Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files and contacts — even af

Phishing 261

Phishing Passwords Accountability Authentication 261

Adam Levin

JANUARY 9, 2020

Currency exchange giant Travelex has effectively been taken offline by a ransomware attack. . The attack was first detected the night of December 31. Soon after, the company took its systems offline. A week later, Travelex is processing transactions with pen and paper at its 1,200 branches located in more than 70 countries. . “To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.

Ransomware 157

Ransomware Encryption Insurance VPN 157

Schneier on Security

JANUARY 8, 2020

There's a new, practical, collision attack against SHA-1: In this paper, we report the first practical implementation of this attack, and its impact on real-world security with a PGP/GnuPG impersonation attack. We managed to significantly reduce the complexity of collisions attack against SHA-1: on an Nvidia GTX 970, identical-prefix collisions can now be computed with a complexity of 261.2rather than264.7, and chosen-prefix collisions with a complexity of263.4rather than267.1.

Encryption 224

Encryption Software 224

Tech Republic Security

JANUARY 10, 2020

Read insights from industry experts on how artificial intelligence and machine learning will help prevent cybersecurity breaches.

Artificial Intelligence 196

Artificial Intelligence Cybersecurity 196

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Krebs on Security

JANUARY 6, 2020

Organizations in the throes of cleaning up after a ransomware outbreak typically will change passwords for all user accounts that have access to any email systems, servers and desktop workstations within their network. But all too often, ransomware victims fail to grasp that the crooks behind these attacks can and frequently do siphon every single password stored on each infected endpoint.

Passwords 217

Passwords Ransomware Password Management Malware 217

Troy Hunt

JANUARY 10, 2020

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing. Instead, this week's update is focused primarily on a completely different epic fail, namely Surebet247's handling of a breach impacting their customers.

Passwords 138

Passwords 138

Adam Shostack

JANUARY 9, 2020

Today’s Threat Modeling Thursday is a podcast! I’m on The Humans of InfoSec Podcast, with Caroline Wong: The Human Element of Threat Modeling.

InfoSec 130

InfoSec 130

Krebs on Security

JANUARY 10, 2020

Federal investigators on Friday arrested a Virginia man accused of being part of a neo-Nazi group that targeted hundreds of people in “swatting” attacks, wherein fake bomb threats, hostage situations and other violent scenarios were phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.

Computers and Electronics 195

Computers and Electronics Internet Internet VPN 195

Tech Republic Security

JANUARY 9, 2020

At CES 2020, Patriot One Technologies explained its Patscan platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

Technology 144

Technology 144

Schneier on Security

JANUARY 6, 2020

Here's a physical-world example of why master keys are a bad idea. It's a video of two postal thieves using a master key to open apartment building mailboxes. Changing the master key for physical mailboxes is a logistical nightmare, which is why this problem won't be fixed anytime soon.

177

177

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Daniel Miessler

JANUARY 10, 2020

Being in security I think a lot about whether things are tools or weapons. The distinction applies to guns. It applies to encryption. It applies to offensive security tools. And it applies to technologies like machine learning and the use of AI-monitored cameras throughout society. The link I’m highlighting here is: Visibility plus Understanding --> Tools and Weapons Visibility means you have the opportunity to observe a given object or behavior, like a message sent between people, or peop

Internet 100

Internet Internet Engineering Encryption 100

The Security Ledger

JANUARY 9, 2020

Weak, stolen or reused passwords are the root of 8 in 10 data breaches. Fixing the data breach problem means abandoning passwords for something more secure. But what does passwordless authentication even look like? Yaser Masoudnia, the Senior Director Product Management, Identity Access Management, at LogMeIn* takes us there. The post Eliminate. Read the whole entry. » Related Stories Explained: Two-Factor vs.

Passwords 98

Passwords Data breaches Cyber Risk Authentication 98

Tech Republic Security

JANUARY 6, 2020

CES promises to be more exciting than ever this year. Key topics will likely include 5G, AI, blockchain, quantum computing, AR, and VR.

158

158

Schneier on Security

JANUARY 7, 2020

BusKill is designed to wipe your laptop (Linux only) if it is snatched from you in a public place: The idea is to connect the BusKill cable to your Linux laptop on one end, and to your belt, on the other end. When someone yanks your laptop from your lap or table, the USB cable disconnects from the laptop and triggers a udev script [ 1 , , 3 ] that executes a series of preset operations.

Authentication 173

Authentication 173

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JANUARY 8, 2020

The US has operated an extensive network of missile warning systems for over half a century, but next-generation missiles will put it to the test.

98

98

Security Affairs

JANUARY 8, 2020

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK. “ ATT&CK for ICS is a knowledge base useful for describing the actions an adversary may take while operatin

Advertising 98

Advertising Cyber Risk Engineering Cybersecurity 98

Tech Republic Security

JANUARY 10, 2020

At CES 2020, Patriot One Technologies explained its PATSCAN platform, which can detect hidden weapons and more without the perpetrator even knowing they've been scanned.

Technology 131

Technology 131

Dark Reading

JANUARY 9, 2020

Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.

Malware 100

Malware Wireless Government 100

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

WIRED Threat Level

JANUARY 10, 2020

A bad code update allowed anyone to easily reveal which accounts posted to Facebook Pages—including celebrities and politicians—for several hours. .

Accountability 97

Accountability 97

Security Affairs

JANUARY 7, 2020

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability , tracked as CVE-2019-2215 , in Android. Maddie Stone published technical details and a proof-of-concept exploit for the high-severity security vulnerability, seven days after she reported it to the colleagues of the Android security team.

Surveillance 98

Surveillance Advertising Marketing Encryption 98

Tech Republic Security

JANUARY 10, 2020

Attackers are creating phishing sites from Sway, an effective approach as links for the domain are typically trusted, says security firm Avanan.

Phishing 138

Phishing 138

Daniel Miessler

JANUARY 7, 2020

This is UL Member Content Subscribe Already a member? Login No related posts.

Information Security 100

Information Security 100

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

WIRED Threat Level

JANUARY 4, 2020

Router security has improved a bunch in recent years, but there are still steps you can take to lock yours down even better.

98

98

Thales Cloud Protection & Licensing

JANUARY 9, 2020

Microservices are changing how organizations are doing business. And nowhere was this more clear than at KubeCon in San Diego last year. Microservices 1 is a powerful technology that is the kernel for modern cloud architecture, and it’s going to drive how people build, manage and deploy secure apps. It’s changing the game for a lot of organizations, especially users and platform providers.

Architecture 105

Architecture Technology Marketing Education 105

Tech Republic Security

JANUARY 9, 2020

With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.

Accountability 114

Accountability Passwords 114

Security Affairs

JANUARY 9, 2020

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online. A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server having a Chinese IP address. The huge trove of data includes names, home addresses, phone numbers, and ages.

Advertising 95

Advertising Government Data breaches 95

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

WIRED Threat Level

JANUARY 9, 2020

A state-sponsored group called Magnallium has been probing American electric utilities for the past year.

Passwords 98

Passwords 98

Dark Reading

JANUARY 9, 2020

It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.

70

70

Tech Republic Security

JANUARY 10, 2020

The new features come from a partnership with security firm Avira, but they won't be free: They're part of a new package called HomeCare Pro.

115

115

Security Affairs

JANUARY 10, 2020

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that attackers continue to exploit the well known Pulse Secure VPN vulnerability tracked as CVE-2019-11510.

VPN 95

VPN InfoSec Advertising Cybersecurity 95

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity