Krebs on Security

APRIL 28, 2020

You may have heard that today’s phone fraudsters like to use use caller ID spoofing services to make their scam calls seem more believable. But you probably didn’t know that these fraudsters also can use caller ID spoofing to trick your bank into giving up information about recent transactions on your account — data that can then be abused to make their phone scams more believable and expose you to additional forms of identity theft.

Scams 363

Scams Banking Accountability Financial Services 363

Troy Hunt

APRIL 9, 2020

Hey, did you hear that Facebook are going to start using your personal photos in whatever way they see fit? For real, it's going to start tomorrow unless you act quickly! All you have to do is copy and paste this message onto your own Facebook page and wammo - they're not allowed to touch them! Ready? Here goes: "With this statement, I give notice to Facebook it is strictly forbidden to disclose, copy, distribute, or take any other action against me based on this profile and/or its contents.

Mobile 364

Mobile Media Scams Technology 364

Schneier on Security

APRIL 13, 2020

Google and Apple have announced a joint project to create a privacy-preserving COVID-19 contact tracing app. (Details, such as we have them, are here.) It's similar to the app being developed at MIT, and similar to others being described and developed elsewhere. It's nice seeing the privacy protections; they're well thought out. I was going to write a long essay about the security and privacy concerns, but Ross Anderson beat me to it.

279

279

The Last Watchdog

APRIL 16, 2020

Ransomware continues to endure as a highly lucrative criminal enterprise. Ransomware hacking groups extorted at least $144.35 million from U.S. organizations between January 2013 and July 2019. That’s the precise figure recently disclosed by the FBI — the true damage is almost certainly a lot steeper, given only a portion of cyber crimes ever get reported to law enforcement.

Ransomware 276

Ransomware Authentication Hacking Manufacturing 276

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Daniel Miessler

APRIL 9, 2020

I’ve been processing my thoughts on the Zoom Security stuff for a couple of weeks now, and I think I finally have an opinion. The hate is silly. Like I said, I sense something strange here. I get there are security issues. And some seem pretty bad. But the amount of highly-coordinated PR against the company feels more like an operation than regular criticism… The Spidey Sense is flaring for sure.

Manufacturing 246

Manufacturing Risk Media Marketing 246

Adam Levin

APRIL 13, 2020

Researchers at the cybersecurity firm Sucuri have uncovered a new set of e-skimming attacks targeting websites using the WordPress WooCommerce e-commerce plugin. E-skimming attacks typically use injected code on websites to intercept customer data as it is being entered by customers. This allows hackers to bypass otherwise secure encryption and steal credit card and personal information. .

Malware 244

Malware Marketing Encryption Cybersecurity 244

Troy Hunt

APRIL 16, 2020

Hot on the heels of onboarding the USA government to Have I Been Pwned last month , I'm very happy to welcome another national government - Iceland! As of today, Iceland's National Computer Security Incident Response Team ( CERT-IS ), now has access to the full gamut of their gov domains for both on-demand querying and ongoing monitoring. As with the USA and Iceland, I expect to continue onboarding additional governments over the course of 2020 and expanding their access to meaningful data about

Government 334

Government 334

Schneier on Security

APRIL 9, 2020

A few months ago, Brian Krebs told the story of the domain corp.com, and how it is basically a security nightmare: At issue is a problem known as " namespace collision ," a situation where domain names intended to be used exclusively on an internal company network end up overlapping with domains that can resolve normally on the open Internet. Windows computers on an internal corporate network validate other things on that network using a Microsoft innovation called Active Directory , which is th

DNS 279

DNS Wireless Internet Internet 279

The Last Watchdog

APRIL 7, 2020

Application programming interface. API. It’s the glue holding digital transformation together. Related: A primer on ‘credential stuffing’ APIs are the conduits for moving data to-and-fro in our digitally transformed world. APIs are literally everywhere in the digital landscape, and more are being created every minute. APIs connect the coding that enables the creation and implementation of new applications.

Mobile 266

Mobile Digital transformation Scams Accountability 266

Daniel Miessler

APRIL 29, 2020

If you want to have a productive discussion on a difficult topic, start by discarding the extremes. Very few want pure communism, pure market capitalism, zero taxes, or taxes to be doubled. If you start by accepting the solution will be a hybrid, you can often make progress, and it’s the same with this lockdown conversation. The lockdown sucks. Everyone knows that.

Risk 244

Risk Marketing Software Information Security 244

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

APRIL 28, 2020

Conscious of the state of employment during the pandemic, as well as after, Fortinet offers an opportunity to build skill sets from home.

Cybersecurity 218

Cybersecurity 218

Krebs on Security

APRIL 2, 2020

As the Coronavirus pandemic continues to force people to work from home, countless companies are now holding daily meetings using videoconferencing services from Zoom. But without the protection of a password, there’s a decent chance your next Zoom meeting could be “Zoom bombed” — attended or disrupted by someone who doesn’t belong.

Passwords 363

Passwords Media Technology Accountability 363

Troy Hunt

APRIL 30, 2020

I've written a bunch about COVID-19 contact tracing apps recently as they relate to security and privacy, albeit in the form of long tweets. I'm going to avoid delving into the details here because they're covered more comprehensively in the resources I want to consolidate below, firstly the original thread from a fortnight ago as news of an impending app in Australia was breaking: Ok folks, let's talk about the Coronavirus tracking app as news of Australia adopting Singapore's "Trac

Government 329

Government 329

Schneier on Security

APRIL 8, 2020

RSA-250 has been factored. This computation was performed with the Number Field Sieve algorithm, using the open-source CADO-NFS software. The total computation time was roughly 2700 core-years, using Intel Xeon Gold 6130 CPUs as a reference (2.1GHz): RSA-250 sieving: 2450 physical core-years. RSA-250 matrix: 250 physical core-years. The computation involved tens of thousands of machines worldwide, and was completed in a few months.

Software 279

Software Encryption 279

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

APRIL 13, 2020

We’ve come to rely on our smartphones to live out our digital lives, both professionally and personally. When it comes to securing mobile computing devices, the big challenge businesses have long grappled with is how to protect company assets while at the same time respecting an individual’s privacy. Reacting to the BYOD craze , mobile security frameworks have veered from one partially effective approach to the next over the past decade.

Mobile 205

Mobile Computers and Electronics Encryption Data privacy 205

Adam Levin

APRIL 15, 2020

The Covid-19 pandemic created an opportunity for hackers to target the newly remote workforce. Hospitals have been targeted by ransomware (despite initial assurances to the contrary), phishing scams are using pandemic-related scare tactics, and video conferencing apps have become the new go-to for everything from domain-spoofing attacks to zoombombing.

Phishing 195

Phishing Risk Malware Firewall 195

Tech Republic Security

APRIL 23, 2020

Ranging from ethical hacking to cloud security, these certs make it easier to get promoted and negotiate a higher salary.

Hacking 218

Hacking 218

Krebs on Security

APRIL 10, 2020

The U.S. federal government is now in the process of sending Economic Impact Payments by direct deposit to millions of Americans. Most who are eligible for payments can expect to have funds direct-deposited into the same bank accounts listed on previous years’ tax filings sometime next week. Today, the Internal Revenue Service (IRS) stood up a site to collect bank account information from the many Americans who don’t usually file a tax return.

Computers and Electronics 355

Computers and Electronics Banking Accountability Scams 355

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Troy Hunt

APRIL 6, 2020

If you're reading this, chances are you've arrived here from a link I sent you via email. That email would have been a reply to one you originally sent to me that would have sounded something like this: Hi, I came across your blog on [thing] and I must admit, it was really nicely written. I also have an article on [thing] and I think it would be a great addition to your blog.

Advertising 291

Advertising Internet Internet VPN 291

Schneier on Security

APRIL 30, 2020

The NSA just published a survey of video conferencing apps. So did Mozilla. Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud.

Internet 278

Internet Internet Encryption Accountability 278

The Last Watchdog

APRIL 9, 2020

There’s no stopping the Internet of Things now. Related: The promise, pitfalls of IoT Companies have commenced the dispersal of IoT systems far and wide. Data collected by IoT devices will increasingly get ingested into cloud-centric networks where it will get crunched by virtual servers. And fantastic new IoT-enabled services will spew out of the other end.

Internet 195

Internet Internet IoT Technology 195

Daniel Miessler

APRIL 16, 2020

I’ve been thinking a lot about this Zoom situation. It’s fascinating to me that millions are using it as a lifeboat to humanity while others label it a threat. Throughout the media you have people substituting their in-person events with virtual ones, and they all seem to be using Zoom. John Krasinski gave this medium a pulse when he had the entire cast of Hamilton perform together for a little girl.

Internet 190

Internet Internet Risk InfoSec 190

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

APRIL 24, 2020

A breach has impacted the accounts of some 160,000 Nintendo users. Here's what to do if you're one of them.

Accountability 218

Accountability Data breaches 218

Krebs on Security

APRIL 7, 2020

In February, KrebsOnSecurity told the story of a private citizen auctioning off the dangerous domain corp.com for the starting price of $1.7 million. Domain experts called corp.com dangerous because years of testing showed whoever wields it would have access to an unending stream of passwords, email and other sensitive data from hundreds of thousands of Microsoft Windows PCs at major companies around the globe.

DNS 338

DNS Wireless Risk Passwords 338

Troy Hunt

APRIL 10, 2020

Somehow this week's update ended up being 55 minutes, largely because of playing with a bunch of the new network gear and unboxing a pretty snazzy looking rack from 4Cabling. I get through with that then sit by the pool for the rest of this week's update. (And yes, I shaved!) Incidentally, there's some audio clipping occurring after I sit by the pool.

Passwords 284

Passwords 284

Schneier on Security

APRIL 24, 2020

OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location information with authorities for a period of time.

Surveillance 270

Surveillance Government 270

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Last Watchdog

APRIL 29, 2020

It can be argued that we live in a cloud-mobile business environment. Related: The ‘shared responsibility’ burden Most organizations are all caught up, to one degree or another, in migrating to hybrid cloud networks. And startups today typically launch with cloud-native IT infrastructure. Mobile comes into play everywhere. Employees, contractors, suppliers and customers consume and contribute from remote locations via their smartphones.

Mobile 193

Mobile CISO Risk Cloud Migration 193

Adam Levin

APRIL 6, 2020

Marriott International announced a data breach that may have exposed the information of 5.2 million guests. Among the information potentially compromised are names, birthdates, mailing addresses, phone numbers, email addresses, and birthdates. This is the second major data breach that Marriott has experienced in recent years; in 2018, the company announced that the information of 327 million customers of subsidiary Starwoodhad been compromised in a similar incident. .

Data breaches 187

Data breaches Financial Services Passwords Accountability 187

Tech Republic Security

APRIL 17, 2020

Zoom has become a household name because lots of people are working from home and using the video conferencing software. Here is your guide to Zoom basics, including its security vulnerabilities.

Software 218

Software 218

Krebs on Security

APRIL 30, 2020

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services.

Cybercrime 319

Cybercrime Computers and Electronics Marketing Scams 319

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity