Troy Hunt

AUGUST 7, 2020

Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. Let me explain why and how. HIBP is a Community Project I've been giving a great deal of thought to how I want this project to evolve lately, especially in the wake of the M&A proce

Passwords 363

Passwords Architecture Data breaches Internet 363

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

Accountability 352

Accountability Identity Theft Hacking Insurance 352

Schneier on Security

AUGUST 3, 2020

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations. In April, new technology "capabilities" allowed authorities to probe the encrypted device.

Encryption 232

Encryption Technology 232

Adam Levin

AUGUST 7, 2020

The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk. Microsoft’s end of life (EOL) announcement for version 7 of its flagship Windows operating system means most customers still using it would no longer receive security updates or technical support. According to the FBI notification, continued use of the platform “creates the risk of criminal exploitation.”.

Risk 220

Risk Hacking Authentication Ransomware 220

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Troy Hunt

AUGUST 6, 2020

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! “Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” [link] — Troy Hunt (@troyhunt) July 20, 2020 VPNs are a great example of where a tool can be us

VPN 298

VPN Marketing Encryption 298

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers. The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts

Mobile 337

Mobile Marketing Consumer Protection Wireless 337

Schneier on Security

AUGUST 6, 2020

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. When location exposure could be detrimental to a mission, users should prioritize mission risk and apply location tracking mitigations to the greatest e

Risk 207

Risk Wireless Mobile Cybersecurity 207

Troy Hunt

AUGUST 7, 2020

What. A. Week. I've been absolutely non-stop publishing data breaches to HIBP whilst simultaneously putting in place the framework to start advising NordVPN on their cybers and open sourcing the HIBP code base at the same time (and a bunch of other more boring stuff that didn't make the cut). That's all explained in this week's update so I won't drill further into it here, there's obviously a couple of big announcements so if you have any questions, drop them in the comments below and I'll eithe

Data breaches 202

Data breaches 202

Adam Levin

AUGUST 5, 2020

Simple spelling errors in URLs can expose you to phishing, malware, and other kinds of cyber trickery. In the latest episode of Third Certainty, Adam Levin discusses typosquatting and how it can put your data security in jeopardy. The post Typosquatting – Third Certainty #24 appeared first on Adam Levin.

Phishing 164

Phishing Malware Cybersecurity 164

Tech Republic Security

AUGUST 3, 2020

The increased use of personal phones for work and the growth of mobile malware create a risk to organizations, says Gigamon.

Mobile 214

Mobile Malware Risk 214

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

AUGUST 4, 2020

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic.

Cybercrime 195

Cybercrime 195

WIRED Threat Level

AUGUST 6, 2020

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

Software 145

Software Hacking 145

Adam Levin

AUGUST 5, 2020

The NSA has issued a cybersecurity advisory about the use of location data on personal devices, social media accounts, mobile applications, as well as Internet of Things-enabled devices. The advisory, titled “Limiting Location Data Exposure,” was released August 4. While it is directed at government officials, the advice could also help the general public mitigate risks to data and privacy posed by location-tracking technologies.

Cybersecurity 150

Cybersecurity Mobile Advertising Media 150

Tech Republic Security

AUGUST 3, 2020

One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone.

Engineering 213

Engineering Cybersecurity Malware 213

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

AUGUST 4, 2020

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.

Banking 145

Banking Data breaches Advertising Mobile 145

WIRED Threat Level

AUGUST 5, 2020

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.

Engineering 145

Engineering Hacking 145

Dark Reading

AUGUST 3, 2020

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

CISO 143

CISO Data collection 143

Tech Republic Security

AUGUST 4, 2020

Security firm recommends digital distancing for devices and more collaboration between IT and security teams to harden the attack surface.

Threat Reports 212

Threat Reports 212

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

VPN 145

VPN Passwords Banking Advertising 145

WIRED Threat Level

AUGUST 2, 2020

Every browser has a private mode—but the privacy it offers has a limit.

141

141

Threatpost

AUGUST 3, 2020

The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.

Ransomware 136

Ransomware Malware Hacking 136

Tech Republic Security

AUGUST 4, 2020

WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.

Phishing 208

Phishing 208

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems.

Ransomware 145

Ransomware Encryption Advertising Software 145

WIRED Threat Level

AUGUST 1, 2020

As ransomware groups turn their attention to bigger game, expect more high-profile targets to fall.

Hacking 141

Hacking Ransomware 141

Dark Reading

AUGUST 4, 2020

Default configurations can be massive vulnerabilities. Here are a half dozen to check on for your network.

128

128

Tech Republic Security

AUGUST 3, 2020

The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more.

Software 207

Software Technology 207

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

AUGUST 2, 2020

A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account. Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites. The vulnerability could be exploited by attackers to execute arbitrary code remotely after uploading arbitrary files on servers hosting the vulnerable WordPress sites. wpDiscuz provides an Ajax real-time

Accountability 145

Accountability Advertising Account Security Hacking 145

WIRED Threat Level

AUGUST 6, 2020

The story of a guy who wouldn't let a few quintillion possible decryption keys stand between him and his cryptocurrency.

Cryptocurrency 141

Cryptocurrency 141

Threatpost

AUGUST 7, 2020

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

Data breaches 128

Data breaches 128

Tech Republic Security

AUGUST 6, 2020

Despite the FBI announcement, hospitals, schools, and government offices across the world still use Windows 7.

Government 204

Government 204

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity