Krebs on Security

MAY 21, 2021

One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants , an environmental engi

Scams 363

Scams Accountability Advertising Web Fraud 363

Tech Republic Security

MAY 24, 2021

While many employers are tapping technologies to monitor workflows, a new report highlights potential drawbacks and even resentment among surveilled employees.

Surveillance 211

Surveillance Technology 211

Lohrman on Security

MAY 23, 2021

Artificial intelligence is slowly transforming many areas of life — and fast — but we all need to pay attention. Reactions are all over the map, and AI will be used for both good and evil.

Artificial Intelligence 360

Artificial Intelligence 360

Schneier on Security

MAY 21, 2021

This seems to be a new tactic : Emsisoft has identified two distinct tactics. In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. The other path involves what Emsisoft calls a “side-by-side encryption” attack, in which attacks encrypt some of an organization’s systems with ransomware A and others with ransomware B.

Encryption 359

Encryption Ransomware Malware 359

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

MAY 18, 2021

Today I'm very happy to welcome the 16th government to Have I Been Pwned, Sweden. The Swedish National Computer Security Incident Response Team CERT-SE now has full and free access to query all government domains via HIBP's API and gain insights into the impact of data breaches on their government departments. Sweden is now the 4th Scandinavian country I've welcomed onto HIBP and I hope to see many more from other parts of the world join in the future.

Government 358

Government Data breaches 358

Adam Shostack

MAY 15, 2021

The Colonial Pipeline shutdown story is interesting in all sorts of ways, and I can’t delve into all of it. I did want to talk about one small aspect, which is the way responders talk about Darkside. Blog posts from Sophos and Mandiant seem really useful! Information sharing is working, and what the heck does a Cyber Review Board have left to do?

Phishing 357

Phishing Engineering Passwords 357

Tech Republic Security

MAY 7, 2021

DevOps is speeding up software release cycles like never before. But according to GitLab's latest survey, finger-pointing over who should be in charge of security remains an issue.

Software 211

Software 211

SecurityTrails

MAY 3, 2021

Sitting down with Eric Head, one of the most successful bug bounty hunters, known online as todayisnew, to discuss his mindful practices and how to remain focused on your goals.

145

145

Schneier on Security

MAY 10, 2021

This is a newly unclassified NSA history of its reaction to academic cryptography in the 1970s: “ New Comes Out of the Closet: The Debate over Public Cryptography in the Inman Era ,” Cryptographic Quarterly , Spring 1996, author still classified.

359

359

Troy Hunt

MAY 27, 2021

I've got 2 massive things to announce today that have been a long time in the works and by pure coincidence, have aligned such that I can share them together here today. One you would have been waiting for and one totally out of left field. Both these announcements are being made at a time where Pwned Passwords is seeing unprecedented growth: Getting closer and closer to the 1B requests a month mark for @haveibeenpwned 's Pwned Passwords. 99.6% of those have come direct from @Cloudflare '

Passwords 358

Passwords Accountability Cybercrime Authentication 358

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

MAY 28, 2021

Threat actor Nobeliumm, the state-backed Russian group of cybercriminals behind last year’s SolarWinds hacking campaign, has launched a new attack targeting government agencies, think tanks, consultants and non-governmental organizations, according to Microsoft and various news outlets. In a blog post published late Thursday night, Tom Burt, Microsoft’s vice president of customer security and trust, said.

Government 145

Government Hacking Social Engineering Engineering 145

Krebs on Security

MAY 19, 2021

Many online services allow users to reset their passwords by clicking a link sent via SMS, and this unfortunately widespread practice has turned mobile phone numbers into de facto identity documents. Which means losing control over one thanks to a divorce, job termination or financial crisis can be devastating. Even so, plenty of people willingly abandon a mobile number without considering the potential fallout to their digital identities when those digits invariably get reassigned to someone el

Mobile 360

Mobile Wireless Authentication Accountability 360

Tech Republic Security

MAY 11, 2021

Cybersecurity expert discusses the many ways attackers could have gotten access to the Colonial Pipeline company and reminds us why the threat always looms.

Cybersecurity 213

Cybersecurity 213

Security Affairs

MAY 26, 2021

Last week, French authorities have seized the dark web marketplace Le Monde Parallèle, it is another success of national police in the fight against cybercrime. French authorities seized the dark web marketplace Le Monde Parallèle, the operation is another success of national police in the fight against cybercrime activity in the dark web. It is the third large French-speaking platform seized by the local police after Black Hand in 2018 and French Deep Web Market in 2019.

Cybercrime 145

Cybercrime Cryptocurrency Banking Mobile 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

MAY 18, 2021

A lot of Russian malware — the malware that targeted the Colonial Pipeline, for example — won’t install on computers with a Cyrillic keyboard installed. Brian Krebs wonders if this could be a useful defense: In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim.

Ransomware 359

Ransomware Malware Cybercrime 359

Troy Hunt

MAY 24, 2021

Today I'm very happy to welcome the first Caribbean government to Have I Been Pwned, Trinidad & Tobago. As of today, the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) has full and free access to query their government domains and gain visibility into where they've impacted by data breaches. This brings the number of governments to be onboarded to HIBP to 17 and I look forward to welcoming more in the near future.

Government 353

Government Data breaches 353

Hot for Security

MAY 25, 2021

Apple Mac users are being advised to update their operating system as a matter of priority, after malicious hackers have discovered a way of bypassing the privacy protections built into Apple Macs. The vulnerability , allows attackers to gain permissions on vulnerable Macs without users’ granting explicit consent. Specifically, as security researchers at Jamf explain , versions of the XCSSET malware hunt for installed apps for which the targeted user may already have granted permission to

Malware 145

Malware Passwords Software 145

Krebs on Security

MAY 5, 2021

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Accountability 349

Accountability Advertising Passwords Phishing 349

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 12, 2021

Government and business both need to step up to combat ransomware attacks against critical systems before they spiral further out of control.

Ransomware 216

Ransomware Government 216

Security Affairs

MAY 25, 2021

Apple has addressed three zero-day vulnerabilities in macOS and tvOS actively exploited in the wild by threat actors. Apple has released security updates to address three zero-day vulnerabilities affecting macOS and tvOS which have been exploited in the wild. The macOS flaw has been exploited by the XCSSET malware to bypass security protections. “Apple is aware of a report that this issue may have been actively exploited.” reads the security advisories published by Apple for the abov

Malware 145

Malware Cryptocurrency Ransomware Encryption 145

Schneier on Security

MAY 20, 2021

Bizarro is a new banking trojan that is stealing financial information and crypto wallets. …the program can be delivered in a couple of ways­ — either via malicious links contained within spam emails, or through a trojanized app. Using these sneaky methods, trojan operators will implant the malware onto a target device, where it will install a sophisticated backdoor that “contains more than 100 commands and allows the attackers to steal online banking account credentials,”

Banking 355

Banking Malware Accountability 355

CyberSecurity Insiders

MAY 21, 2021

A data breach can potentially cripple your organization, so it’s crucial to set up firewalls and prop up valuable cyber defenses to protect sensitive data. However, not all cyber attacks occur digitally. For the most part, data leaks can still happen, even if you have the latest antivirus programs installed. Apart from malicious software, it’s also important to be mindful of how you and your employees are handling the physical devices that store sensitive information.

Cybersecurity 145

Cybersecurity Data breaches Cyber Attacks Antivirus 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Hot for Security

MAY 19, 2021

I hope you’re being cautious if you’re installing extensions from the Chrome Web Store for your browser and care about your online security. Because it’s reported that a bogus Chrome add-on purporting to be “Microsoft Authenticator” successfully managed to sneak its way in, and duped hundreds of people into downloading it.

Authentication 145

Authentication Accountability Software 145

We Live Security

MAY 17, 2021

Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised. The post Take action now – FluBot malware may be on its way appeared first on WeLiveSecurity.

Malware 145

Malware Mobile 145

Tech Republic Security

MAY 12, 2021

Attackers are not only demanding ransom from organizations, but also threatening their customers, users and other third parties.

Ransomware 217

Ransomware 217

Graham Cluley

MAY 17, 2021

One week after the French branch of cyberinsurance giant AXA said that it would no longer be writing policies to cover ransomware payments, the company's operations in Thailand, Malaysia, Hong Kong, and the Phillippines have reportedly been hit. by a ransomware attack.

Ransomware 145

Ransomware Malware 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Schneier on Security

MAY 4, 2021

This is an impressive hack: Security researchers Ralf-Philipp Weinmann of Kunnamon, Inc. and Benedikt Schmotzle of Comsecuris GmbH have found remote zero-click security vulnerabilities in an open-source software component (ConnMan) used in Tesla automobiles that allowed them to compromise parked cars and control their infotainment systems over WiFi.

Hacking 354

Hacking Software 354

Bleeping Computer

MAY 16, 2021

Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. As seen by BleepingComputer yesterday, the Avaddon ransomware group claimed on their leak site that they had stolen over 3 TB of sensitive data from AXA's Asian operations. [.].

Insurance 145

Insurance Ransomware Cyber Attacks 145

Hot for Security

MAY 18, 2021

Apple is talking up the efforts it makes to police the iOS App Store, revealing that during 2020 it rejected more than 215,000 iPhone apps for violating its privacy policies. In a news release published on its website, Apple detailed an array of statistics of how it protected App Store users from being defrauded. As Apple describes, a common reason why iOS apps are rejected from entering the store is because “they simply ask for more user data than they need, or mishandle the data they do

Advertising 145

Advertising 145

Security Affairs

MAY 22, 2021

QNAP warns customers of updating the HBS 3 disaster recovery app to prevent Qlocker ransomware attack. Taiwanese vendor QNAP is warning its customers of updating the HBS 3 disaster recovery app running on their Network Attached Storage (NAS) devices to prevent Qlocker ransomware infections. At the end of April, experts warned of a new strain of ransomware named Qlocker that was infecting hundreds of QNAP NAS devices on daily bases.

Ransomware 145

Ransomware Backups Passwords Hacking 145

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity