CSO Magazine

MARCH 18, 2021

Editor's note: This article, originally published in July, 2018, has been updated to more accurately reflect recent trends. Deepfake definition. Deepfakes are fake videos or audio recordings that look and sound just like the real thing. Once the bailiwick of Hollywood special effects studios and intelligence agencies producing propaganda, like the CIA or GCHQ's JTRIG directorate, today anyone can download deepfake software and create convincing fake videos in their spare time.

Risk 145

Risk Software 145

The Hacker News

MARCH 15, 2021

Distributed Denial of Service (DDoS) attack is a malicious form of attack that disrupts the regular network traffic by overwhelming the website with more traffic than the server can handle. The main aim of this kind of cyberattack is to render the website inoperable. Over recent years, these kinds of attacks are increasing, fueling the demand for the best DDoS protection software solutions.

DDOS 145

DDOS Software Marketing 145

Krebs on Security

MARCH 16, 2021

SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of employees at mobile stores who can be tricked or bribed into swapping control over a mobile phone number to someone else. Now we’re learning about an entire ecosystem of companies that anyone could use to silently intercept text messages intended for other mobile users.

Telecommunications 363

Telecommunications Mobile Wireless Accountability 363

Schneier on Security

MARCH 17, 2021

Security researchers have recently discovered a botnet with a novel defense against takedowns. Normally, authorities can disable a botnet by taking over its command-and-control server. With nowhere to go for instructions, the botnet is rendered useless. But over the years, botnet designers have come up with ways to make this counterattack harder. Now the content-delivery network Akamai has reported on a new method: a botnet that uses the Bitcoin blockchain ledger.

Cryptocurrency 363

Cryptocurrency Media Government Firewall 363

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Joseph Steinberg

MARCH 15, 2021

The MAC address “device filtering” feature of your LAN’s router is unlikely to provide you with any significant security benefits – and, if you enable the feature, it may cause you heartaches. Recently, I participated in a (virtual) discussion about the security of home networks – an important topic as hundreds of millions of people around the world continue to work remotely due to the ongoing COVID-19 pandemic.

Wireless 360

Wireless Artificial Intelligence Encryption Passwords 360

Tech Republic Security

MARCH 15, 2021

Subtle cybersecurity concerns are in play when vetting candidates remotely for a position that entails working remotely. Learn what they are and what to do about them.

Cybersecurity 213

Cybersecurity 213

Schneier on Security

MARCH 15, 2021

Interesting research: “ Who Can Find My Devices? Security and Privacy of Apple’s Crowd-Sourced Bluetooth Location Tracking System “: Abstract: Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world’s largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet

Engineering 359

Engineering Internet Internet 359

Lohrman on Security

MARCH 14, 2021

Cyber Attacks 363

Cyber Attacks 363

Tech Republic Security

MARCH 19, 2021

Find out why cloud computing is leading IT security pros to reevaluate their in-house cybersecurity practices as well as resources provided by managed service providers.

Cybersecurity 203

Cybersecurity Risk 203

Krebs on Security

MARCH 15, 2021

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com , a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data on 24,000 customers who paid to access the service with a credit card.

Passwords 317

Passwords Accountability Hacking Data breaches 317

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Schneier on Security

MARCH 19, 2021

Vice is reporting on a cell phone vulnerability caused by commercial SMS services. One of the things these services permit is text message forwarding. It turns out that with a little bit of anonymous money — in this case, $16 off an anonymous prepaid credit card — and a few lies, you can forward the text messages from any phone to any other phone.

Authentication 300

Authentication Accountability Advertising Mobile 300

Security Boulevard

MARCH 19, 2021

If 2020 has taught us anything, it’s that anything can happen. Honestly, how many of us had, “I will do my best to avoid a global pandemic,” as a New Year’s resolution for 2020? That said, the chances that 2021 will be even more unpredictable are slim. So, we might as well indulge in setting. The post 3 Cybersecurity Goals for CISOs appeared first on Security Boulevard.

CISO 145

CISO Cybersecurity Phishing Mobile 145

Tech Republic Security

MARCH 17, 2021

App developers need to implement workarounds and create an understanding of the benefits of shared data, according to a new survey from AppsFlyer and Mobile Marketing Association.

Mobile 187

Mobile Marketing 187

Hot for Security

MARCH 19, 2021

The hacker who claimed responsibility for breaching the live video streams of 150,000 CCTV cameras at police departments, hospitals, and well-known businesses has been charged by the US Department of Justice with hacking more than 100 companies. Read more in my article on the Hot for Security blog.

Hacking 145

Hacking Data breaches 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

MARCH 18, 2021

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector.

Internet 282

Internet Internet Engineering 282

We Live Security

MARCH 18, 2021

The malware can grab login credentials for more than 450 apps and bypass SMS-based two-factor authentication. The post Beware Android trojan posing as Clubhouse app appeared first on WeLiveSecurity.

Authentication 145

Authentication Malware Mobile 145

Tech Republic Security

MARCH 16, 2021

The security company said the attacks were attributed to RedDelta and Mustang Panda, both of which are allegedly based in China.

Telecommunications 218

Telecommunications 218

Bleeping Computer

MARCH 17, 2021

Yesterday, a researcher disclosed a method of hiding up to three MB of data inside a Twitter image. In his demonstration, the researcher showed both MP3 audio files and ZIP archives contained within the PNG images hosted on Twitter. [.].

Technology 145

Technology 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

The Hacker News

MARCH 15, 2021

The U.S. Department of Justice (DoJ) on Friday announced an indictment against Jean-Francois Eap, the CEO of encrypted messaging company Sky Global, and an associate for wilfully participating in a criminal enterprise to help international drug traffickers avoid law enforcement.

Encryption 145

Encryption 145

Google Security

MARCH 17, 2021

Posted by Harshvardhan Sharma, Information Security Engineer, Google We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of Google Cloud Platform (GCP), in turn helping us make GCP more secure for our users, customers, and the internet at large. In the first iteration of the prize, we awarded $100,000 to the winning write-up about a security vulnerability in GCP.

Engineering 144

Engineering Accountability Authentication Internet 144

Tech Republic Security

MARCH 16, 2021

Isolating your hardware and your applications is a more effective way to prevent malware from infecting your critical endpoints, says HP.

Malware 207

Malware 207

Security Boulevard

MARCH 13, 2021

Protected with 2FA? Think Again. Two-factor authentication (2FA) is certainly a best practice for corporate security, but cybercriminals are also quite good at defeating it, often without a user’s knowledge. However 2FA is not a panacea and just like cyber awareness training, it is just one part of a total protection program. Assessing the risk […].

Phishing 145

Phishing Authentication Risk 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

CyberSecurity Insiders

MARCH 18, 2021

Spanish Data Protection Agency aka Agencia Espanola De Protection De Datos (AEPD) has penalized Vodafone Spain for failing to protect the data of its customers and for indulging in fraudulent telemarketing tactics. The amount pronounced by AEPD against Vodafone is $9.72m is highest fine ever witnessed in a country against a multinational firm. The telecommunication company will face a collective penalty because of 4 separate discrepancies in following rules – Two fines counting to $7.16m f

Telecommunications 144

Telecommunications IoT Mobile Marketing 144

We Live Security

MARCH 15, 2021

From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for? The post PayPal fraud: What merchants should know appeared first on WeLiveSecurity.

Scams 144

Scams 144

Tech Republic Security

MARCH 15, 2021

A Home.com survey found that while most understood the value and necessity of the investment in new tools and gadgets, there were quite a few who worried the technology would facilitate some kind of hack.

Technology 179

Technology Hacking 179

Security Boulevard

MARCH 17, 2021

Language. English. Tags: . <a href='/blog?tag=Cybersecurity'>Cybersecurity</a> <a href='/blog?tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=IT Security'>IT Security</a> Protecting customer data from loss and leakage has become a top priority for enterprises over the past decade.

Data breaches 144

Data breaches Ransomware Financial Services CISO 144

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

MARCH 13, 2021

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface) component of the Linux kernel, the issues could be exploited by local attackers with basic user privileges to gain root privileges on unpatched Linux systems.

Hacking 145

Hacking Accountability Technology Risk 145

CyberSecurity Insiders

MARCH 14, 2021

Quad Countries that constitute Japan, United States, India, and Australia were seen discussing cyberattacks on their national infrastructure at the virtual meet held by the White House at the end of last week. . Jake Sullivan, the security advisor to the United States said that quad nations were seen discussing seriously the shortage of semiconductors and the impact of state funded attacks on critical infrastructure. .

Cyber Attacks 144

Cyber Attacks Manufacturing Government Ransomware 144

Tech Republic Security

MARCH 17, 2021

Cybercriminals know they can make money with ransomware and keep getting bolder with their demands, says Palo Alto Networks' Unit 42.

Ransomware 207

Ransomware 207

The Hacker News

MARCH 18, 2021

Privacy-focused search engine DuckDuckGo called out rival Google for "spying" on users after the search giant updated its flagship app to spell out the exact kinds of information it collects for personalization and marketing purposes. "After months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app.

Marketing 144

Marketing Engineering 144

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity