Daniel Miessler
JANUARY 25, 2021
There are recon tools, and there are recon tools. @tomnomnom —also called Tom Hudson—creates the latter. I have great respect for large, multi-use suites like Burp , Amass , and Spiderfoot , but I love tools with the Unix philosophy of doing one specific thing really well. I think this granular approach is especially useful in recon. Related Talk: Mechanizing the Methodology.
Schneier on Security
JANUARY 26, 2021
I think this is the largest data breach of all time: 220 million people. ( Lots more stories are in Portuguese.).
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
JANUARY 25, 2021
Long-time cybersecurity-industry veteran, Joseph Steinberg , has been appointed by CompTIA, the information technology (IT) industry’s nonprofit trade association that has issued more than 2-million vendor-neutral IT certifications to date, to its newly-formed Cybersecurity Advisory Council. The council, comprised of 16 experts with a diverse set of experience and backgrounds, will provide guidance on how technology companies can both address pressing cybersecurity issues and threats, as well as
Krebs on Security
JANUARY 29, 2021
The unprecedented volume of unemployment insurance fraud witnessed in 2020 hasn’t abated, although news coverage of the issue has largely been pushed off the front pages by other events. But the ID theft problem is coming to the fore once again: Countless Americans will soon be receiving notices from state regulators saying they owe thousands of dollars in taxes on benefits they never received last year.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
JANUARY 27, 2021
Insider data theft : Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. […]. According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases. They were working from home: “Because people are working from home, they can easily take photos of their screens.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Joseph Steinberg
JANUARY 28, 2021
Hands-free car-entry systems that allow people to unlock their car doors without the need to push any buttons on the fob or car provide great convenience; at least during the winter, many people even store key fobs in their coats and do not even physically handle the fobs on a regular basis. Cars that allow such access typically utilize proximity to determine when to let people open their doors; when a corresponding fob (and, ostensibly the car’s owner) is close to a locked vehicle that ve
Schneier on Security
JANUARY 29, 2021
This essay makes the point that actual computer hackers would be a useful addition to NATO wargames: The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks.
Troy Hunt
JANUARY 28, 2021
Well, it kinda feels like we're back to the new normal that is 2021. I'm home, the kids are back at school and we're all still getting breached. We're breached so much that even when we're not breached but someone says we're breached, it genuinely looks like we're breached. Ok, that's a bit wordy but the Exodus thing earlier today was frustrating, not because a screen cap of an alleged breach notice was indistinguishable from a phish, but because of the way some people chose to react when I shar
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
JANUARY 25, 2021
SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks. Related: Digital certificates destined to play key role in securing DX. Thanks to a couple of milestone hacks disclosed at the close of 2020 and start of 2021, they will forever be associated with putting supply-chain vulnerabilities on the map.
Schneier on Security
JANUARY 28, 2021
A coordinated effort has captured the command-and-control servers of the Emotet botnet: Emotet establishes a backdoor onto Windows computer systems via automated phishing emails that distribute Word documents compromised with malware. Subjects of emails and documents in Emotet campaigns are regularly altered to provide the best chance of luring victims into opening emails and installing malware  regular themes include invoices, shipping notices and information about COVID-19.
Adam Shostack
JANUARY 28, 2021
For Data Breach Today, I spoke with Anna Delaney about threat modeling for issues that are in the news right now: “Does your organization have a plan in place if one of your employees is accused via Twitter of being an insurrectionist? If your software was being used to spread plans for a riot, could you detect that? Threat modeling expert Adam Shostack discusses how companies should be prepared to respond to issues in the news.” Threat Modeling for Social Issues.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
JANUARY 29, 2021
By knowing the different types of data, it can help your company protect itself from breaches and better recover from a cyberattack.
Schneier on Security
JANUARY 29, 2021
Apple has added added security features to mitigate the risk of zero-click iMessage attacks. Apple did not document the changes but Groß said he fiddled around with the newest iOS 14 and found that Apple shipped a “significant refactoring of iMessage processing” that severely cripples the usual ways exploits are chained together for zero-click attacks.
Zero Day
JANUARY 29, 2021
FonixCrypter gang claimed it shut down and deleted their ransomware's source code.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JANUARY 27, 2021
Active accounts for people who have left your organization are ripe for exploitation, according to Sophos.
Graham Cluley
JANUARY 28, 2021
Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as "the world's most dangerous malware", by taking control of its infrastructure. Read more in my article on the Tripwire State of Security blog.
Zero Day
JANUARY 29, 2021
After the discovery of NAT Slipstreaming 2.0 attack this week, Google says it will block Chrome traffic on ports 69, 137, 161, 1719, 1720, 1723, 6566, and 10080.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Tech Republic Security
JANUARY 29, 2021
The highly sophisticated SolarWinds attack was designed to circumvent threat detection—and it did, for much too long. Two cybersecurity experts share some valuable lessons learned from the attack.
The Hacker News
JANUARY 28, 2021
With so much of the world transitioning to working, shopping, studying, and streaming online during the coronavirus pandemic, cybercriminals now have access to a larger base of potential victims than ever before. "Zoombomb" became the new photobomb—hackers would gain access to a private meeting or online class hosted on Zoom and shout profanities and racial slurs or flash pornographic images.
Zero Day
JANUARY 28, 2021
Security firm Clearsky said they identified at least 250 servers hacked by Lebanese Cedar, a hacking group linked to the Hezbollah militant group.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tech Republic Security
JANUARY 25, 2021
A Gartner report predicts that the second-order consequences of widespread AI will have massive societal impacts, to the point of making us unsure if and when we can trust our own eyes.
WIRED Threat Level
JANUARY 27, 2021
Because the chat app doesn't encrypt conversations by default—or at all for group chats—security professionals often warn against it.
Zero Day
JANUARY 28, 2021
Pretending to be someone you’re not online could, one day, land you in hot water.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
364 
Let's personalize your content