Troy Hunt

AUGUST 7, 2020

Let me just cut straight to it: I'm going to open source the Have I Been Pwned code base. The decision has been a while coming and it took a failed M&A process to get here, but the code will be turned over to the public for the betterment of the project and frankly, for the betterment of everyone who uses it. Let me explain why and how. HIBP is a Community Project I've been giving a great deal of thought to how I want this project to evolve lately, especially in the wake of the M&A proce

Passwords 363

Passwords Architecture Data breaches Internet 363

Krebs on Security

AUGUST 6, 2020

A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.

Accountability 350

Accountability Identity Theft Hacking Insurance 350

Adam Levin

AUGUST 7, 2020

The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk. Microsoft’s end of life (EOL) announcement for version 7 of its flagship Windows operating system means most customers still using it would no longer receive security updates or technical support. According to the FBI notification, continued use of the platform “creates the risk of criminal exploitation.”.

Risk 220

Risk Hacking Authentication Ransomware 220

Schneier on Security

AUGUST 3, 2020

Australia is reporting that a BlackBerry device has been cracked after five years: An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations. In April, new technology "capabilities" allowed authorities to probe the encrypted device.

Encryption 294

Encryption Technology 294

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

AUGUST 6, 2020

I love security. I love privacy. Consequently, it will come as no surprise that I love tools that help people achieve those objectives. Equally, I have no patience for false promises, and I've been very vocal about my feelings there: But one of them is literally called “Secure VPN”, how is this possible?! “Are You Using These VPN Apps? Personal Info Of 20 Million Users Leaked: That’s 1.2TB Data” [link] — Troy Hunt (@troyhunt) July 20, 2020 VPNs are a great example of where a tool can be us

VPN 297

VPN Marketing Encryption 297

Krebs on Security

AUGUST 3, 2020

A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers. The Blacklist Alliance provides technologies and services to marketing firms concerned about lawsuits under the Telephone Consumer Protection Act (TCPA), a 1991 law that restricts

Mobile 333

Mobile Marketing Consumer Protection Wireless 333

Schneier on Security

AUGUST 6, 2020

The NSA has issued an advisory on the risks of location data. Mitigations reduce, but do not eliminate, location tracking risks in mobile devices. Most users rely on features disabled by such mitigations, making such safeguards impractical. Users should be aware of these risks and take action based on their specific situation and risk tolerance. When location exposure could be detrimental to a mission, users should prioritize mission risk and apply location tracking mitigations to the greatest e

Risk 266

Risk Wireless Mobile Cybersecurity 266

Troy Hunt

AUGUST 7, 2020

What. A. Week. I've been absolutely non-stop publishing data breaches to HIBP whilst simultaneously putting in place the framework to start advising NordVPN on their cybers and open sourcing the HIBP code base at the same time (and a bunch of other more boring stuff that didn't make the cut). That's all explained in this week's update so I won't drill further into it here, there's obviously a couple of big announcements so if you have any questions, drop them in the comments below and I'll eithe

Data breaches 183

Data breaches 183

Adam Levin

AUGUST 5, 2020

Simple spelling errors in URLs can expose you to phishing, malware, and other kinds of cyber trickery. In the latest episode of Third Certainty, Adam Levin discusses typosquatting and how it can put your data security in jeopardy. The post Typosquatting – Third Certainty #24 appeared first on Adam Levin.

Phishing 164

Phishing Malware Cybersecurity 164

Tech Republic Security

AUGUST 3, 2020

One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone.

Engineering 212

Engineering Cybersecurity Malware 212

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

AUGUST 4, 2020

The Cambridge Cybercrime Centre has a series of papers on cybercrime during the coronavirus pandemic.

Cybercrime 246

Cybercrime 246

Security Affairs

AUGUST 4, 2020

Security researchers from threat intelligence firm Cyble have discovered user records of American online food ordering and delivery platform UberEats on DarkWeb. Another day, another data breach made the headlines, this time the alleged victim is UberEATS. UberEats is an American online food ordering and delivery platform launched by Uber in 2014. During the process of darkweb and deep web monitoring, the Cyble Research Team came across a threat actor who leaked user records of UberEATS.

Banking 145

Banking Data breaches Advertising Mobile 145

Adam Levin

AUGUST 5, 2020

The NSA has issued a cybersecurity advisory about the use of location data on personal devices, social media accounts, mobile applications, as well as Internet of Things-enabled devices. The advisory, titled “Limiting Location Data Exposure,” was released August 4. While it is directed at government officials, the advice could also help the general public mitigate risks to data and privacy posed by location-tracking technologies.

Cybersecurity 150

Cybersecurity Mobile Advertising Media 150

Tech Republic Security

AUGUST 4, 2020

Security firm recommends digital distancing for devices and more collaboration between IT and security teams to harden the attack surface.

Threat Reports 205

Threat Reports 205

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Threatpost

AUGUST 7, 2020

Fully opening the door to allow people to contribute to – and notably, tinker with – the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt.

Data breaches 128

Data breaches 128

Security Affairs

AUGUST 2, 2020

BleepingComputer researchers confirmed that Garmin has received the decryption key to recover their files encrypted with the WastedLocker Ransomware. BleepingComputer first revealed that Garmin has received the decryption key to recover the files encrypted with the WastedLocker Ransomware in the recent attack. On July 23, smartwatch and wearables maker Garmin has shut down several of its services due to a ransomware attack that targeted its internal network and some production systems.

Ransomware 145

Ransomware Encryption Advertising Software 145

Dark Reading

AUGUST 3, 2020

With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.

CISO 143

CISO Data collection 143

Tech Republic Security

AUGUST 6, 2020

Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.

178

178

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Jane Frankland

AUGUST 3, 2020

Words are power. They have energy, and whether we’re speaking, reading, and exposing ourselves to them, we can use them to build relationships, increase knowledge, and drive action. We can use them purposefully, intuitively and strategically. For good and for bad. Consider one of the most relevant words of the moment, crisis. Most dictionaries define it as: A time of intense difficulty or danger.

Cybersecurity 100

Cybersecurity Risk Technology Artificial Intelligence 100

Security Affairs

AUGUST 5, 2020

ZDNet reported in exclusive that a list of passwords for 900+ enterprise VPN servers has been shared on a Russian-speaking hacker forum. ZDNet has reported in exclusive that a list of plaintext usernames and passwords for 900 Pulse Secure VPN enterprise servers, along with IP addresses, has been shared on a Russian-speaking hacker forum. ZDNet has obtained a copy of the list with the help of threat intelligence firm KELA and verified confirmed the authenticity of the data.

VPN 144

VPN Passwords Banking Advertising 144

Elie

AUGUST 6, 2020

This talk showcases SCALD, our tool that leverages deep-learning explainability and dynamic execution to automatically find which parts of a crypto-hardware implementation is responsible for leaking the information exploited by side-channel attacks.

118

118

Tech Republic Security

AUGUST 3, 2020

The increased use of personal phones for work and the growth of mobile malware create a risk to organizations, says Gigamon.

Mobile 207

Mobile Malware Risk 207

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

AUGUST 5, 2020

By reverse-engineering apps intended for cyclists, security researchers found they could cause delays in at least 10 cities from anywhere in the world.

Engineering 132

Engineering Hacking 132

Security Affairs

AUGUST 2, 2020

A critical flaw in the wpDiscuz WordPress plugin could be exploited by remote attackers to execute arbitrary code and take over the hosting account. Security experts from Wordfence discovered a critical vulnerability impacting the wpDiscuz WordPress plugin that is installed on over 80,000 sites. The vulnerability could be exploited by attackers to execute arbitrary code remotely after uploading arbitrary files on servers hosting the vulnerable WordPress sites. wpDiscuz provides an Ajax real-time

Accountability 145

Accountability Advertising Account Security Hacking 145

Elie

AUGUST 5, 2020

In recent years, Side-Channel Attacks Assisted with Machine Learning aka SCAAML have been proven a very effective approach to carry-out side-channel attacks even against the toughest hardware cryptographic implementations in a semi-automatic manner. Building on this line of work, this talk showcases how to take it a step further and demonstrates how to combine the recent advances in deep-learning explainability with dynamic execution to quickly assess which parts of a hardware cryptographic impl

116

116

Tech Republic Security

AUGUST 5, 2020

New Tenable study says 94% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months; 46% weathered five or more attacks.

174

174

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Threatpost

AUGUST 5, 2020

During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.

Malware 117

Malware Phishing 117

Security Affairs

AUGUST 2, 2020

The FBI has issued a security alert about Netwalker ransomware attacks targeting U.S. and foreign government organizations. The FBI has issued a new security flash alert to warn of Netwalker ransomware attacks targeting U.S. and foreign government organizations. The feds are recommending victims, not to pay the ransom and reporting incidents to their local FBI field offices.

Ransomware 145

Ransomware VPN Advertising Government 145

WIRED Threat Level

AUGUST 6, 2020

A campaign called Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

Software 144

Software Hacking 144

Tech Republic Security

AUGUST 4, 2020

WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.

Phishing 199

Phishing 199

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity