Krebs on Security
MARCH 12, 2020
Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.
Troy Hunt
MARCH 12, 2020
I hate dodgy WiFi, hate it with a passion. I finally lost my mind with it a few years ago now so I went and shelled out good money on the full suite of good Ubiquiti gear. I bought a security gateway to do DHCP, a couple of switches for all my connected things, 5 access points for my wireless things and a Cloud Key to control them all. I went overboard and I don't regret it one bit!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 13, 2020
Prepare for another attack on encryption in the U.S. The EARN-IT Act purports to be about protecting children from predation, but it's really about forcing the tech companies to break their encryption schemes: The EARN IT Act would create a "National Commission on Online Child Sexual Exploitation Prevention" tasked with developing "best practices" for owners of Internet platforms to "prevent, reduce, and respond" to child exploitation.
Adam Levin
MARCH 9, 2020
While ransomware and leaky or completely unprotected databases dominated headlines in 2019, e-skimmers quietly made a killing. A major e-skimming compromise was discovered on Macy’s website at the start of the holiday season in which hackers captured the payment information of a number of online shoppers. The retailer wasn’t alone. American Outdoor Brands, Puma, Ticketmaster UK, British Airways, Vision Direct, Newegg, and many, many others were also infected by e-skimmers.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Krebs on Security
MARCH 10, 2020
FBI officials last week arrested a Russian computer security researcher on suspicion of operating deer.io , a vast marketplace for buying and selling stolen account credentials for thousands of popular online services and stores. Kirill V. Firsov was arrested Mar. 7 after arriving at New York’s John F. Kennedy Airport, according to court documents unsealed Monday.
Troy Hunt
MARCH 13, 2020
Geez, where do you even begin given how the world has turned just in the last week? I spend a good quarter hour at the start of this video talking about what I'll be doing, namely getting on with business and running a bunch of public workshops remotely in conjunction with Scott Helme. I felt genuinely excited talking about this; they'll be less than half the price of in-person events, no travel, no accommodation costs and we've both run a heap of these remotely in the past too so this is a pret
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
MARCH 11, 2020
Speed is what digital transformation is all about. Organizations are increasingly outsourcing IT workloads to cloud service providers and looking to leverage IoT systems. Related: The API attack vector expands Speed translates into innovation agility. But it also results in endless ripe attack vectors which threat actors swiftly seek out and exploit.
Krebs on Security
MARCH 10, 2020
Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs. All told , this patch batch addresses at least 115 security flaws. Twenty-six of those earned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable
Tech Republic Security
MARCH 11, 2020
A Trend Micro report finds that spammers are using public and hosted cloud infrastructure to slip malicious emails past security defenses.
Schneier on Security
MARCH 12, 2020
This is a big deal: Whisper , the secret-sharing app that called itself the "safest place on the Internet," left years of users' most intimate confessions exposed on the Web tied to their age, location and other details, raising alarm among cybersecurity researchers that users could have been unmasked or blackmailed. [.]. The records were viewable on a non-password-protected database open to the public Web.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Last Watchdog
MARCH 12, 2020
It comes as no surprise that top cyber crime rings immediately pounced on the Coronavirus outbreak to spread a potent strain of malware via malicious email and web links. Related: Credential stuffing fuels cyber fraud IBM X-Force researchers shared details about how emails aimed at Japanese-speaking individuals have been widely dispersed purporting to share advice on infection-prevention measures for the disease.
Krebs on Security
MARCH 7, 2020
The federal agency in charge of issuing.gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own.gov domain. In November’s piece It’s Way Too Easy to Get a.gov Domain Name , an anonymous source detailed how he obtained one by impersonating an official at a small town in Rho
Tech Republic Security
MARCH 9, 2020
Legitimate-looking links from OneDrive, Google Drive, iCloud, and Dropbox slip by standard security measures.
Schneier on Security
MARCH 11, 2020
This is bad in several dimensions. The Los Angeles Department of Water and Power has been accused of deliberately keeping widespread gaps in its cybersecurity a secret from regulators in a large-scale coverup involving the city's mayor.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
MARCH 9, 2020
Security information and event management systems — SIEMs — have been around since 2005, but their time may have come at last. Related: Digital Transformation gives SIEMs a second wind After an initial failure to live up to their overhyped potential, SIEMs are perfectly placed to play a much bigger role today. Their capacity to ingest threat feeds is becoming more relevant with the rise of IoT (Internet of Things) systems and the vulnerabilities of old and new OT (operational technol
Security Affairs
MARCH 13, 2020
Experts discovered an Android Trojan, dubbed Cookiethief , that is able to gain root access on infected devices and hijack Facebook accounts. Security experts from Kaspersky recently discovered Android Trojan that was designed to gain root access on infected devices and hijack Facebook accounts by stealing cookies from the browser and the social media app. “We recently discovered a new strain of Android malware.
Tech Republic Security
MARCH 11, 2020
This year will be a big investment year for 5G for many manufacturers and network operators. Find out what the experts predict will happen next.
Schneier on Security
MARCH 9, 2020
Robert Chesney teaches cybersecurity at the University of Texas School of Law. He recently published a fantastic casebook, which is a good source for anyone studying this.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
MARCH 10, 2020
There just aren't enough certified cybersecurity pros to go around -- and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring managers share their top tips on recognizing solid candidates.
Security Affairs
MARCH 10, 2020
Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796 , is pre- remote code execution vulnerability that resides in the Server Message Block 3.0 (SMBv3) network communication protocol, the IT giant will not address the issue a
Tech Republic Security
MARCH 11, 2020
82% of women in cybersecurity jobs agree the industry has a gender bias problem. Fixing it would not only improve morale and confidence, but also result in an economic boost to the cybersecurity industry.
Threatpost
MARCH 11, 2020
A full 98 percent of all IoT device traffic is unencrypted, exposing personal and confidential data on the network.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
MARCH 11, 2020
Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.
Security Affairs
MARCH 9, 2020
Multiple state-sponsored hacking groups are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers. Cybersecurity firm Volexity is warning that nation-state actors are attempting to exploit a vulnerability recently addressed in Microsoft Exchange email servers tracked as CVE-2020-0688. The experts did not provide details on the threat actors that are exploiting the vulnerability, according ZDNet that cited a DOD source the attackers belong to prominent APT g
Tech Republic Security
MARCH 11, 2020
The Mirai botnet is known for targeting Internet of Things devices and conducting massive DDoS attacks, as described by cyberthreat researcher Check Point Research.
Threatpost
MARCH 13, 2020
Organizations are sending employees and students home to work and learn -- but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
WIRED Threat Level
MARCH 10, 2020
The end of Windows 7 support has hit health care extra hard, leaving several machines vulnerable.
Security Affairs
MARCH 13, 2020
The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Russia-linked APT group Turla employed two new pieces of malware in attacks launched over a period of roughly two months in the fall of 2019. The Turla APT group (aka Snake , Uroburos , Waterbug , Venomous Bear and KRYPTON ) has been active since at least 2007 targeting diplomatic and government organizations and private businesses in the Middle Ea
Tech Republic Security
MARCH 10, 2020
The organizers of the popular security conference, RSA, which drew over 36,000 people to San Francisco in February, confirmed that at least two people who attended have tested positive for COVID-19.
Threatpost
MARCH 13, 2020
The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus - but they actually infect victims with a custom RAT.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
364 
Let's personalize your content