Troy Hunt

AUGUST 7, 2020

Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. Let me explain why and how. HIBP is a Community Project I've been giving a great deal of thought to how I want this project to evolve lately, especially in the wake of the M&A proce

Passwords 363

Passwords Architecture Data breaches Internet 363

Krebs on Security

AUGUST 14, 2020

R1 RCM Inc. [ NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. Formerly known as Accretive Health Inc. , Chicago-based R1 RCM brought in revenues of $1.18 billion in 2019. The company has more than 19,000 employees and contracts with at least 750 healthcare organizations nationwide.

Ransomware 362

Ransomware Healthcare Insurance Phishing 362

Schneier on Security

AUGUST 14, 2020

The NSA and FBI have jointly disclosed Drovorub, a Russian malware suite that targets Linux. Detailed advisory. Fact sheet. News articles. Reddit thread.

Malware 297

Malware Cybersecurity 297

Tech Republic Security

AUGUST 12, 2020

Moving on from passwords to strong authentication and adaptive access policies is key to improving security without hurting productivity, especially given the increase in remote working.

Authentication 218

Authentication Passwords 218

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

AUGUST 27, 2020

Cybersecurity experts at CyberNews hijacked close to 28,000 unsecured printers worldwide and forced them to print out a guide on printer security. Original post: [link]. Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. Printers? Not so much.

Hacking 145

Hacking IoT Firmware Internet 145

Dark Reading

AUGUST 10, 2020

Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.

Risk 144

Risk 144

Krebs on Security

AUGUST 21, 2020

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pand

VPN 361

VPN Social Engineering Authentication Engineering 361

Threatpost

AUGUST 7, 2020

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

Data breaches 128

Data breaches 128

Tech Republic Security

AUGUST 7, 2020

Security professionals must act before TLS 1.3 and DNS-over-HTTPS (DoH) are implemented or they won't be able to analyze network traffic and detect cyberthreats, warns Forrester Research.

DNS 218

DNS Encryption 218

Security Affairs

AUGUST 21, 2020

The University of Utah admitted to have paid a $457,059 ransom in order to avoid having ransomware operators leak student information online. The University of Utah admitted having paid a $457,059 ransom after the ransomware attack that took place on July 19, 2020, that infected systems on the network of the university’s College of Social and Behavioral Science [CSBS]).

Ransomware 145

Ransomware Cyber Insurance Insurance Advertising 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

AUGUST 18, 2020

Security vendor Prevailion says it observed signs of malicious activity on the cruise operator's network between at least February and June.

Ransomware 143

Ransomware 143

Troy Hunt

AUGUST 6, 2020

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! “Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” [link] — Troy Hunt (@troyhunt) July 20, 2020 VPNs are a great example of where a tool can be us

VPN 297

VPN Marketing Encryption 297

Krebs on Security

AUGUST 11, 2020

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it’s time once again to backup and patch up! At least 17 of the bugs squashed in August’s patch batch address vulnerabilities Microsoft rates as “critical,” meaning they can be exploited by miscreants or malware to gain complete,

Backups 361

Backups Internet Internet Malware 361

WIRED Threat Level

AUGUST 15, 2020

Over the last few years, so-called jackpotting attacks have gotten increasingly sophisticated—while cash machines remain largely the same.

Hacking 144

Hacking 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

AUGUST 24, 2020

A new report from Microsoft suggests that cloud-based technologies and Zero Trust architecture will become mainstays of businesses' cybersecurity investments going forward.

Architecture 218

Architecture Cybersecurity Technology 218

Security Affairs

AUGUST 8, 2020

Chinese researchers discovered tens of vulnerabilities in a Mercedes-Benz E-Class, including issues that can be exploited to remotely hack it. A team of Chinese experts from Sky-Go, the Qihoo 360 division focused on car hacking, discovered 19 vulnerabilities in a Mercedes-Benz E-Class, including some issues that can be exploited by attackers to remotely hack a vehicle.

Hacking 145

Hacking Advertising Mobile Engineering 145

Dark Reading

AUGUST 20, 2020

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.

IoT 134

IoT Hacking 134

Troy Hunt

AUGUST 14, 2020

It's an extra early one this week and on review, I do look a bit. dishevelled! I run through a whole bunch of things from this week's Twitter timeline and there's some great audience questions this week too so thanks very much everyone for the engagement. Next we'll do it at the other end of the day again and I'm sure there'll be a heap of new stuff to cover before then.

Internet 283

Internet Internet Technology 283

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Krebs on Security

AUGUST 28, 2020

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

Accountability 361

Accountability Hacking Authentication Marketing 361

Threatpost

AUGUST 11, 2020

Four critical-severity flaws were recently disclosed in the Find My Mobile feature of Samsung Galaxy smartphones, which if exploited could allow attackers to force a factory reset on the phones or spy on users.

Mobile 123

Mobile 123

Tech Republic Security

AUGUST 19, 2020

365 ICS vulnerabilities were disclosed in the first half of the year, 75% of them are high or critical on the CVSS scale, and nearly three-quarters can be exploited remotely, according to a report.

Cybersecurity 212

Cybersecurity 212

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems.

Ransomware 145

Ransomware Encryption Advertising Software 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Dark Reading

AUGUST 18, 2020

GitHub, used badly, can be a source of more vulnerabilities than successful collaborations. Here are ways to keep your development team from getting burned on GitHub.

130

130

WIRED Threat Level

AUGUST 5, 2020

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.

Engineering 132

Engineering Hacking 132

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. But one increasingly brazen group of crooks is taking your standard phishing attack to the next level, marketing a voice phishing service that uses a combination of one-on-one phone calls and custom phishing sites to steal VPN credentials from employees.

Phishing 360

Phishing VPN Social Engineering Media 360

Threatpost

AUGUST 27, 2020

Malicious attachments continue to be a top threat vector in the cybercriminal world, even as public awareness increases and tech companies amp up their defenses.

Phishing 128

Phishing Malware 128

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

AUGUST 13, 2020

Organizations must quickly adopt the zero trust mindset of "never trust, always verify" to mitigate the spread of breaches, limit access, and prevent lateral movement, according to an Illumio report.

212

212

Security Affairs

AUGUST 4, 2020

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.

Banking 145

Banking Data breaches Advertising Mobile 145

Dark Reading

AUGUST 3, 2020

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

CISO 143

CISO Data collection 143

WIRED Threat Level

AUGUST 10, 2020

Qualcomm has released a fix for the flaws in its Snapdragon chip, which attackers might exploit to monitor location or render the phone unresponsive.

Risk 127

Risk Hacking 127

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software