Sat.Jan 23, 2021 - Fri.Jan 29, 2021

article thumbnail

A @TomNomNom Recon Tools Primer

Daniel Miessler

There are recon tools, and there are recon tools. @tomnomnom —also called Tom Hudson—creates the latter. I have great respect for large, multi-use suites like Burp , Amass , and Spiderfoot , but I love tools with the Unix philosophy of doing one specific thing really well. I think this granular approach is especially useful in recon. Related Talk: Mechanizing the Methodology.

Internet 364
article thumbnail

Joseph Steinberg Appointed To CompTIA Cybersecurity Advisory Council

Joseph Steinberg

Long-time cybersecurity-industry veteran, Joseph Steinberg , has been appointed by CompTIA, the information technology (IT) industry’s nonprofit trade association that has issued more than 2-million vendor-neutral IT certifications to date, to its newly-formed Cybersecurity Advisory Council. The council, comprised of 16 experts with a diverse set of experience and backgrounds, will provide guidance on how technology companies can both address pressing cybersecurity issues and threats, as well as

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Taxman Cometh for ID Theft Victims

Krebs on Security

The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.

Insurance 326
article thumbnail

Massive Brazilian Data Breach

Schneier on Security

I think this is the largest data breach of all time: 220 million people. ( Lots more stories are in Portuguese.).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Creating a LaMetric App with Cloudflare Workers and KV

Troy Hunt

I had this idea out of nowhere the other day that I should have a visual display somewhere in my office showing how many active Have I Been Pwned (HIBP) subscribers I presently have. Why? I'm not sure exactly, it just seemed like a good idea at the time. Perhaps in this era of remoteness I just wanted something a little more. present. More tangible than occasionally running a SQL query.

article thumbnail

Keyless Car Entry Systems May Allow Anyone To Open And Steal Your Vehicle

Joseph Steinberg

Hands-free car-entry systems that allow people to unlock their car doors without the need to push any buttons on the fob or car provide great convenience; at least during the winter, many people even store key fobs in their coats and do not even physically handle the fobs on a regular basis. Cars that allow such access typically utilize proximity to determine when to let people open their doors; when a corresponding fob (and, ostensibly the car’s owner) is close to a locked vehicle that ve

More Trending

article thumbnail

Dutch Insider Attack on COVID-19 Data

Schneier on Security

Insider data theft : Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. […]. According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases. They were working from home: “Because people are working from home, they can easily take photos of their screens.

article thumbnail

Weekly Update 228

Troy Hunt

Well, it kinda feels like we're back to the new normal that is 2021. I'm home, the kids are back at school and we're all still getting breached. We're breached so much that even when we're not breached but someone says we're breached, it genuinely looks like we're breached. Ok, that's a bit wordy but the Exodus thing earlier today was frustrating, not because a screen cap of an alleged breach notice was indistinguishable from a phish, but because of the way some people chose to react when I shar

article thumbnail

The Top 21 Security Predictions for 2021

Lohrman on Security

326
326
article thumbnail

Gartner: The future of AI is not as rosy as some might think

Tech Republic Security

A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.

213
213
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Including Hackers in NATO Wargames

Schneier on Security

This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks.

article thumbnail

The Future of Payments Security

Thales Cloud Protection & Licensing

The Future of Payments Security. madhav. Tue, 01/26/2021 - 09:17. Criminals use a wide range of methods to commit fraud. The increasing trend of using mobile payments for in-store purchases (especially during the pandemic) is leading criminals to increasingly focus their efforts on defrauding people through online fraud and scams. Fraud and scams move to the web.

Retail 143
article thumbnail

2020: The Year the COVID-19 Crisis Brought a Cyber Pandemic

Lohrman on Security

296
296
article thumbnail

2021 predictions: Quantifying and prioritizing cyber and business risk

Tech Republic Security

Every new year brings new challenges surrounding risk management. Learn how to protect your company and its assets with these tips from an industry insider.

Risk 211
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Police Have Disrupted the Emotet Botnet

Schneier on Security

A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware ­ regular themes include invoices, shipping notices and information about COVID-19.

Malware 246
article thumbnail

Emotet botnet takedown – what you need to know

Graham Cluley

Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as "the world's most dangerous malware", by taking control of its infrastructure. Read more in my article on the Tripwire State of Security blog.

