Krebs on Security
DECEMBER 14, 2020
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds , a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.
Schneier on Security
DECEMBER 18, 2020
The NSA has published an advisory outlining how “malicious cyber actors” are “are manipulating trust in federated authentication environments to access protected data in the cloud.” This is related to the SolarWinds hack I have previously written about , and represents one of the techniques the SVR is using once it has gained access to target networks.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
DECEMBER 19, 2020
I'm live again! Well, I was live having found enough connectivity in Port Douglas to go back to streaming. I'll still be here next week too and will plan on doing a Christmas morning stream from the same location. I talk a bunch about the trip and what I'm seeing in Aus in the latter part of this video, it's a truly amazing place I'm only just getting to really see extensively now.
Adam Levin
DECEMBER 30, 2020
Hackers are using internet-connected home devices to livestream “swatting” attacks, according to the FBI. Swatting is a dangerous prank where emergency services are called to respond to a life threatening situation that requires immediate intervention by police and/or S.W.A.T. teams. In a public service announcement issued December 29, the FBI warned that “offenders have been using stolen e-mail passwords to access smart devices with cameras and voice capabilities and carry out swatting attacks.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
DECEMBER 10, 2020
From Apple to Google to Toyota, companies across the world are pouring resources into developing AI systems with machine learning. This comprehensive guide explains what machine learning really means.
Security Affairs
DECEMBER 31, 2020
Experts from Intezer discovered a new and self-spreading Golang-based malware that targets Windows and Linux servers. Experts from Intezer discovered a Golang-based worm that targets Windows and Linux servers. The malware has been active since early December targeting public-facing services, including MySQL, Tomcat admin panel and Jenkins that are protected with weak passwords.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Schneier on Security
DECEMBER 31, 2020
In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA: The open standard s/MIME as extension to de facto e-mail standard SMTP will be deployed to encrypt messages containing DNA profile information. The protocol s/MIME (V3) allows signed receipts, security labels, and secure mailing lists… The underlying certificate used by s/MIME mechanism has to be in compliance with X.509 standard… The processing rules for s/MIM
Troy Hunt
DECEMBER 11, 2020
Well this is different; a weekly update bereft of neon studio lighting and instead done from the great outdoors, complete with all sorts of animal noises and a (probably) drunk green tree frog. I picked one of my favourite travelling companions to join me this week, a little guy I last did one of these with in a very different environment back in Oslo earlier this year.
SecureWorld News
DECEMBER 15, 2020
When news broke a few days ago that IT management company SolarWinds was compromised in a supply chain cyber attack, we discovered that attackers accessed both the U.S Treasury Department and the Department of Commerce. Read the related story. Now we know that was just the start. Here are updates coming in: CISA emergency directive to unplug SolarWinds Orion products.
Tech Republic Security
DECEMBER 17, 2020
The COVID-19 crisis enabled scammers to take advantage of the guileless, as bad actors were able to extract personal information from targets, according to a new report from First Orion.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
DECEMBER 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor.
Krebs on Security
DECEMBER 16, 2020
A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code
Schneier on Security
DECEMBER 18, 2020
Gizmodo is reporting that schools in the US are buying equipment to unlock cell phones from companies like Cellebrite: Gizmodo has reviewed similar accounting documents from eight school districts, seven of which are in Texas, showing that administrators paid as much $11,582 for the controversial surveillance technology. Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices.
Threatpost
DECEMBER 23, 2020
Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
CompTIA on Cybersecurity
DECEMBER 22, 2020
As the dust settles on the Solar Winds Orion cyberattack, it's clear that the IT industry needs to take the next step and band together, sharing threat intelligence and cyber best practices to avoid similar hacks in the future.
Tech Republic Security
DECEMBER 9, 2020
A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape.
Security Affairs
DECEMBER 12, 2020
Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but despite the security patch has been released earlier this week many sites are yet to be patched.
Krebs on Security
DECEMBER 10, 2020
Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Schneier on Security
DECEMBER 17, 2020
The New York Times has more details. About 18,000 private and government users downloaded a Russian tainted software update – a Trojan horse of sorts – that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised. Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies.
WIRED Threat Level
DECEMBER 30, 2020
This year saw plenty of destructive hacking and disinformation campaigns—but amid a pandemic and a historic election, the consequences have never been graver.
Dark Reading
DECEMBER 14, 2020
An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies. What's on the horizon? They share with us their spending plans for 2021.
Tech Republic Security
DECEMBER 21, 2020
If you want to improve or expand your current skill set, there are a few options you can focus on. Tom Merritt lists five tech skills to master in the coming year.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Affairs
DECEMBER 8, 2020
The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions.
Krebs on Security
DECEMBER 4, 2020
The U.S. Internal Revenue Service (IRS) said this week that beginning in 2021 it will allow all taxpayers to apply for an identity protection personal identification number (IP PIN), a single-use code designed to block identity thieves from falsely claiming a tax refund in your name. Currently, IP PINs are issued only to those who fill out an ID theft affidavit, or to taxpayers who’ve experienced tax refund fraud in previous years.
Schneier on Security
DECEMBER 24, 2020
Interesting analysis of China’s efforts to identify US spies: By about 2010, two former CIA officials recalled, the Chinese security services had instituted a sophisticated travel intelligence program, developing databases that tracked flights and passenger lists for espionage purposes. “We looked at it very carefully,” said the former senior CIA official.
Threatpost
DECEMBER 30, 2020
Stolen email credentials are being used to hijack home surveillance devices, such as Ring, to call police with a fake emergency, then watch the chaos unfold.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
DECEMBER 21, 2020
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.
Tech Republic Security
DECEMBER 23, 2020
Jack Wallen takes one more opportunity to remind Android device owners to use those phones with a great deal of caution; otherwise, they could become victims of malware.
Security Affairs
DECEMBER 18, 2020
Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the offer for enormous repositories of critical medical that wee stolen from multiple organizations.
Krebs on Security
DECEMBER 2, 2020
For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Expert insights. Personalized for you.
363 
Let's personalize your content