Troy Hunt

MARCH 31, 2021

If you've landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. If, on the other hand, you're on this page because you're interested in reading about the illicit use of cryptomining on compromised websites and how through fortuitous circumstances, I now own coinhive.com and am doing something useful with it, read on.

Technology 363

Technology Mobile Internet Internet 363

Lohrman on Security

MARCH 14, 2021

Cyber Attacks 363

Cyber Attacks 363

Schneier on Security

MARCH 1, 2021

Early in 2020, cyberspace attackers apparently working for the Russian government compromised a piece of widely used network management software made by a company called SolarWinds. The hack gave the attackers access to the computer networks of some 18,000 of SolarWinds’s customers, including US government agencies such as the Homeland Security Department and State Department, American nuclear research labs, government contractors, IT companies and nongovernmental agencies around the world.

Risk 362

Risk Government Marketing Software 362

Errata Security

MARCH 20, 2021

"NFTs" have hit the mainstream news with the sale of an NFT based digital artwork for $69 million. I thought I'd write up an explainer. Specifically, I deconstruct that huge purchase and show what actually was exchanged, down to the raw code. (The answer: almost nothing). The reason for this post is that every other description of NFTs describe what they pretend to be.

Cryptocurrency 141

Cryptocurrency Internet Internet Government 141

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

MARCH 8, 2021

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

Hacking 362

Hacking Technology Software 362

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. Basically, how secure is someone’s current behavior with respect to passwords and authentication, and how can they improve? People like moving up rankings, so let’s use that! How to use this model. The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.

Authentication 363

Authentication Passwords Internet Internet 363

Tech Republic Security

MARCH 15, 2021

Subtle cybersecurity concerns are in play when vetting candidates remotely for a position that entails working remotely. Learn what they are and what to do about them.

Cybersecurity 213

Cybersecurity 213

Schneier on Security

MARCH 17, 2021

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.

Cryptocurrency 363

Cryptocurrency Media Government Firewall 363

Lohrman on Security

MARCH 28, 2021

Technology 360

Technology 360

Krebs on Security

MARCH 5, 2021

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity.

Hacking 364

Hacking Software Government Internet 364

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Daniel Miessler

MARCH 24, 2021

This post is an attempt to create an easy-to-use security model for the average internet user. People like moving up rankings, so let’s use that! Basically, how secure is someone’s current behavior with respect to passwords and authentication, and what can they do to improve? How to use this model. The idea here is for someone in the security community—or really any security-savvy user—to use this visual to help someone with poor password hygiene.

Authentication 363

Authentication Passwords Internet Internet 363

Graham Cluley

MARCH 31, 2021

When an unintelligible tweet was made by the US Strategic Command's Twitter account, it's understandable that some folks might imagine a password was accidentally published to the world, or that perhaps the account had been compromised, or. gulp! that it might be a US nuclear launch code.

Passwords 145

Passwords Accountability 145

Tech Republic Security

MARCH 1, 2021

Remote employees have engaged in certain risky behaviors, such as storing sensitive data, using inappropriate admin access and failing to update software, says Tanium.

Software 212

Software 212

Schneier on Security

MARCH 15, 2021

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Engineering 359

Engineering Internet Internet 359

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Malwarebytes

MARCH 29, 2021

Suppose that, out of the blue, a Steam user tells you they’ve accidentally reported you for something you didn’t do, like making an illegal purchase, and that your Steam account is going to be suspended. They ask you to message a Steam admin, whose profile they kindly provide, to help you sort out this dilemma. What do you do? There are some scams on Steam which have stood the test of time.

Scams 145

Scams Accountability Social Engineering Passwords 145

Krebs on Security

MARCH 4, 2021

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums’ user databases, including email and Internet addresses and hashed passwords. Members of all three forums are worried the incidents could serve as a virtual Rosetta Stone for connecting the real-life identities of the same users across multiple crime forums.

Cybercrime 363

Cybercrime Hacking Passwords Accountability 363

Bleeping Computer

MARCH 29, 2021

In the latest software supply chain attack, the official PHP Git repository was hacked and tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.php.net server. The threat actors had signed off on these commits as if they were made by known PHP developers. [.].

Hacking 145

Hacking Software 145

Quick Heal Antivirus

MARCH 23, 2021

Zloader aka Terdot – a variant of the infamous Zeus banking malware is well known for aggressively using. The post Zloader: Entailing Different Office Files appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Banking 145

Banking Malware 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 30, 2021

One way to get C-level managers and cybersecurity department heads on the same page is to employ cyber risk quantification, as it speaks to costs versus risks.

Cyber Risk 209

Cyber Risk Risk Cybersecurity 209

Schneier on Security

MARCH 12, 2021

Really interesting research : “Exploitation and Sanitization of Hidden Data in PDF Files” Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture.

Architecture 359

Architecture Software 359

Security Boulevard

MARCH 21, 2021

The Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co. The declaration, according to the FCC, is in.

Technology 145

Technology Cybersecurity Network Security 145

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Telecommunications 363

Telecommunications Mobile Wireless Accountability 363

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Hot for Security

MARCH 24, 2021

Clop ransomware gang exploited Accellion flaws to steal data Customers angry that their details were breached, even after closing their accounts long ago. Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked.

Banking 145

Banking Ransomware Accountability Data breaches 145

Malwarebytes

MARCH 24, 2021

We’ve been tracking a fraudulent scheme involving renewal notifications for several months now. It came to our attention because the Malwarebytes brand as well as other popular names were being used to send fake invoices via email. The concept is simple but effective. You receive an invoice for a product you may or may not have used in the past for an usually high amount.

Software 145

Software Scams Passwords Banking 145

Tech Republic Security

MARCH 2, 2021

A new Red Hat report also finds that app development and digital transformation are important to users and that security perceptions have improved.

Digital transformation 213

Digital transformation 213

Schneier on Security

MARCH 26, 2021

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger problem in the near future.

Hacking 358

Hacking Software Internet Internet 358

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

We Live Security

MARCH 31, 2021

From losing cherished memories to missing deadlines, the impact of not having backups when a data disaster strikes can hardly be overstated. The post Are you prepared to prevent data loss? appeared first on WeLiveSecurity.

Backups 145

Backups 145

Krebs on Security

MARCH 28, 2021

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. Let’s just get this out of the way right now: It wasn’t me. The Shadowserver Foundation , a nonprofit that helps network owners identify and fix security threats , says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian

Hacking 356

Hacking Cybercrime DNS Internet 356

Security Affairs

MARCH 26, 2021

The Federal Bureau of Investigation (FBI) issued an alert to warn that the Mamba ransomware is abusing the DiskCryptor open source tool to encrypt entire drives. The Federal Bureau of Investigation (FBI) published an alert to warn that the Mamba ransomware is abusing the DiskCryptor open-source tool (aka HDDCryptor, HDD Cryptor) to encrypt entire drives.

Ransomware 145

Ransomware Encryption Passwords Malware 145

CSO Magazine

MARCH 18, 2021

Editor's note: This article, originally published in July, 2018, has been updated to more accurately reflect recent trends. Deepfake definition. Deepfakes are fake videos or audio recordings that look and sound just like the real thing. Once the bailiwick of Hollywood special effects studios and intelligence agencies producing propaganda, like the CIA or GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time.

Risk 145

Risk Software 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software