Malware 145
article thumbnail

2020 Data Breaches Point to Cybersecurity Trends for 2021

Lohrman on Security

article thumbnail

Homebrew: How to install post-exploitation tools on macOS

Tech Republic Security

We'll guide you through the process of using Homebrew package manager to install post-exploit security tools on macOS to further assess compromised system vulnerabilities found in your Apple equipment.

196
196
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

North Korean hackers attempt to hack security researchers investigating zero-day vulnerabilities

Hot for Security

Threat experts at Google say that they have identified an ongoing hacking campaign that has targeted computer security experts, specifically those researching the very type of software vulnerabilities exploited by cybercriminals. Read more in my article on the Hot for Security blog.

Hacking 144
article thumbnail

Update your iPhone now to protect against vulnerabilities that hackers may have actively exploited

Graham Cluley

Apple is encouraging owners of iPhones and iPads to update their devices to the latest version of iOS and iPadOS in order to protect against serious vulnerabilities that could have already been actively exploited by malicious hackers.

Malware 145
article thumbnail

Cryptomining DreamBus botnet targets Linux servers

Security Affairs

Zscaler’s research team recently spotted a Linux-based malware family, tracked as DreamBus botnet, targeting Linux servers. Researchers at Zscaler’s ThreatLabZ research team recently analyzed a Linux-based malware family, tracked as DreamBus Botnet, which is a variant of SystemdMiner. The bot is composed of a series of Executable and Linkable Format (ELF) binaries and Unix shell scripts. .

article thumbnail

Distributed denial of service (DDoS) attacks: A cheat sheet

Tech Republic Security

This comprehensive guide covers different types of denial of service attacks, DDoS protection strategies, as well as why it matters for business.

DDOS 208
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Has COVID-19 Changed the Cybersecurity Industry Forever?

GlobalSign

Responding to the COVID crisis has put the cybersecurity world to the test. Unfortunately, there is a significant shortage of trained cybersecurity professionals, and this fact is not lost on the hackers.

article thumbnail

Ransomware: Analyzing the data from 2020

Digital Shadows

Note: This blog is a roundup of our quarterly ransomware series. You can also see our Q2 Ransomware Trends, Q3. The post Ransomware: Analyzing the data from 2020 first appeared on Digital Shadows.

article thumbnail

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

SC Magazine

Researchers at GRIMM have discovered multiple vulnerabilities – two of which could lead to remote code execution (RCE) – within the NITRO open source library that the Department of Defense and federal intelligence community use to exchange, store and transmit digital images collected by satellites. Two of the flaws “looked like they could lead to remote code execution,” said Adam Nichols, principal of the Software Security practice at GRIMM, who explained to SC Media that photos in the library a

Media 143
article thumbnail

5 data categories to learn for faster cybersecurity responses

Tech Republic Security

By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

A Look at the Legal Consequence of a Cyber Attack

The State of Security

Is your system 100% ready to face the severest cyber-attack and mitigate the risk of a possible data breach? If you are unsure about your cyber-safety structure, then it’s time to upgrade it. Otherwise, you could be at risk of lengthy legal battles that result in hefty fines. Beyond that, the cost in terms of […]… Read More. The post A Look at the Legal Consequence of a Cyber Attack appeared first on The State of Security.

article thumbnail

Ransomware attack hit WestRock IT and OT systems

Security Affairs

Packaging giant WestRock disclosed a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems. American corrugated packaging company WestRock announced it was the victim of a ransomware attack that impacted its information technology (IT) and operational technology (OT) systems. WestRock did not share details about the security incident, it only confirmed that its staff discovered the attack on January 23.

article thumbnail

Cryptojacking malware targeting cloud apps gets new upgrades, worming capability

SC Magazine

A piece of cryptojacking malware with a penchant for targeting the cloud has gotten some updates that makes it easier to spread and harder for organizations to detect when their cloud applications have been commandeered. New research from Palo Alto’s Unit 42 details how Pro-Ocean, which was used throughout 2018 and 2019 to illegally mine Monero from infected Linux machines, has been quietly updated by the threat actor Rocke Group after it was exposed by Cisco Talos and other threat researchers i

Malware 141
article thumbnail

Data Privacy Day: 10 experts give advice for protecting your business

Tech Republic Security

Data Privacy Day is dedicated to achieving sound privacy practices to protect businesses and customers. Learn insights from 10 experts in the field to help safeguard your company.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.