to teachers and students

Malwarebytes

MARCH 16, 2021

It’s usually quite difficult for them to get people booked in to speak about things. “I thought it was all code” Something I emphasise is that information security has a huge number of different backgrounds in its overall makeup. It’s a win-win for everybody.

Cybersecurity

Cybersecurity InfoSec Education Technology

‘I vowed I was going to teach people’: NPower’s trauma-informed training nurtures digital talent

SC Magazine

MARCH 18, 2021

military and serving as deputy chief information security officer at Globe Life and global information security risk director at GM Financial. He went “from a gang and getting in trouble all the way to the boardrooms in corporate America,” designing cyber programs for the U.S. and Canada.

Education

Education Media InfoSec Engineering

As Internet-Connected Medical Devices Multiply, So Do Challenges

GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety

Trending Sources

Hackers exploit 3-years old flaw to wipe Western Digital devices

CTO of Center for Internet Security Expounds on Transforming InfoSec

10 Behaviors That Will Reduce Your Risk Online

Introducing meaningful AI features for information security in 2024

Everything is Insecure: What Matters is What You’re Getting vs. Giving Up

A @TomNomNom Recon Tools Primer

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Void Banshee exploits CVE-2024-38112 zero-day to spread malware

What They Don’t Tell You About Being a Bounty Hunter or Content Creator

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Spotlight on Cybersecurity Leaders: Richard Staynings

A 3-Tiered Approach to Securing Your Home Network

Why Don’t You Go Dox Yourself?

Analysis of the RECON/Attack Surface Management Space

Ukraine’s cyber operation shut down the ATM services of major Russian banks

Cyber Pearl Harbor Is Happening Right Now — It’s Ransomware

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

A consumer-grade spyware app found in check-in systems of 3 US hotels

Snowden Ten Years Later

Ransomware group Dark Angels claims the theft of 1TB of data from chipmaker Nexperia

Millions of People Can Lose Sensitive Data through Travel Apps, Privacysavvy reports

9 Possible Ways Hackers Can Use Public Wi-Fi to Steal Your Sensitive Data

Black Hat insights: How Sonrai Security uses graph analytics to visualize, mitigate cloud exposures

Canadian Flair Airlines left user data leaking for months

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs newsletter Round 426 by Pierluigi Paganini – International edition

Everyday Threat Modeling

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

Episode 148: Joseph Menn on Cult of the Dead Cow also Veracode CEO Sam King on InfoSec’s Leaky Talent Pipeline

Podcast Episode 111: Click Here to Kill Everybody and CyberSN on Why Security Talent Walks

Global Scamdemic: Scams Become Number One Online Crime

TA558 cybercrime group targets hospitality and travel orgs

News alert: Sternum and ChargePoint collaborate to enhance ChargePoint Home Flex Security

Data of more than 2M Toyota customers exposed in ten years-long data breach

Data Philosophy and Technology Combine for Better Endpoint Security

Wannacry, the hybrid malware that brought the world to its knees

Security Affairs newsletter Round 230

The Rise of Data Sovereignty and a Privacy Era

Information risk and security for professional services

Latin American Javali trojan weaponizing Avira antivirus legitimate injector to implant malware

Careers in cybersecurity: Malwarebytes talks to teachers and students

‘I vowed I was going to teach people’: NPower’s trauma-informed training nurtures digital talent

Stay Connected