Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants , an environmental engi

Scams 363

Scams Accountability Advertising Web Fraud 363

Tech Republic Security

MAY 24, 2021

While many employers are tapping technologies to monitor workflows, a new report highlights potential drawbacks and even resentment among surveilled employees.

Surveillance 212

Surveillance Technology 212

The Hacker News

MAY 10, 2021

An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed.

135

135

Lohrman on Security

MAY 23, 2021

Artificial intelligence is slowly transforming many areas of life — and fast — but we all need to pay attention. Reactions are all over the map, and AI will be used for both good and evil.

Artificial Intelligence 360

Artificial Intelligence 360

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MAY 21, 2021

This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B.

Encryption 360

Encryption Ransomware Malware 360

Troy Hunt

MAY 18, 2021

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future.

Government 358

Government Data breaches 358

Adam Shostack

MAY 15, 2021

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful! Information sharing is working, and what the heck does a Cyber Review Board have left to do?

Phishing 357

Phishing Engineering Passwords 357

Tech Republic Security

MAY 7, 2021

DevOps is speeding up software release cycles like never before. But according to GitLab's latest survey, finger-pointing over who should be in charge of security remains an issue.

Software 213

Software 213

SecurityTrails

MAY 3, 2021

Sitting down with Eric Head, one of the most successful bug bounty hunters, known online as todayisnew, to discuss his mindful practices and how to remain focused on your goals.

145

145

Schneier on Security

MAY 10, 2021

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.

360

360

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Troy Hunt

MAY 27, 2021

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. 99.6% of those have come direct from @Cloudflare '

Passwords 358

Passwords Accountability Cybercrime Authentication 358

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone el

Mobile 358

Mobile Wireless Authentication Accountability 358

Security Boulevard

MAY 28, 2021

Threat actor Nobeliumm, the state-backed Russian group of cybercriminals behind last year’s SolarWinds hacking campaign, has launched a new attack targeting government agencies, think tanks, consultants and non-governmental organizations, according to Microsoft and various news outlets. In a blog post published late Thursday night, Tom Burt, Microsoft’s vice president of customer security and trust, said.

Government 145

Government Hacking Social Engineering Engineering 145

Tech Republic Security

MAY 31, 2021

If you find an Apple AirTag that belongs to someone else, learn how to help reunite the lost items with their owner using an iOS or Android device--or, how to prevent the device from tracking you.

211

211

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Hot for Security

MAY 25, 2021

Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs. The vulnerability , allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent. Specifically, as security researchers at Jamf explain , versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to

Malware 145

Malware Passwords Software 145

Schneier on Security

MAY 18, 2021

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense: In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.

Ransomware 360

Ransomware Malware Cybercrime 360

Troy Hunt

MAY 24, 2021

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future.

Government 353

Government Data breaches 353

Krebs on Security

MAY 5, 2021

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability 345

Accountability Advertising Passwords Phishing 345

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MAY 21, 2021

A data breach can potentially cripple your organization, so it’s crucial to set up firewalls and prop up valuable cyber defenses to protect sensitive data. However, not all cyber attacks occur digitally. For the most part, data leaks can still happen, even if you have the latest antivirus programs installed. Apart from malicious software, it’s also important to be mindful of how you and your employees are handling the physical devices that store sensitive information.

Cybersecurity 145

Cybersecurity Data breaches Cyber Attacks Antivirus 145

Tech Republic Security

MAY 6, 2021

Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice.

Cybersecurity 209

Cybersecurity 209

Hot for Security

MAY 19, 2021

I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security. Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.

Authentication 145

Authentication Accountability Software 145

Schneier on Security

MAY 20, 2021

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways­ — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,”

Banking 356

Banking Malware Accountability 356

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

We Live Security

MAY 17, 2021

Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised. The post Take action now – FluBot malware may be on its way appeared first on WeLiveSecurity.

Malware 145

Malware Mobile 145

Graham Cluley

MAY 17, 2021

One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit. by a ransomware attack.

Ransomware 145

Ransomware Malware 145

Bleeping Computer

MAY 16, 2021

Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen over 3 TB of sensitive data from AXA's Asian operations. [.].

Insurance 145

Insurance Ransomware Cyber Attacks 145

Tech Republic Security

MAY 19, 2021

Commentary: It's progress that President Biden's executive order recognizes the need to secure open source software. What it doesn't do is address the best way to accomplish it.

Software 205

Software 205

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Hot for Security

MAY 18, 2021

Apple is talking up the efforts it makes to police the iOS App Store, revealing that during 2020 it rejected more than 215,000 iPhone apps for violating its privacy policies. In a news release published on its website, Apple detailed an array of statistics of how it protected App Store users from being defrauded. As Apple describes, a common reason why iOS apps are rejected from entering the store is because “they simply ask for more user data than they need, or mishandle the data they do

Advertising 145

Advertising 145

Schneier on Security

MAY 4, 2021

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi.

Hacking 356

Hacking Software 356

Security Boulevard

MAY 11, 2021

Humans are the biggest risk to an organization’s cybersecurity posture, and it might be a bigger risk than many realize. According to research from Elevate Security, human behavior had a direct role in 88% of total losses in the largest cybersecurity incidents over the past five years and about two-thirds of major data breaches are. The post Your Security Awareness Training Isn’t Working appeared first on Security Boulevard.

Security Awareness 145

Security Awareness Data breaches Risk Cybersecurity 145

Security Affairs

MAY 10, 2021

Since early 2020, bad actors have added Tor exit nodes to the Tor network to intercep traffic to cryptocurrency-related sites. Starting from January 2020, a threat actor has been adding thousands of malicious exit relays to the Tor network to intercept traffic and carry out SSL stripping attacks on users while accessing mixing websites, The Record first reported.

Cryptocurrency 145

Cryptocurrency Hacking Information Security Cybersecurity 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software