Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even af

Phishing 276

Phishing Passwords Accountability Authentication 276

Tech Republic Security

JANUARY 10, 2020

Read insights from industry experts on how artificial intelligence and machine learning will help prevent cybersecurity breaches.

Artificial Intelligence 205

Artificial Intelligence Cybersecurity 205

Schneier on Security

JANUARY 8, 2020

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7, and chosen-prefix collisions with a complexity of263.4rather than267.1.

Encryption 178

Encryption Software 178

Adam Levin

JANUARY 9, 2020

Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. . The attack was first detected the night of December 31. Soon after, the company took its systems offline. A week later, Travelex is processing transactions with pen and paper at its 1,200 branches located in more than 70 countries. . “To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.

Ransomware 157

Ransomware Encryption Insurance VPN 157

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint.

Passwords 231

Passwords Ransomware Password Management Malware 231

Tech Republic Security

JANUARY 9, 2020

Commentary: Rust keeps getting hotter. Here are a few of the top reasons.

166

166

Troy Hunt

JANUARY 10, 2020

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing. Instead, this week's update is focused primarily on a completely different epic fail, namely Surebet247's handling of a breach impacting their customers.

Passwords 138

Passwords 138

Krebs on Security

JANUARY 10, 2020

Federal investigators on Friday arrested a Virginia man accused of being part of a neo-Nazi group that targeted hundreds of people in “swatting” attacks, wherein fake bomb threats, hostage situations and other violent scenarios were phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

Computers and Electronics 201

Computers and Electronics Internet Internet VPN 201

Tech Republic Security

JANUARY 6, 2020

CES promises to be more exciting than ever this year. Key topics will likely include 5G, AI, blockchain, quantum computing, AR, and VR.

164

164

Schneier on Security

JANUARY 6, 2020

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

143

143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Adam Shostack

JANUARY 9, 2020

Today’s Threat Modeling Thursday is a podcast! I’m on The Humans of InfoSec Podcast, with Caroline Wong: The Human Element of Threat Modeling.

InfoSec 130

InfoSec 130

WIRED Threat Level

JANUARY 5, 2020

total control.

Internet 101

Internet Internet 101

Tech Republic Security

JANUARY 10, 2020

At CES 2020, Patriot One Technologies explained its PATSCAN platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

Technology 150

Technology 150

Schneier on Security

JANUARY 7, 2020

BusKill is designed to wipe your laptop (Linux only) if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [ 1 , , 3 ] that executes a series of preset operations.

Authentication 139

Authentication 139

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Dark Reading

JANUARY 9, 2020

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.

Malware 100

Malware Wireless Government 100

Daniel Miessler

JANUARY 10, 2020

Being in security I think a lot about whether things are tools or weapons. The distinction applies to guns. It applies to encryption. It applies to offensive security tools. And it applies to technologies like machine learning and the use of AI-monitored cameras throughout society. The link I’m highlighting here is: Visibility plus Understanding --> Tools and Weapons Visibility means you have the opportunity to observe a given object or behavior, like a message sent between people, or peop

Internet 100

Internet Internet Engineering Encryption 100

Tech Republic Security

JANUARY 7, 2020

You can sign into Windows 10 via your face, as long as your computer has a supported camera.

149

149

WIRED Threat Level

JANUARY 10, 2020

A bad code update allowed anyone to easily reveal which accounts posted to Facebook Pages—including celebrities and politicians—for several hours. .

Accountability 99

Accountability 99

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Security Ledger

JANUARY 9, 2020

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like? Yaser Masoudnia, the Senior Director Product Management, Identity Access Management, at LogMeIn* takes us there. The post Eliminate. Read the whole entry. » Related Stories Explained: Two-Factor vs.

Passwords 98

Passwords Data breaches Cyber Risk Authentication 98

Daniel Miessler

JANUARY 7, 2020

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Tech Republic Security

JANUARY 9, 2020

At CES 2020, Patriot One Technologies explained its Patscan platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

Technology 147

Technology 147

WIRED Threat Level

JANUARY 9, 2020

A state-sponsored group called Magnallium has been probing American electric utilities for the past year.

Passwords 99

Passwords 99

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

JANUARY 8, 2020

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK. “ ATT&CK for ICS is a knowledge base useful for describing the actions an adversary may take while operatin

Advertising 98

Advertising Cyber Risk Engineering Cybersecurity 98

Thales Cloud Protection & Licensing

JANUARY 9, 2020

Microservices are changing how organizations are doing business. And nowhere was this more clear than at KubeCon in San Diego last year. Microservices 1 is a powerful technology that is the kernel for modern cloud architecture, and it’s going to drive how people build, manage and deploy secure apps. It’s changing the game for a lot of organizations, especially users and platform providers.

Architecture 81

Architecture Technology Marketing Education 81

Tech Republic Security

JANUARY 10, 2020

Attackers are creating phishing sites from Sway, an effective approach as links for the domain are typically trusted, says security firm Avanan.

Phishing 144

Phishing 144

WIRED Threat Level

JANUARY 4, 2020

Router security has improved a bunch in recent years, but there are still steps you can take to lock yours down even better.

99

99

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. Maddie Stone published technical details and a proof-of-concept exploit for the high-severity security vulnerability, seven days after she reported it to the colleagues of the Android security team.

Surveillance 98

Surveillance Advertising Marketing Encryption 98

Threatpost

JANUARY 9, 2020

Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out.

Encryption 77

Encryption 77

Tech Republic Security

JANUARY 9, 2020

How the Advanced Threat Research Team can stop hackers from stealing personal data from a wearable device.

131

131

WIRED Threat Level

JANUARY 10, 2020

Mark Zuckerberg promised default end-to-end encryption throughout Facebook's platforms. Nearly a year later, Messenger's not even close.

Encryption 98

Encryption 98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity