Krebs on Security

AUGUST 19, 2024

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 359

Passwords Data breaches Accountability Data privacy 359

Schneier on Security

AUGUST 29, 2024

The “ long lost lecture ” by Adm. Grace Hopper has been published by the NSA. (Note that there are two parts.) It’s a wonderful talk: funny, engaging, wise, prescient. Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational. She was a remarkable person. Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—minia

Engineering 322

Engineering Internet Internet 322

Troy Hunt

AUGUST 23, 2024

It should be so simple: you're a customer who wants to purchase something so you whip out the credit card and buy it. I must have done this thousands of times, and it's easy! I've bought stuff with plastic credit cards, stuff with Apple Pay on my phone and watch and, like all of us, loads of stuff simply by entering credit card details into a website.

Banking 297

Banking Accountability Data breaches 297

The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. Related: GenAI-powered attacks change the game An email arrived from the head of a PR firm whom I’ve known for 20 years asking me to click on a link to check out a proposal. Foolishly, I did so all too quickly. Within a few minutes, many of my contacts, and even strangers, were receiving a similar malicious email from me.

Phishing 289

Phishing Internet Internet 289

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Lohrman on Security

AUGUST 25, 2024

The FBI launched a new nationwide campaign this past week to raise awareness of the surge in online fraud and scams impacting the public and to encourage reporting to law enforcement.

Scams 234

Scams 234

Tech Republic Security

AUGUST 13, 2024

On August 6, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.

Data breaches 218

Data breaches 218

Schneier on Security

AUGUST 16, 2024

The press is reporting a critical Windows vulnerability affecting IPv6. As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets. Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consis

319

319

Troy Hunt

AUGUST 24, 2024

This is such a significant week for us, to finally have Stefan join us as a proper employee at HIBP. When you start out as a pet project, you never really consider yourself a "proper" employee because, well, it's just you mucking around. And then when Charlotte started "officially" working for HIBP a few years ago, well, that's my wife helping me out.

Software 268

Software 268

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. Related: Prioritizing digital resiliency I spoke with over three dozen cybersecurity solution providers. Some of the more intriguing innovations had to do with leveraging GenAI/LLM-equipped chatbots as proprietary force multipliers.

Software 290

Software Technology Mobile Cybersecurity 290

Lohrman on Security

AUGUST 11, 2024

Carter Schoenberg is a trusted security expert who has vast experience in the public and private sectors. Here’s his guidance on what works and what doesn’t with the cybersecurity industry.

Cybersecurity 221

Cybersecurity 221

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering 207

Social Engineering Malware Engineering Banking 207

Krebs on Security

AUGUST 27, 2024

Malicious hackers are exploiting a zero-day vulnerability in Versa Director , a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon , a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Internet 314

Internet Internet Technology Engineering 314

Schneier on Security

AUGUST 15, 2024

From the Federal Register : After three rounds of evaluation and analysis, NIST selected four algorithms it will standardize as a result of the PQC Standardization Process. The public-key encapsulation mechanism selected was CRYSTALS-KYBER, along with three digital signature schemes: CRYSTALS-Dilithium, FALCON, and SPHINCS+. These algorithms are part of three NIST standards that have been finalized: FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard FIPS 204: Module-Lattice-Base

Encryption 311

Encryption Backups Authentication Technology 311

Troy Hunt

AUGUST 10, 2024

When is a breach a breach? If it's been breached then re-breached , is the second incident still a breach? Here's what the masses said when I asked if they'd want to know when something like this happened to their data: If you're in a breach and your data is aggregated by a third party, then *they* have a breach that discloses your data (again), would you want to know?

257

257

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

AUGUST 3, 2024

When Tanisha Martin, a veteran software quality assurance analyst, sought to move over to a security team a few years ago, the doors should have been wide open, given the much-ballyhooed cybersecurity skills shortage. Related: Modernizing security training Instead, she ran into a rigid wall of shortsightedness. So, Martin taught herself ethical hacking skills and then founded Black Girls Hack to guide others down the trail she blazed.

Hacking 246

Hacking Internet Internet Software 246

Lohrman on Security

AUGUST 18, 2024

Virginia Tech CISO Randy Marchany discusses his career, SANS training and all things cybersecurity at a major university in 2024.

CISO 199

CISO Cybersecurity 199

Tech Republic Security

AUGUST 27, 2024

The number of organisations that experienced a SaaS data breach in the last 12 months is 5% higher than the previous year according to AppOmni.

Data breaches 201

Data breaches CISO 201

Krebs on Security

AUGUST 23, 2024

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time. Meaning, they are continuously sending their Windows usernames and passwords to domain names they do not control and which are freely available for anyone to register.

DNS 310

DNS Internet Internet Authentication 310

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

AUGUST 28, 2024

Matthew Green wrote a really good blog post on what Telegram’s encryption is and is not.

Encryption 305

Encryption 305

Troy Hunt

AUGUST 18, 2024

Whilst there definitely weren't 2.x billion people in the National Public Data breach, it is bad. It really is fascinating how much data can be collected and monetised in this fashion and as we've seen many times before, data breaches do often follow. The NPD incident has received a huge amount of exposure this week and as is often the case, there are some interesting turns; partial data sets, an actor turned data broker, a disclosure notice (almost) nobody can load and bad actors pedd

Data breaches 254

Data breaches Engineering 254

The Last Watchdog

AUGUST 20, 2024

The art of detecting subtle anomalies, predicting emergent vulnerabilities and remediating novel cyber-attacks is becoming more refined, day by day. Related: GenAI’s impact on elections It turns out that the vast datasets churned out by cybersecurity toolsets happen to be tailor-made for ingestion by Generative AI ( GenAI ) engines and Large Language Models ( LLMs.

Cybersecurity 182

Cybersecurity Cyber threats Unstructured Data Data privacy 182

Lohrman on Security

AUGUST 4, 2024

As Delta Air Lines, and many other public and private organizations, tally the business costs from the unprecedented incident caused by a CrowdStrike update, lawyers debate contract language.

Insurance 186

Insurance 186

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

AUGUST 16, 2024

NIST announces new post-quantum cryptography standards, marking a significant step in safeguarding data against future quantum computing threats.

Encryption 197

Encryption Artificial Intelligence Cybersecurity 197

Krebs on Security

AUGUST 13, 2024

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office ,NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself.

Internet 289

Internet Internet Malware Software 289

Schneier on Security

AUGUST 23, 2024

This site will let you take a selfie with a New York City traffic surveillance camera.

Surveillance 302

Surveillance 302

Troy Hunt

AUGUST 1, 2024

The ongoing scourge that is spyware (or, as it is commonly known, "stalkerware"), and the subsequent breaches that so often befall them continue to amaze me. More specifically, it's the way they tackle the non-consensual spying aspect of the service which, on the one hand is represented as a big "no-no" but on the others hand, the likes of Spytech in this week's update literally have a dedicated page for!

Spyware 224

Spyware Small Business Scams 224

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Last Watchdog

AUGUST 19, 2024

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.

Software 173

Software Internet Internet Accountability 173

Penetration Testing

AUGUST 28, 2024

A critical vulnerability (CVE-2024-43425) has been identified in Moodle, a widely-used Learning Management System. This flaw could enable attackers to execute malicious code on affected servers, potentially compromising sensitive student... The post CVE-2024-43425: Moodle Remote Code Execution Vulnerability, PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

AUGUST 20, 2024

ThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.

Ransomware 195

Ransomware 195

Krebs on Security

AUGUST 7, 2024

A partial selfie posted by Puchmade Dev to his Twitter account. Yes, that is a functioning handheld card skimming device, encrusted in diamonds. Underneath that are more medallions, including a diamond-studded bitcoin and payment card. In January, KrebsOnSecurity wrote about rapper Punchmade Dev , whose music videos sing the praises of a cybercrime lifestyle.

Banking 264

Banking Cybercrime Accountability Retail 264

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity