Krebs on Security

MAY 6, 2020

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues. Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care , a leading provider of care to those suffering from ki

Ransomware 355

Ransomware Healthcare Cyber Attacks Manufacturing 355

Schneier on Security

MAY 4, 2020

This paper describes a SIGINT and code-breaking alliance between Denmark, Sweden, Germany, the Netherlands and France called Maximator: Abstract: This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark, Sweden, Germany, the Netherlands, and France.

264

264

Daniel Miessler

MAY 8, 2020

A lot of people are thinking about the security of their home network right now, and as one of the project leaders on the OWASP Internet of Things Security Project , I wanted to provide three levels of security you can do at home. The most important thing to realize about this list is that it’s top-heavy. The first one is far more important than the second, and the first three are far more important than the second three.

Passwords 255

Passwords DNS Accountability IoT 255

Tech Republic Security

MAY 5, 2020

Ahead of World Password Day, a survey finds management is worse than junior staff at practicing good password hygiene, according to SecureAuth.

Passwords 218

Passwords 218

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

MAY 8, 2020

Millions of Americans now filing for unemployment will receive benefits via a prepaid card issued by U.S. Bank , a Minnesota-based financial institution that handles unemployment payments for more than a dozen U.S. states. Some of these unemployment applications will trigger an automatic letter from U.S. Bank to the applicant. The letters are intended to prevent identity theft, but many people are mistaking these vague missives for a notification that someone has hijacked their identity.

Identity Theft 275

Identity Theft Banking Scams Accountability 275

Schneier on Security

MAY 8, 2020

Used Tesla components, sold on eBay, still contain personal information , even after a factory reset. This is a decades-old problem. It's a problem with used hard drives. It's a problem with used photocopiers and printers. It will be a problem with IoT devices. It'll be a problem with everything, until we decide that data deletion is a priority.

IoT 245

IoT 245

Tech Republic Security

MAY 4, 2020

More than 86,600 new domains related to the pandemic are considered "risky" or "malicious," according to a new report.

218

218

Troy Hunt

MAY 8, 2020

I went with the "just record it live" approach again this week and honestly, it's working out much better for me. It's easier to publish (no manual retrieval of audio and video from devices, no editing in Premier, no waiting for upload) and doing it in my office gets almost the same audio and video quality as the "old" way anyway. Plus, I get to interact with people whilst recording so all in all, I'm pretty happy with this approach.

VPN 190

VPN Accountability Hacking 190

Schneier on Security

MAY 5, 2020

Interesting story of malware hidden in Google Apps. This particular campaign is tied to the government of Vietnam. At a remote virtual version of its annual Security Analyst Summit, researchers from the Russian security firm Kaspersky today plan to present research about a hacking campaign they call PhantomLance, in which spies hid malware in the Play Store to target users in Vietnam, Bangladesh, Indonesia, and India.

Malware 239

Malware Spyware Phishing Government 239

Adam Levin

MAY 5, 2020

Hackers successfully breached the servers of a popular blogging platform and used them to mine cryptocurrency. Ghost, a Singapore-based blogging platform with 2,000,000 installations and 750,000 active users, announced that hackers had breached their systems. . “The mining attempt… quickly overloaded most of our systems which alerted us to the issue immediately,” the company announced May 3, adding that “[t]here is no direct evidence that private customer data, passwords or oth

Cryptocurrency 162

Cryptocurrency Hacking System Administration Passwords 162

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MAY 7, 2020

Passwords are no longer a secure method of identity verification, resulting in many organizations to turn to other tactics, Yubico found.

Passwords 217

Passwords 217

WIRED Threat Level

MAY 6, 2020

The system's use of GPS data could let hackers pinpoint who reports a positive diagnosis.

145

145

Schneier on Security

MAY 6, 2020

It's the twentieth anniversary of the ILOVEYOU virus, and here are three interesting articles about it and its effects on software design.

Software 234

Software Cybercrime Malware Cybersecurity 234

Adam Levin

MAY 7, 2020

It’s World Password Day, and much like every other day of the year, the state of password security is terrible. . Despite repeated warnings from security experts and IT departments, “123456” is still the most common password for the last seven years, narrowly edging out “password.”. The problem isn’t limited to easily guessed passwords: a recent study of remote workers found that 42 percent of employees physically write passwords down, 34 percent digitally capture them on their smartphones, and

Password Management 151

Password Management Passwords Accountability Account Security 151

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

MAY 8, 2020

A new attack discovered by Abnormal Security aims to steal account credentials from people who use the online document signing platform.

Phishing 213

Phishing Accountability 213

WIRED Threat Level

MAY 5, 2020

CAM4 has taken the server offline, but not before it leaked 7TB of user data.

145

145

Schneier on Security

MAY 7, 2020

This is a good explanation of an iOS bug that allowed someone to break out of the application sandbox. A summary: What a crazy bug, and Siguza's explanation is very cogent. Basically, it comes down to this: XML is terrible. iOS uses XML for Plists , and Plists are used everywhere in iOS (and MacOS). iOS's sandboxing system depends upon three different XML parsers, which interpret slightly invalid XML input in slightly different ways.

Malware 229

Malware Cybersecurity 229

Security Affairs

MAY 5, 2020

Security researchers spotted a new piece of DDoS bot dubbed Kaiji that is targeting IoT devices via SSH brute-force attacks. Last week, the popular security researcher MalwareMustDie and the experts at Intezer Labs spotted a new piece of malware dubbed Kaiji, that is targeting IoT devices via SSH brute-force attacks. The malicious code was designed to target Linux-based servers and Internet of Things (IoT) devices and use them as part of a DDoS botnet.

IoT 145

IoT Malware DDOS Advertising 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 5, 2020

An unauthorized person was able to access the login credentials of a number of accounts with the hosting company.

Data breaches 213

Data breaches Accountability 213

WIRED Threat Level

MAY 8, 2020

For real this time. Its sister conference, Black Hat, has also been called off.

144

144

Threatpost

MAY 8, 2020

The Shiny Hunters hacking group said it stole 500 GB of data from the tech giant’s repositories on the developer platform, which it owns.

Hacking 143

Hacking Accountability Data breaches Phishing 143

Security Affairs

MAY 5, 2020

GoDaddy has been notifying its customers of a data breach, threat actors might have compromised their web hosting account credentials. GoDaddy has been notifying its customers of a data breach, attackers might have compromised users’ web hosting account credentials. Headquartered in Scottsdale, Arizona, the Internet domain registrar and web hosting company claims to have over 19 million customers worldwide.

Data breaches 145

Data breaches Accountability Advertising Internet 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MAY 6, 2020

The rapid move to remote working has left many businesses more vulnerable to cybersecurity threats, with nearly half saying they've encountered at least one scare as a direct result of the shift.

Cybersecurity 212

Cybersecurity 212

Adam Levin

MAY 7, 2020

The online credentials for 68% of pharmaceutical executives analyzed for a study have been compromised recently. The study, conducted by cybersecurity firm Blackcloak, found that the email accounts of over two-thirds of pharmaceutical executives had been compromised within the last five to ten years. Of the compromised emails, 57% were found on the dark web and had been either cracked or stored in plaintext format.

Passwords 130

Passwords Data breaches Accountability Cybersecurity 130

Threatpost

MAY 8, 2020

Due to the coronavirus pandemic, there will be no in-person Black Hat USA or DEF CON conferences this year.

139

139

Security Affairs

MAY 2, 2020

Phishing attacks impersonating notifications from Microsoft Teams targeted as many as 50,000 Teams users to steal Office365 logins. Abnormal Security experts observed two separate phishing attacks impersonating notifications from Microsoft Teams that targeted as many as 50,000 Teams users to steal Office365 logins. The popularity of Microsoft Teams has spiked as a result of the smart working adopted by many organizations due to the COVID-19 pandemic.

Phishing 145

Phishing Advertising Financial Services Marketing 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

MAY 4, 2020

Cisco survey finds security experts at mid-sized companies have strong incident response plans and prioritize proactive threat hunting.

Cybersecurity 209

Cybersecurity 209

Adam Shostack

MAY 4, 2020

A New Hope, even! Happy Star Wars Day!

130

130

Threatpost

MAY 5, 2020

The domain registrar giant said that the breach started in October 2019.

Accountability 134

Accountability Hacking Data breaches Passwords 134

Security Affairs

MAY 3, 2020

A hacker has leaked the details of 15 million users registered on Tokopedia , an Indonesian technology company specializing in e-commerce. Tokopedia is an Indonesian technology company specializing in e-commerce, it currently operates Indonesia’s largest online store. The company has over 4200 employees and accounts for over 90 million active users every month.

Accountability 144

Accountability Hacking Passwords Data breaches 144

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity